piral-oauth2 1.0.0-pre.2112 → 1.0.0

package/src/setup.ts

@@ -1,76 +1,6 @@
-import * as ClientOAuth2 from 'client-oauth2';
-
-/**
- * Available configuration options for the OAuth 2.0 plugin.
- */
-export interface OAuth2Config {
-  /**
-   * The id of the client. Required for the setup of OAuth 2.0.
-   */
-  clientId: string;
-  /**
-   * The client secret. Only required for the `code` flow.
-   */
-  clientSecret?: string;
-  /**
-   * The Uri pointing to the authorization endpoint of the Identity Provider.
-   */
-  authorizationUri: string;
-  /**
-   * The Uri pointing to the access token endpoint of the Identity Provider.
-   */
-  accessTokenUri?: string;
-  /**
-   * The redirect Uri to use. By default the origin with /auth
-   * is used.
-   */
-  redirectUri?: string;
-  /**
-   * The scopes to be used.
-   */
-  scopes?: Array<string>;
-  /**
-   * The OAuth 2.0 authorization flow type to be used.
-   */
-  flow?: 'implicit' | 'code';
-  /**
-   * Restricts token sharing such that other integrations, e.g., with
-   * fetch would need to be done manually.
-   * Otherwise, the client is responsive to the `before-fetch` event.
-   */
-  restrict?: boolean;
-}
-
-export interface OAuth2Request {
-  /**
-   * Sets the headers of the request.
-   * @param headers Headers or a promise to headers.
-   */
-  setHeaders(headers: any): void;
-}
-
-export interface OAuth2Client {
-  /**
-   * Performs a login.
-   */
-  login(): void;
-  /**
-   * Performs a logout.
-   */
-  logout(): void;
-  /**
-   * Gets a token.
-   */
-  token(): Promise<string>;
-  /**
-   * Checks if the user is currently logged in.
-   */
-  account(): boolean;
-  /**
-   * Extends the headers of the provided request.
-   */
-  extendHeaders(req: OAuth2Request): void;
-}
+import ClientOAuth2 from 'client-oauth2';
+import { createOAuth2MemoryPersistence } from './utils';
+import { OAuth2Config, OAuth2Client } from './types';
 
 const callbackName = 'oauth2Cb';
 
@@ -87,8 +17,14 @@ export function setupOAuth2Client(config: OAuth2Config): OAuth2Client {
     redirectUri = `${location.origin}/auth`,
     scopes = [],
     flow,
+    headers,
+    query,
+    state,
     restrict = false,
+    returnPath = '/',
+    persist = createOAuth2MemoryPersistence(),
   } = config;
+
   const client = new ClientOAuth2({
     clientId,
     clientSecret,
@@ -96,66 +32,94 @@ export function setupOAuth2Client(config: OAuth2Config): OAuth2Client {
     authorizationUri,
     accessTokenUri,
     scopes,
+    headers,
+    query,
+    state,
   });
+
   let currentToken: ClientOAuth2.Token;
   let retrieveToken: () => Promise<string>;
   let getLoginUri: () => string;
 
-  if (flow === 'code') {
-    client.code.getToken(location.href).then(
-      (token) => (currentToken = token),
-      () => {},
-    );
+  const setCurrentToken = (token: ClientOAuth2.Token) => {
+    persist.save({
+      accessToken: token.accessToken,
+      data: token.data,
+      refreshToken: token.refreshToken,
+    });
 
-    retrieveToken = () => {
+    currentToken = token;
+  };
+
+  const retrieve = (init: Promise<void>, refresh: () => Promise<ClientOAuth2.Token>) => {
+    return init.then(() => {
       if (!currentToken) {
         return Promise.reject('Not logged in. Please call `login()` to retrieve a token.');
       }
 
       if (!currentToken.expired()) {
-        return Promise.resolve(currentToken.accessToken);
+        return currentToken.accessToken;
       }
 
-      return currentToken.refresh().then((refreshedToken) => {
-        currentToken = refreshedToken;
+      return refresh().then((refreshedToken) => {
+        setCurrentToken(refreshedToken);
         return currentToken.accessToken;
       });
+    });
+  };
+
+  const initialize = (load: () => Promise<ClientOAuth2.Token>) => {
+    const info = persist.load();
+
+    if (info) {
+      currentToken = client.createToken(info.accessToken, info.refreshToken, info.data);
+      return Promise.resolve();
+    } else {
+      return load().then(
+        (token) => {
+          const opener = window.opener;
+
+          setCurrentToken(token);
+
+          if (opener && typeof opener[callbackName] === 'function') {
+            opener[callbackName](token);
+            window.close();
+          }
+        },
+        () => {},
+      );
+    }
+  };
+
+  if (flow === 'code') {
+    const init = initialize(() => {
+      const url = location.href;
+      history.replaceState(undefined, undefined, returnPath);
+      return client.code.getToken(url);
+    });
+
+    retrieveToken = () => {
+      return retrieve(init, () => currentToken.refresh());
     };
     getLoginUri = () => client.code.getUri();
   } else {
-    client.token.getToken(location.href).then(
-      (token) => {
-        const opener = window.opener;
-        if (opener && typeof opener[callbackName] === 'function') {
-          opener[callbackName](token);
-          window.close();
-        }
-        currentToken = token;
-      },
-      () => {},
-    );
+    const init = initialize(() => client.token.getToken(location.href));
 
