cidaas-javascript-sdk 3.0.4 → 3.0.5

package/CHANGELOG.md

@@ -1,6 +1,6 @@
-## [3.0.4](https://gitlab.widas.de/cidaas-public-devkits/cidaas-public-sdks/cidaas-javascript-sdk/compare/v3.0.3...v3.0.4) (2023-06-15)
+## [3.0.5](https://gitlab.widas.de/cidaas-public-devkits/cidaas-public-sdks/cidaas-javascript-sdk/compare/v3.0.4...v3.0.5) (2023-08-04)
 
 
 ### Bug Fixes
 
-* cidaas v3 support and interface adjustment ([07811ef](https://gitlab.widas.de/cidaas-public-devkits/cidaas-public-sdks/cidaas-javascript-sdk/commit/07811efe9a8bcb0f95aab9f779ad6502313ff7bf))
+* store code verifier in pkce flow ([f6f7835](https://gitlab.widas.de/cidaas-public-devkits/cidaas-public-sdks/cidaas-javascript-sdk/commit/f6f783507e6b3d7bc3bf24140e546951d71dd4b5))

package/README.md

@@ -1,14 +1,18 @@
+![Logo](logo.jpg)
+
 ## About cidaas:
 [cidaas](https://www.cidaas.com)
  is a fast and secure Cloud Identity & Access Management solution that standardises what’s important and simplifies what’s complex.
- ## Feature set includes:
+
+## Feature set includes:
 * Single Sign On (SSO) based on OAuth 2.0, OpenID Connect, SAML 2.0 
 * Multi-Factor-Authentication with more than 14 authentication methods, including TOTP and FIDO2 
 * Passwordless Authentication 
 * Social Login (e.g. Facebook, Google, LinkedIn and more) as well as Enterprise Identity Provider (e.g. SAML or AD) 
 * Security in Machine-to-Machine (M2M) and IoT
 
-## cidaas-javascript-sdk
+# Cidaas Javascript SDK
+
 This cidaas Javascript SDK library is built on the top of [OIDC client javascript library](https://github.com/IdentityModel/oidc-client-js). 
 
 #### Requirements
@@ -2578,4 +2582,4 @@ The SDK will throws Custom Exception if something went wrong during the operatio
 | HTTP Status Code | When could it be thrown |
 |----------------- | ----------------------- |
 |  500 | during creation of WebAuth instance |
-|  417 | if there are any other failure |
+|  417 | if there are any other failure |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cidaas-javascript-sdk",
-  "version": "3.0.4",
+  "version": "3.0.5",
   "author": "cidaas by Widas ID GmbH",
   "description": "Cidaas native javascript sdk",
   "license": "MIT",

package/src/main/authentication/index.ts

@@ -44,7 +44,7 @@ export class Authentication {
         return new Promise((resolve, reject) => {
             try {
                 if (this.userManager) {
-                    this.userManager.signinRedirectCallback(this.webAuthSettings.redirect_uri)
+                    this.userManager.signinRedirectCallback()
                         .then(function (user: any) {
                             if (user) {
                                 resolve(user);

package/src/main/web-auth/TokenService.ts

@@ -48,7 +48,6 @@ export namespace TokenService {
         }
         options.client_id = window.webAuthSettings.client_id;
         options.redirect_uri = window.webAuthSettings.redirect_uri;
-        options.code_verifier = this.code_verifier;
         options.grant_type = "authorization_code";
         var http = new XMLHttpRequest();
         var _serviceURL = window.webAuthSettings.authority + "/token-srv/token";
@@ -62,7 +61,14 @@ export namespace TokenService {
         if (window.localeSettings) {
           http.setRequestHeader("accept-language", window.localeSettings);
         }
-        http.send(JSON.stringify(options));
+        if (!window.webAuthSettings.disablePKCE) {
+          window.usermanager._client.createSigninRequest(window.webAuthSettings).then((signInRequest: any) => {
+            options.code_verifier = signInRequest.state?.code_verifier;
+            http.send(JSON.stringify(options));
+          }) 
+        } else {
+          http.send(JSON.stringify(options));
+        }
       } catch (ex) {
         reject(ex);
       }

package/src/main/web-auth/WebAuth.ts

@@ -40,8 +40,6 @@ import {
 
 export class WebAuth {
 
-  private code_verifier: string;
-
   constructor(settings: UserManagerSettings & { mode?: string, cidaas_version: number }) {
     try {
       var usermanager = new UserManager(settings)
@@ -60,21 +58,6 @@ export class WebAuth {
     }
   }
 
