cidaas-javascript-sdk 4.3.3 → 5.1.0

package/dist/token-service/TokenService.js

@@ -9,234 +9,179 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.offlineTokenCheck = exports.deviceCodeVerify = exports.initiateDeviceCode = exports.getMissingFields = exports.loginPrecheck = exports.validateAccessToken = exports.getAccessToken = exports.renewToken = void 0;
+exports.TokenService = void 0;
 const TokenService_model_1 = require("./TokenService.model");
 const Helper_1 = require("../common/Helper");
 const JwtHelper_1 = require("../common/JwtHelper");
-/**
- * To get a new token with the grant type refresh_token, call **renewToken()**.
- * The refresh token to create a new token. The refresh token is received while creating an access token using the token endpoint and later can be used to fetch a new token without using credentials
- * @example
- * ```js
- * const options = {
- *   refresh_token: "your refresh token",
- * }
- *
- * cidaas.renewToken(options)
- *   .then(function (response) {
- *     // type your code here
- *   })
- *   .catch(function (ex) {
- *     // your failure code here
- *   });
- * ```
- */
-function renewToken(options) {
-    if (!options.refresh_token) {
-        throw new Helper_1.CustomException("refresh_token cannot be empty", 417);
+class TokenService {
+    constructor(configUserProvider) {
+        this.config = configUserProvider.getConfig();
+        this.userManager = configUserProvider.getUserManager();
     }
-    options.client_id = window.webAuthSettings.client_id;
-    options.grant_type = TokenService_model_1.GrantType.RefreshToken;
-    const _serviceURL = window.webAuthSettings.authority + "/token-srv/token";
-    return Helper_1.Helper.createHttpPromise(options, _serviceURL, undefined, "POST");
-}
-exports.renewToken = renewToken;
-/**
- * To get a new token with the grant type authorization_code, call **getAccessToken()** with code to create a new token.
- * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/4ff850f48629a-generate-token for more details.
- * @example
- * ```js
- * const options = {
- *   code: "your code to be exchanged with access token",
- * }
- *
- * cidaas.getAccessToken(options)
- *   .then(function (response) {
- *     // type your code here
- *   })
- *   .catch(function (ex) {
- *     // your failure code here
- *   });
- * ```
- */
-function getAccessToken(options) {
-    var _a;
-    return __awaiter(this, void 0, void 0, function* () {
-        if (!options.code) {
-            throw new Helper_1.CustomException("code cannot be empty", 417);
-        }
-        options.client_id = window.webAuthSettings.client_id;
-        options.redirect_uri = window.webAuthSettings.redirect_uri;
-        options.grant_type = TokenService_model_1.GrantType.AuthorizationCode;
-        if (!window.webAuthSettings.disablePKCE) {
-            const signInRequest = yield window.usermanager.getClient().createSigninRequest(window.webAuthSettings);
-            options.code_verifier = (_a = signInRequest.state) === null || _a === void 0 ? void 0 : _a.code_verifier;
-        }
-        const _serviceURL = window.webAuthSettings.authority + "/token-srv/token";
-        return Helper_1.Helper.createHttpPromise(options, _serviceURL, undefined, "POST");
-    });
-}
-exports.getAccessToken = getAccessToken;
-/**
- * To validate an access token, call **validateAccessToken()**.
- * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/26ff31e2937f1-introspect-with-bearer-token for more details.
- * @example
- * ```js
- * const options = {
- *   token: "your access token",
- *   token_type_hint: "accepted token type hints are access_token, id_token, refresh_token, sso",
- * }
- *
- * cidaas.validateAccessToken(options)
- * .then(function (response) {
- *   // type your code here
- * })
- * .catch(function (ex) {
- *   // your failure code here
- * });
- * ```
- */
-function validateAccessToken(options) {
-    if (!options.token) {
-        throw new Helper_1.CustomException("token cannot be empty", 417);
+    /**
+     * To generate token(s) with the grant type authorization_code, call **generateTokenFromCode()**
+     * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/4ff850f48629a-generate-token for more details.