     retrieveToken = () => {
-      if (!currentToken) {
-        return Promise.reject('Not logged in. Please call `login()` to retrieve a token.');
-      }
-
-      if (!currentToken.expired()) {
-        return Promise.resolve(currentToken.accessToken);
-      }
-
-      return new Promise<string>((res) => {
-        window[callbackName] = (token: ClientOAuth2.Token) => {
-          currentToken = token;
-          res(currentToken.accessToken);
-        };
-        window.open(client.token.getUri());
-      });
+      return retrieve(
+        init,
+        () =>
+          new Promise<ClientOAuth2.Token>((resolve) => {
+            window[callbackName] = resolve;
+            window.open(client.token.getUri());
+          }),
+      );
     };
     getLoginUri = () => client.token.getUri();
   }
 
   return {
+    _: client,
     login() {
       window.location.href = getLoginUri();
     },

package/src/types.ts

@@ -1,3 +1,5 @@
+import type { Data } from 'client-oauth2';
+
 declare module 'piral-core/lib/types/custom' {
   interface PiletCustomApi extends PiralOAuth2Api {}
 }
@@ -8,3 +10,124 @@ export interface PiralOAuth2Api {
    */
   getAccessToken(): Promise<string | undefined>;
 }
+
+/**
+ * The relevant OAuth 2 token information.
+ */
+export interface OAuth2TokenInfo {
+  accessToken: string;
+  refreshToken: string;
+  data: Data;
+}
+
+/**
+ * Available configuration options for the OAuth 2 plugin.
+ */
+export interface OAuth2Config {
+  /**
+   * The id of the client. Required for the setup of OAuth 2.
+   */
+  clientId: string;
+  /**
+   * The client secret. Only required for the `code` flow.
+   */
+  clientSecret?: string;
+  /**
+   * The Uri pointing to the authorization endpoint of the Identity Provider.
+   */
+  authorizationUri: string;
+  /**
+   * The Uri pointing to the access token endpoint of the Identity Provider.
+   */
+  accessTokenUri?: string;
+  /**
+   * The redirect Uri to use. By default the origin with /auth
+   * is used.
+   */
+  redirectUri?: string;
+  /**
+   * The return path to use in case of the "code" flow. By default the
+   * path will be set to "/".
+   */
+  returnPath?: string;
+  /**
+   * The scopes to be used.
+   */
+  scopes?: Array<string>;
+  /**
+   * The OAuth 2 authorization flow type to be used.
+   */
+  flow?: 'implicit' | 'code';
+  /**
+   * Restricts token sharing such that other integrations, e.g., with
+   * fetch would need to be done manually.
+   * Otherwise, the client is responsive to the `before-fetch` event.
+   */
+  restrict?: boolean;
+  /**
+   * Optional persistence layer for OAuth 2. By default nothing is stored.
+   */
+  persist?: OAuth2Persistence;
+  /**
+   * The optional headers to supply in OAuth 2 requests.
+   */
+  headers?: Record<string, string | Array<string>>;
+  /**
+   * The optional query parameters to supply in OAuth 2 requests.
+   */
+  query?: Record<string, string | Array<string>>;
+  /**
+   * The optional state parameter to supply in OAuth 2 requests.
+   */
+  state?: string;
+}
+
+export interface OAuth2Request {
+  /**
+   * Sets the headers of the request.
+   * @param headers Headers or a promise to headers.
+   */
+  setHeaders(headers: any): void;
+}
+
+export interface OAuth2Client {
+  /**
+   * The underlying OAuth2 client.
+   */
+  _: any;
+  /**
+   * Performs a login.
+   */
+  login(): void;
+  /**
+   * Performs a logout.
+   */
+  logout(): void;
+  /**
+   * Gets a token.
+   */
+  token(): Promise<string>;
+  /**
+   * Checks if the user is currently logged in.
+   */
+  account(): boolean;
+  /**
+   * Extends the headers of the provided request.
+   */
+  extendHeaders(req: OAuth2Request): void;
+}
+
+/**
+ * Defines the interface for the OAuth 2 persistence layer.
+ */
+export interface OAuth2Persistence {
+  /**
+   * Loads an OAuth 2 token structure.
+   */
+  load(): OAuth2TokenInfo;
+  /**
+   * Stores an OAuth 2 token structure.
+   * @param info The token infos to store.
+   */
+  save(info: OAuth2TokenInfo): void;
+}

package/src/utils.ts

@@ -0,0 +1,61 @@
+import { OAuth2Persistence } from './types';
+
+/**
+ * Creates an OAuth 2 persistence layer using memory.
+ */
+export function createOAuth2MemoryPersistence(): OAuth2Persistence {
+  return {
+    load() {
+      return undefined;
+    },
+    save() {},
+  };
+}
+
+/**
+ * Creates an OAuth 2 persistence layer using sessionStorage.
+ */
+export function createOAuth2SessionPersistence(sessionKey = '$piral_oauth2_info'): OAuth2Persistence {
+  return {
+    load() {
+      const content = sessionStorage.getItem(sessionKey);
+
+      if (typeof content === 'string') {
+        try {
+          return JSON.parse(content);
+        } catch {
+          console.error('Found invalid data in the OAuth 2 session storage key. Skipped.');
+        }
+      }
+
+      return undefined;
+    },
+    save(info) {
+      sessionStorage.setItem(sessionKey, JSON.stringify(info));
+    },
+  };
+}
+
+/**
+ * Creates an OAuth 2 persistence layer using localStorage.
+ */
+export function createOAuth2BrowserPersistence(localKey = '$piral_oauth2_info'): OAuth2Persistence {
+  return {
+    load() {
+      const content = localStorage.getItem(localKey);
+
+      if (typeof content === 'string') {
+        try {
+          return JSON.parse(content);
+        } catch {
+          console.error('Found invalid data in the OAuth 2 local storage key. Skipped.');
+        }
+      }
+
+      return undefined;
+    },
+    save(info) {
+      localStorage.setItem(localKey, JSON.stringify(info));
+    },
+  };
+}