-  /**
-   * generate code verifier
-   */
-  private generateCodeVerifier() {
-    this.code_verifier = crypto.randomUUID().replace(/-/g, "");
-  };
-
-  /**
-   * @param code_verifier 
-   * @returns 
-   */
-  private generateCodeChallenge(code_verifier: string) {
-    return this.base64URL(CryptoJS.SHA256(code_verifier));
-  };
-
   /**
  * @param string 
  * @returns 
@@ -249,19 +232,19 @@ export class WebAuth {
     if (!settings.scope) {
       settings.scope = "email openid profile mobile";
     }
-
-    this.generateCodeVerifier();
-
-    var loginURL = settings.authority + "/authz-srv/authz?client_id=" + settings.client_id;
-    loginURL += "&redirect_uri=" + settings.redirect_uri;
-    loginURL += "&nonce=" + new Date().getTime().toString();
-    loginURL += "&response_type=" + settings.response_type;
-    loginURL += "&code_challenge=" + this.generateCodeChallenge(this.code_verifier);
-    loginURL += "&code_challenge_method=S256";
-    if (settings.response_mode && settings.response_mode == 'query') {
-      loginURL += "&response_mode=" + settings.response_mode;
+    var loginURL = "";
+    window.usermanager._client.createSigninRequest(settings).then((signInRequest: any) => {
+      loginURL = signInRequest.url;
+    }) 
+    var timeRemaining = 5000
+    while(timeRemaining > 0) {
+      if (loginURL) {
+        break;
+      }
+      setTimeout(() => {
+        timeRemaining -= 100
+      }, 100);
     }
-    loginURL += "&scope=" + settings.scope;
     return loginURL;
   };
 

package/types/main/authentication/index.js

@@ -49,7 +49,7 @@ var Authentication = /** @class */ (function () {
         return new Promise(function (resolve, reject) {
             try {
                 if (_this.userManager) {
-                    _this.userManager.signinRedirectCallback(_this.webAuthSettings.redirect_uri)
+                    _this.userManager.signinRedirectCallback()
                         .then(function (user) {
                         if (user) {
                             resolve(user);