+     * @example
+     * ```js
+     * const options = {
+     *   code: "your code to be exchanged with the token(s)",
+     * }
+     *
+     * cidaasTokenService.generateTokenFromCode(options)
+     *   .then(function (response) {
+     *     // type your code here
+     *   })
+     *   .catch(function (ex) {
+     *     // your failure code here
+     *   });
+     * ```
+     */
+    generateTokenFromCode(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            if (!options.code) {
+                throw new Helper_1.CustomException("code cannot be empty", 417);
+            }
+            options.client_id = this.config.client_id;
+            options.redirect_uri = this.config.redirect_uri;
+            options.grant_type = TokenService_model_1.GrantType.AuthorizationCode;
+            if (!this.config.disablePKCE) {
+                const signInRequest = yield this.userManager.getClient().createSigninRequest(this.config);
+                options.code_verifier = (_a = signInRequest.state) === null || _a === void 0 ? void 0 : _a.code_verifier;
+            }
+            const _serviceURL = this.config.authority + "/token-srv/token";
+            return Helper_1.Helper.createHttpPromise(options, _serviceURL, undefined, "POST");
+        });
     }
-    const _serviceURL = window.webAuthSettings.authority + "/token-srv/introspect";
-    return Helper_1.Helper.createHttpPromise(options, _serviceURL, false, "POST", options.token);
-}
-exports.validateAccessToken = validateAccessToken;
-/**
- * To get precheck result after login, call **loginPrecheck()**. If there is missing information, user will be redirected to either accepting consent, changing password, continuing MFA process, or do progressive registration
- * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/aappczju1t3uh-precheck-information for more details.
- * @example
- * ```js
- * const options = {
- *   trackId: "your track id from login",
- *   locale: "your preferred locale. DEPRECATED as it is not supported anymore. Will be removed in next major release",
- * }
- *
- * cidaas.loginPrecheck(options)
- * .then(function (response) {
- *   // type your code here
- * })
- * .catch(function (ex) {
- *   // your failure code here
- * });
- * ```
- */
-function loginPrecheck(options, headers) {
-    const _serviceURL = window.webAuthSettings.authority + "/token-srv/prelogin/metadata/" + options.track_id;
-    return Helper_1.Helper.createHttpPromise(undefined, _serviceURL, false, "GET", undefined, headers);
-}
-exports.loginPrecheck = loginPrecheck;
-/**
- * To get the missing fields after login, call **getMissingFields()**.
- * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/aappczju1t3uh-precheck-information for more details.
- * @example
- * ```js
- * const trackId = "your track id from login";
- * cidaas.getMissingFields(trackId)
- *   .then(function (response) {
- *     // type your code here
- * })
- *   .catch(function (ex) {
- *     // your failure code here
- * });
- * ```
- */
-function getMissingFields(trackId, headers) {
-    const _serviceURL = window.webAuthSettings.authority + "/token-srv/prelogin/metadata/" + trackId;
-    return Helper_1.Helper.createHttpPromise(undefined, _serviceURL, false, "GET", undefined, headers);
-}
-exports.getMissingFields = getMissingFields;
-/**
- * To initiate device code, call **initiateDeviceCode()**.
- * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/b6d284f55be5e-authorization-request for more details.
- * @example
- * ```js
- * const clientId = "your client id";
- * cidaas.initiateDeviceCode(clientId)
- *   .then(function (response) {
- *     // type your code here
- * })
- *   .catch(function (ex) {
- *     // your failure code here
- * });
- * ```
- */
-function initiateDeviceCode(clientId) {
-    const clientid = clientId !== null && clientId !== void 0 ? clientId : window.webAuthSettings.client_id;
-    const _serviceURL = `${window.webAuthSettings.authority}/authz-srv/device/authz?client_id=${clientid}`;
-    return Helper_1.Helper.createHttpPromise(undefined, _serviceURL, false, "GET");
-}
-exports.initiateDeviceCode = initiateDeviceCode;
-/**
- * To verify device code, call **deviceCodeVerify()**.
- * @example
- * ```js
- * const code = "your code which has been send after initiateDeviceCode()";
- * cidaas.deviceCodeVerify(code)
- *   .then(function (response) {
- *     // type your code here
- * })
- *   .catch(function (ex) {
- *     // your failure code here
- * });
- * ```
- */
-function deviceCodeVerify(code) {
-    const params = `user_code=${encodeURI(code)}`;
-    const url = `${window.webAuthSettings.authority}/token-srv/device/verify?${params}`;
-    try {
-        const options = {
-            user_code: encodeURI(code)
-        };
-        const form = Helper_1.Helper.createForm(url, options, 'GET');
-        document.body.appendChild(form);
-        form.submit();
+    /**
+     * To get precheck result after login, call **loginPrecheck()**. If there is missing information, user will be redirected to either accepting consent, changing password, continuing MFA process, or do progressive registration
+     * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/aappczju1t3uh-precheck-information for more details.