package/types/main/web-auth/Entities.d.ts

@@ -1,10 +1,10 @@
-export declare class AcceptResetPasswordEntity {
+export interface AcceptResetPasswordEntity {
     resetRequestId: string;
     exchangeId: string;
     password: string;
     confirmPassword: string;
-    provider: string;
-    requestId: string;
+    provider?: string;
+    requestId?: string;
 }
 export declare class AccessTokenRequest {
     grant_type?: string;
@@ -71,20 +71,20 @@ export interface IDeviceRequest {
     deviceType: string;
 }
 export type AccountVerificationRequestEntity = {
-    email: string;
-    mobile: string;
-    phone: string;
-    username: string;
-    verificationMedium: string;
-    processingType: string;
-    requestId: string;
-    client_id: string;
-    redirect_uri: string;
-    response_type: string;
+    email?: string;
+    mobile?: string;
+    phone?: string;
+    username?: string;
+    verificationMedium?: string;
+    processingType?: string;
+    requestId?: string;
+    client_id?: string;
+    redirect_uri?: string;
+    response_type?: string;
     sub: string;
-    templateKey: string;
-    name: string;
-    accept_language: string;
+    templateKey?: string;
+    name?: string;
+    accept_language?: string;
 };
 export interface ChangePasswordEntity {
     sub: string;
@@ -346,30 +346,30 @@ export interface LoginFormRequestEntity {
     username: string;
     password: string;
     requestId: string;
-    provider: string;
-    captcha: string;
-    username_type: string;
-    field_key: string;
-    bot_captcha_response: string;
-    csrf_token: string;
+    provider?: string;
+    captcha?: string;
+    username_type?: string;
+    field_key?: string;
+    bot_captcha_response?: string;
+    csrf_token?: string;
     dc?: string;
     device_fp?: string;
     captcha_ref?: string;
     locale?: string;
-    rememberMe: boolean;
-    remember_me: boolean;
+    rememberMe?: boolean;
+    remember_me?: boolean;
 }
 export interface ResetPasswordEntity {
     email: string;
-    mobile: string;
-    phone: string;
-    username: string;
-    resetMedium: string;
-    processingType: string;
+    mobile?: string;
+    phone?: string;
+    username?: string;
+    resetMedium: "SMS" | "EMAIL" | "IVR";
+    processingType: "CODE" | "LINK";
     requestId: string;
-    provider: string;
-    resetPasswordId: string;
-    sub: string;
+    provider?: string;
+    resetPasswordId?: string;
+    sub?: string;
 }
 export declare class TokenIntrospectionEntity {
     token: string;
@@ -409,51 +409,51 @@ export interface UserActivityEntity {
     events?: [string];
 }
 export declare class UserEntity {
-    userStatus: string;
+    userStatus?: string;
     user_status?: string;
-    user_status_reason: string;
-    username: string;
-    sub: string;
+    user_status_reason?: string;
+    username?: string;
+    sub?: string;
     originalProviderUserId?: string[];
     given_name: string;
     family_name: string;
-    middle_name: string;
-    nickname: string;
+    middle_name?: string;
+    nickname?: string;
     email: string;
-    email_verified: boolean;
-    mobile_number: string;
-    mobile_number_obj: IMobileEntity | null;
-    mobile_number_verified: boolean;
-    phone_number: string;
-    phone_number_obj: IMobileEntity | null;
-    phone_number_verified: boolean;
-    profile: string;
-    picture: string;
-    website: string;
-    gender: string;
-    zoneinfo: string;
-    locale: string;
-    birthdate: Date | string;
+    email_verified?: boolean;
+    mobile_number?: string;
+    mobile_number_obj?: IMobileEntity | null;
+    mobile_number_verified?: boolean;
+    phone_number?: string;
+    phone_number_obj?: IMobileEntity | null;
+    phone_number_verified?: boolean;
+    profile?: string;
+    picture?: string;
+    website?: string;
+    gender?: string;
+    zoneinfo?: string;
+    locale?: string;
+    birthdate?: Date | string;
     address?: AddressEntity;
     customFields?: any;
     identityCustomFields?: any;
     password: string;
-    password_echo?: string;
-    password_hash_info: any | null;
-    generate_password: boolean;
-    provider: string;
-    identityId: string;
-    providerUserId: string;
-    providerBusinessIds: string[];
-    street_address: string;
+    password_echo: string;
+    password_hash_info?: any | null;
+    generate_password?: boolean;
+    provider?: string;
+    identityId?: string;
+    providerUserId?: string;
+    providerBusinessIds?: string[];
+    street_address?: string;
     mfa_enabled?: boolean;
     roles?: string[];
     groups?: IUserGroupMap[];
     userGroups?: IUserGroupMap[];
-    trackId: string;
-    rawJSON: string;
-    need_reset_password: boolean;
-    no_event: boolean;
+    trackId?: string;
+    rawJSON?: string;
+    need_reset_password?: boolean;
+    no_event?: boolean;
     consents?: IConsentField[] | IConsentTrackingEntity[];
     consent_track_ids?: string[];
     ignore_default_roles?: string[];
@@ -556,12 +556,12 @@ export declare class ValidateResetPasswordEntity {
     code: string;
 }
 export interface IChangePasswordEntity {
-    sub: string;
-    identityId: string;
+    sub?: string;
+    identityId?: string;
     old_password: string;
     new_password: string;
     confirm_password: string;
-    accessToken: string;
+    accessToken?: string;
     loginSettingsId: string;
-    client_id: string;
+    client_id?: string;
 }

package/types/main/web-auth/Entities.js

@@ -1,18 +1,6 @@
 "use strict";
 exports.__esModule = true;
-exports.ValidateResetPasswordEntity = exports.UpdateReviewDeviceEntity = exports.GroupValidationEntity = exports.TokenIntrospectionEntity = exports.FindUserEntity = exports.PhysicalVerificationLoginRequest = exports.AccessTokenRequest = exports.AcceptResetPasswordEntity = void 0;
-var AcceptResetPasswordEntity = /** @class */ (function () {
-    function AcceptResetPasswordEntity() {
-        this.resetRequestId = "";
-        this.exchangeId = "";
-        this.password = "";
-        this.confirmPassword = "";
-        this.provider = "";
-        this.requestId = "";
-    }
-    return AcceptResetPasswordEntity;
-}());
-exports.AcceptResetPasswordEntity = AcceptResetPasswordEntity;
+exports.ValidateResetPasswordEntity = exports.UpdateReviewDeviceEntity = exports.GroupValidationEntity = exports.TokenIntrospectionEntity = exports.FindUserEntity = exports.PhysicalVerificationLoginRequest = exports.AccessTokenRequest = void 0;
 var AccessTokenRequest = /** @class */ (function () {
     function AccessTokenRequest() {
         this.user_agent = "";

package/types/main/web-auth/LoginService.d.ts

@@ -24,7 +24,7 @@ export declare namespace LoginService {
         device_fp: string;
     }): void;
     /**
-     * register with social
+     *  with social
      * @param options
      * @param queryParams
      */
@@ -94,9 +94,10 @@ export declare namespace LoginService {
      * @param options
      */
     function loginAfterRegister(options: {
-        device_id: string;
+        device_id?: string;
         dc?: string;
-        rememberMe: boolean;
-        trackId: string;
+        rememberMe?: boolean;
+        trackId?: string;
+        device_fp?: string;
     }): void;
 }

package/types/main/web-auth/LoginService.js

@@ -65,7 +65,7 @@ var LoginService;
     LoginService.loginWithSocial = loginWithSocial;
     ;
     /**
-     * register with social
+     *  with social
      * @param options
      * @param queryParams
      */

package/types/main/web-auth/TokenService.js

@@ -44,7 +44,6 @@ var TokenService;
      * @returns
      */
     function getAccessToken(options) {
-        var _this = this;
         return new Promise(function (resolve, reject) {
             try {
                 if (!options.code) {
@@ -52,7 +51,6 @@ var TokenService;
                 }
                 options.client_id = window.webAuthSettings.client_id;
                 options.redirect_uri = window.webAuthSettings.redirect_uri;
-                options.code_verifier = _this.code_verifier;
                 options.grant_type = "authorization_code";
                 var http = new XMLHttpRequest();
                 var _serviceURL = window.webAuthSettings.authority + "/token-srv/token";
@@ -66,7 +64,16 @@ var TokenService;
                 if (window.localeSettings) {
                     http.setRequestHeader("accept-language", window.localeSettings);
                 }
-                http.send(JSON.stringify(options));
+                if (!window.webAuthSettings.disablePKCE) {
+                    window.usermanager._client.createSigninRequest(window.webAuthSettings).then(function (signInRequest) {
+                        var _a;
+                        options.code_verifier = (_a = signInRequest.state) === null || _a === void 0 ? void 0 : _a.code_verifier;
+                        http.send(JSON.stringify(options));
+                    });
+                }
+                else {
+                    http.send(JSON.stringify(options));
+                }
             }
             catch (ex) {
                 reject(ex);