+     * @example
+     * ```js
+     * const options = {
+     *   track_id: "your track id from login",
+     * }
+     *
+     * cidaasTokenService.loginPrecheck(options)
+     * .then(function (response) {
+     *   // type your code here
+     * })
+     * .catch(function (ex) {
+     *   // your failure code here
+     * });
+     * ```
+     */
+    loginPrecheck(options, headers) {
+        const _serviceURL = this.config.authority + "/token-srv/prelogin/metadata/" + options.track_id;
+        return Helper_1.Helper.createHttpPromise(undefined, _serviceURL, false, "GET", undefined, headers);
     }
-    catch (ex) {
-        throw new Error(String(ex));
+    /**
+     * To get the missing fields after login, call **getMissingFields()**.
+     * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/aappczju1t3uh-precheck-information for more details.
+     * @example
+     * ```js
+     * const trackId = "your track id from login";
+     * cidaasTokenService.getMissingFields(trackId)
+     *   .then(function (response) {
+     *     // type your code here
+     * })
+     *   .catch(function (ex) {
+     *     // your failure code here
+     * });
+     * ```
+     */
+    getMissingFields(trackId, headers) {
+        const _serviceURL = this.config.authority + "/token-srv/prelogin/metadata/" + trackId;
+        return Helper_1.Helper.createHttpPromise(undefined, _serviceURL, false, "GET", undefined, headers);
     }
-}
-exports.deviceCodeVerify = deviceCodeVerify;
-/**
- * To check access token without having to call cidaas api, call **offlineTokenCheck()**. THe function will return true if the token is valid & false if the token is invalid.
- * @example
- * ```js
- * cidaas.offlineTokenCheck('your access token');
- * ```
- */
-function offlineTokenCheck(accessToken) {
-    var _a, _b;
-    const result = {
-        isExpiryDateValid: false,
-        isScopesValid: false,
-        isIssuerValid: false,
-    };
-    const accessTokenHeaderAsJson = JwtHelper_1.JwtHelper.decodeTokenHeader(accessToken);
-    const accessTokenAsJson = JwtHelper_1.JwtHelper.decodeToken(accessToken);
-    if (!accessTokenAsJson || !accessTokenHeaderAsJson) {
-        return result;
+    /**
+     * To initiate device code, call **initiateDeviceCode()**.
+     * Please refer to the api document https://docs.cidaas.com/docs/cidaas-iam/b6d284f55be5e-authorization-request for more details.
+     * @example
+     * ```js
+     * const clientId = "your client id";
+     * cidaasTokenService.initiateDeviceCode(clientId)
+     *   .then(function (response) {
+     *     // type your code here
+     * })
+     *   .catch(function (ex) {
+     *     // your failure code here
+     * });
+     * ```
+     */
+    initiateDeviceCode(clientId) {
+        const clientid = clientId !== null && clientId !== void 0 ? clientId : this.config.client_id;
+        const _serviceURL = `${this.config.authority}/authz-srv/device/authz?client_id=${clientid}`;
+        return Helper_1.Helper.createHttpPromise(undefined, _serviceURL, false, "GET");
+    }
+    /**
+     * To verify device code, call **deviceCodeVerify()**.
+     * @example
+     * ```js
+     * const code = "your code which has been send after initiateDeviceCode()";
+     * cidaasTokenService.deviceCodeVerify(code)
+     *   .then(function (response) {
+     *     // type your code here
+     * })
+     *   .catch(function (ex) {
+     *     // your failure code here
+     * });
+     * ```
+     */
+    deviceCodeVerify(code) {
+        const params = `user_code=${encodeURI(code)}`;
+        const url = `${this.config.authority}/token-srv/device/verify?${params}`;
+        try {
+            const options = {
+                user_code: encodeURI(code)
+            };
+            const form = Helper_1.Helper.createForm(url, options, 'GET');
+            document.body.appendChild(form);
+            form.submit();
+        }
+        catch (ex) {
+            throw new Error(String(ex));
+        }
     }
-    else {
-        if (accessTokenAsJson.exp) {
-            const expirationDate = new Date(0);
-            expirationDate.setUTCSeconds(accessTokenAsJson.exp);
-            result.isExpiryDateValid = expirationDate.valueOf() > new Date().valueOf();
+    /**
+     * To check access token without having to call cidaas api, call **offlineTokenCheck()**. THe function will return true if the token is valid & false if the token is invalid.