package/types/main/web-auth/UserService.d.ts

@@ -19,7 +19,7 @@ export declare namespace UserService {
         captcha?: string;
         acceptlanguage?: string;
         bot_captcha_response?: string;
-        trackId: string;
+        trackId?: string;
     }): Promise<unknown>;
     /**
      * get invite info
@@ -48,12 +48,12 @@ export declare namespace UserService {
      * handle reset password
      * @param options
      */
-    function handleResetPassword(options: ValidateResetPasswordEntity): void;
+    function handleResetPassword(options: ValidateResetPasswordEntity): Promise<unknown>;
     /**
     * reset password
     * @param options
     */
-    function resetPassword(options: AcceptResetPasswordEntity): void;
+    function resetPassword(options: AcceptResetPasswordEntity): Promise<unknown>;
     /**
      * get Deduplication details
      * @param options

package/types/main/web-auth/UserService.js

@@ -176,10 +176,35 @@ var UserService;
      */
     function handleResetPassword(options) {
         try {
-            var url = window.webAuthSettings.authority + "/users-srv/resetpassword/validatecode";
-            var form = Helper_1.Helper.createForm(url, options);
-            document.body.appendChild(form);
-            form.submit();
+            var url_1 = window.webAuthSettings.authority + "/users-srv/resetpassword/validatecode";
+            if (window.webAuthSettings.cidaas_version > 2) {
+                var form = Helper_1.Helper.createForm(url_1, options);
+                document.body.appendChild(form);
+                form.submit();
+            }
+            else {
+                return new Promise(function (resolve, reject) {
+                    try {
+                        var http = new XMLHttpRequest();
+                        http.onreadystatechange = function () {
+                            if (http.readyState == 4) {
+                                if (http.responseText) {
+                                    resolve(JSON.parse(http.responseText));
+                                }
+                                else {
+                                    resolve(false);
+                                }
+                            }
+                        };
+                        http.open("POST", url_1, true);
+                        http.setRequestHeader("Content-type", "application/json");
+                        http.send(JSON.stringify(options));
+                    }
+                    catch (ex) {
+                        reject(ex);
+                    }
+                });
+            }
         }
         catch (ex) {
             throw new Helper_1.CustomException(ex, 417);
@@ -192,11 +217,36 @@ var UserService;
     * @param options
     */
     function resetPassword(options) {
+        var url = window.webAuthSettings.authority + "/users-srv/resetpassword/accept";
         try {
-            var url = window.webAuthSettings.authority + "/users-srv/resetpassword/accept";
-            var form = Helper_1.Helper.createForm(url, options);
-            document.body.appendChild(form);
-            form.submit();
+            if (window.webAuthSettings.cidaas_version > 2) {
+                var form = Helper_1.Helper.createForm(url, options);
+                document.body.appendChild(form);
+                form.submit();
+            }
+            else {
+                return new Promise(function (resolve, reject) {
+                    try {
+                        var http = new XMLHttpRequest();
+                        http.onreadystatechange = function () {
+                            if (http.readyState == 4) {
+                                if (http.responseText) {
+                                    resolve(JSON.parse(http.responseText));
+                                }
+                                else {
+                                    resolve(false);
+                                }
+                            }
+                        };
+                        http.open("POST", url, true);
+                        http.setRequestHeader("Content-type", "application/json");
+                        http.send(JSON.stringify(options));
+                    }
+                    catch (ex) {
+                        reject(ex);
+                    }
+                });
+            }
         }
         catch (ex) {
             throw new Helper_1.CustomException(ex, 417);