+     * @example
+     * ```js
+     * cidaasTokenService.offlineTokenCheck('your access token');
+     * ```
+     */
+    offlineTokenCheck(accessToken) {
+        var _a, _b;
+        const result = {
+            isExpiryDateValid: false,
+            isScopesValid: false,
+            isIssuerValid: false,
+        };
+        const accessTokenHeaderAsJson = JwtHelper_1.JwtHelper.decodeTokenHeader(accessToken);
+        const accessTokenAsJson = JwtHelper_1.JwtHelper.decodeToken(accessToken);
+        if (!accessTokenAsJson || !accessTokenHeaderAsJson) {
+            return result;
         }
-        const accessTokenScopes = accessTokenAsJson.scopes;
-        const webAuthSettingScopes = (_b = (_a = window.webAuthSettings) === null || _a === void 0 ? void 0 : _a.scope) === null || _b === void 0 ? void 0 : _b.split(' ');
-        if ((accessTokenScopes === null || accessTokenScopes === void 0 ? void 0 : accessTokenScopes.length) === (webAuthSettingScopes === null || webAuthSettingScopes === void 0 ? void 0 : webAuthSettingScopes.length)) {
-            webAuthSettingScopes.forEach(webAuthSettingScope => {
-                const i = accessTokenScopes.indexOf(webAuthSettingScope);
-                if (i > -1) {
-                    accessTokenScopes.splice(i, 1);
-                }
-            });
-            result.isScopesValid = accessTokenScopes.length === 0;
+        else {
+            if (accessTokenAsJson.exp) {
+                const expirationDate = new Date(0);
+                expirationDate.setUTCSeconds(accessTokenAsJson.exp);
+                result.isExpiryDateValid = expirationDate.valueOf() > new Date().valueOf();
+            }
+            const accessTokenScopes = accessTokenAsJson.scopes;
+            const configScopes = (_b = (_a = this.config) === null || _a === void 0 ? void 0 : _a.scope) === null || _b === void 0 ? void 0 : _b.split(' ');
+            if ((accessTokenScopes === null || accessTokenScopes === void 0 ? void 0 : accessTokenScopes.length) === (configScopes === null || configScopes === void 0 ? void 0 : configScopes.length)) {
+                configScopes.forEach(scope => {
+                    const i = accessTokenScopes.indexOf(scope);
+                    if (i > -1) {
+                        accessTokenScopes.splice(i, 1);
+                    }
+                });
+                result.isScopesValid = accessTokenScopes.length === 0;
+            }
+            result.isIssuerValid = accessTokenAsJson.iss === this.config.authority;
         }
-        result.isIssuerValid = accessTokenAsJson.iss === window.webAuthSettings.authority;
+        return result;
     }
-    return result;
 }
-exports.offlineTokenCheck = offlineTokenCheck;
+exports.TokenService = TokenService;

package/dist/token-service/TokenService.model.d.ts

@@ -49,12 +49,6 @@ export interface TokenClaim {
     ua_hash?: string;
     /** List of unaccepted consents */
     consents?: Consent[];
-    /** DEPRECATED: replaced with aud claim */
-    clientid?: string;
-    /** DEPRECATED: replaced with scopes claim */
-    scope?: string;
-    /** DEPRECATED: replaced with roles claim */
-    role?: string;
 }
 export interface Group {
     /** Unique identifier for the group */
@@ -72,17 +66,6 @@ export interface Consent {
     /** Time when the consent is created */
     creation_time: string;
 }
-export interface RenewTokenRequest {
-    /** One time valid code that is used for issuing a new token */
-    refresh_token: string;
-    /** Unique identifier of client app, can be found in app setting under admin ui */
-    client_id?: string;
-    /**
-     * Type of grant used in token request
-     * BREAKING TODO: change type to GrantType only in next major version
-    */
-    grant_type?: GrantType | string;
-}
 /** Type of grant used in token request */
 export declare enum GrantType {
     AuthorizationCode = "authorization_code",
@@ -93,7 +76,7 @@ export declare enum GrantType {
     Internal = "internal",
     DeviceCode = "urn:ietf:params:oauth:grant-type:device_code"
 }
-export interface GetAccessTokenRequest {
+export interface GenerateTokenFromCodeRequest {
     /** The code which you receive while using authorization code flow */
     code: string;
     /** When we choose PKCE method to generate token, we need to pass code_verifier which is a cryptographically random string */
@@ -102,35 +85,11 @@ export interface GetAccessTokenRequest {
     client_id?: string;
     /**
      * Type of grant used in token request
-     * BREAKING TODO: change type to GrantType only in next major version
-     * */
-    grant_type?: GrantType | string;
+     */
+    grant_type?: GrantType;
     /** Specify the url where the user needs to be redirected after successful login */
     redirect_uri?: string;
 }
-export declare class TokenIntrospectionRequest {
-    /** access token to be inspected */
-    token: string;
-    /**
-     * Optional hint about the type of the submitted token.