package/types/main/web-auth/WebAuth.d.ts

@@ -1,19 +1,10 @@
 import { UserManagerSettings } from "oidc-client-ts";
 import { AccessTokenRequest, TokenIntrospectionEntity, UserEntity, ResetPasswordEntity, IConfiguredListRequestEntity, IInitVerificationAuthenticationRequestEntity, FindUserEntity, IUserEntity, FidoSetupEntity, IEnrollVerificationSetupRequestEntity, ISuggestedMFAActionConfig, IUserLinkEntity, UpdateReviewDeviceEntity, UserActivityEntity, ChangePasswordEntity, IConsentAcceptEntity, IAuthVerificationAuthenticationRequestEntity, FaceVerificationAuthenticationRequestEntity, LoginFormRequestEntity, AccountVerificationRequestEntity, ValidateResetPasswordEntity, AcceptResetPasswordEntity, LoginFormRequestAsyncEntity, PhysicalVerificationLoginRequest, IChangePasswordEntity } from "./Entities";
 export declare class WebAuth {
-    private code_verifier;
     constructor(settings: UserManagerSettings & {
         mode?: string;
+        cidaas_version: number;
     });
-    /**
-     * generate code verifier
-     */
-    private generateCodeVerifier;
-    /**
-     * @param code_verifier
-     * @returns
-     */
-    private generateCodeChallenge;
     /**
    * @param string
    * @returns
@@ -208,7 +199,7 @@ export declare class WebAuth {
         captcha?: string;
         acceptlanguage?: string;
         bot_captcha_response?: string;
-        trackId: string;
+        trackId?: string;
     }): Promise<unknown>;
     /**
      * get invite info
@@ -258,12 +249,12 @@ export declare class WebAuth {
      * handle reset password
      * @param options
      */
-    handleResetPassword(options: ValidateResetPasswordEntity): void;
+    handleResetPassword(options: ValidateResetPasswordEntity): Promise<unknown>;
     /**
     * reset password
     * @param options
     */
-    resetPassword(options: AcceptResetPasswordEntity): void;
+    resetPassword(options: AcceptResetPasswordEntity): Promise<unknown>;
     /**
      * get mfa list v2
      * @param options

package/types/main/web-auth/WebAuth.js

@@ -66,21 +66,6 @@ var WebAuth = /** @class */ (function () {
             console.log(ex);
         }
     }
-    /**
-     * generate code verifier
-     */
-    WebAuth.prototype.generateCodeVerifier = function () {
-        this.code_verifier = crypto.randomUUID().replace(/-/g, "");
-    };
-    ;
-    /**
-     * @param code_verifier
-     * @returns
-     */
-    WebAuth.prototype.generateCodeChallenge = function (code_verifier) {
-        return this.base64URL(CryptoJS.SHA256(code_verifier));
-    };
-    ;
     /**
    * @param string
    * @returns
@@ -273,17 +258,19 @@ var WebAuth = /** @class */ (function () {
         if (!settings.scope) {
             settings.scope = "email openid profile mobile";
         }
-        this.generateCodeVerifier();
-        var loginURL = settings.authority + "/authz-srv/authz?client_id=" + settings.client_id;
-        loginURL += "&redirect_uri=" + settings.redirect_uri;
-        loginURL += "&nonce=" + new Date().getTime().toString();
-        loginURL += "&response_type=" + settings.response_type;
-        loginURL += "&code_challenge=" + this.generateCodeChallenge(this.code_verifier);
-        loginURL += "&code_challenge_method=S256";
-        if (settings.response_mode && settings.response_mode == 'query') {
-            loginURL += "&response_mode=" + settings.response_mode;
+        var loginURL = "";
+        window.usermanager._client.createSigninRequest(settings).then(function (signInRequest) {
+            loginURL = signInRequest.url;
+        });
+        var timeRemaining = 5000;
+        while (timeRemaining > 0) {
+            if (loginURL) {
+                break;
+            }
+            setTimeout(function () {
+                timeRemaining -= 100;
+            }, 100);
         }
-        loginURL += "&scope=" + settings.scope;
         return loginURL;
     };
     ;
@@ -867,7 +854,7 @@ var WebAuth = /** @class */ (function () {
      * @param options
      */
     WebAuth.prototype.handleResetPassword = function (options) {
-        UserService_1.UserService.handleResetPassword(options);
+        return UserService_1.UserService.handleResetPassword(options);
     };
     ;
     /**
@@ -875,7 +862,7 @@ var WebAuth = /** @class */ (function () {
     * @param options
     */
     WebAuth.prototype.resetPassword = function (options) {
-        UserService_1.UserService.resetPassword(options);
+        return UserService_1.UserService.resetPassword(options);
     };
     ;
     /**