-     * BREAKING TODO: change type to TokenTypeHint only in next major version
-     * */
-    token_type_hint?: TokenTypeHint | string;
-    /** List of roles to match */
-    roles?: string[];
-    /** List of scopes to match */
-    scopes?: string[];
-    /** List of groups to match */
-    groups?: GroupAllowed[];
-    /** If true, all roles have to be included. If false, only 1 role from the list is needed */
-    strictRoleValidation?: boolean;
-    /** If true, all group have to be included. If false, only 1 group from the list is needed */
-    strictGroupValidation?: boolean;
-    /** If true, all scopes have to be included. If false, only 1 scope from the list is needed */
-    strictScopeValidation?: boolean;
-    /** If true, all defined roles and/or groups and/or scopes validation has to be succesful. If false, only 1 of them is needed */
-    strictValidation?: boolean;
-}
 /** Optional hint about the type of the submitted token. */
 export declare enum TokenTypeHint {
     AccessToken = "access_token",

package/dist/token-service/TokenService.model.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.GroupAllowed = exports.TokenTypeHint = exports.TokenIntrospectionRequest = exports.GrantType = void 0;
+exports.GroupAllowed = exports.TokenTypeHint = exports.GrantType = void 0;
 /** Type of grant used in token request */
 var GrantType;
 (function (GrantType) {
@@ -11,20 +11,7 @@ var GrantType;
     GrantType["ClientCredentials"] = "client_credentials";
     GrantType["Internal"] = "internal";
     GrantType["DeviceCode"] = "urn:ietf:params:oauth:grant-type:device_code";
-})(GrantType = exports.GrantType || (exports.GrantType = {}));
-class TokenIntrospectionRequest {
-    constructor() {
-        /** If true, all roles have to be included. If false, only 1 role from the list is needed */
-        this.strictRoleValidation = false;
-        /** If true, all group have to be included. If false, only 1 group from the list is needed */
-        this.strictGroupValidation = false;
-        /** If true, all scopes have to be included. If false, only 1 scope from the list is needed */
-        this.strictScopeValidation = false;
-        /** If true, all defined roles and/or groups and/or scopes validation has to be succesful. If false, only 1 of them is needed */
-        this.strictValidation = false;
-    }
-}
-exports.TokenIntrospectionRequest = TokenIntrospectionRequest;
+})(GrantType || (exports.GrantType = GrantType = {}));
 /** Optional hint about the type of the submitted token. */
 var TokenTypeHint;
 (function (TokenTypeHint) {
@@ -33,7 +20,7 @@ var TokenTypeHint;
     TokenTypeHint["IdToken"] = "id_token";
     TokenTypeHint["Sid"] = "sid";
     TokenTypeHint["Sso"] = "sso";
-})(TokenTypeHint = exports.TokenTypeHint || (exports.TokenTypeHint = {}));
+})(TokenTypeHint || (exports.TokenTypeHint = TokenTypeHint = {}));
 class GroupAllowed {
     constructor() {
         /** If true, all roles have to be included. If false, only 1 role from the list is needed */