Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@curity/react-native-haapi-module

Package Overview
Dependencies
Maintainers
7
Versions
20
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@curity/react-native-haapi-module

React Native Modules to use with Hypermedia Authentication API of the Curity Identity Server

  • 0.4.12
  • latest
  • npm
  • Socket score

Version published
Maintainers
7
Created
Source

react-native-haapi-module

Quality Availability

This a react-native Native Module that use the Hypermedia Authentication API of the Curity Identity Server. The module utilizes the iOS and Android SDK to perform attestation and communication with the API.

https://curity.io/product/authentication-service/authentication-api/

Getting started

$ npm install @curity/react-native-haapi-module --save

Configuration

Parameter NamePlatformRequiredDefaultDescription
appRedirectbothfalseapp:startRedirect URI to use in OAuth requests. Needs to be registered in server config
keyStoreAliasandroidfalsehaapi-react-native-androidKeystore alias for keys used in an authentication flow. Only used on Android
configurationNameiosfalseHaapiModuleThe name to use for the configuration on iOS. If you are in testing mode and switching environments, make sure that each environment sets a different name
clientIdbothtrueThe registered client_id
baseUribothtrueBase URI of the server. Used for relative redirects.
tokenEndpointUribothtrueURI of the token endpoint.
authorizationEndpointUribothtrueURI of the authorize endpoint.
revocationEndpointUribothtrueURI of the revocation endpoint.
registrationEndpointUriandroidfalseURI of the registration endpoint. Required if fallback registration should be used.
fallback_template_idandroidfalseName of the template client to be used in fallback. Required if fallback registration should be used.
registration_secretandroidfalseName of the template client to be used in fallback. Required if fallback registration should be used.
validateTlsCertificatebothfalsetrueIf the server TLS certificate should be validated. Set to false to accept self signed certificates.
acrValuesbothfalse""Space separated string to send in authorize request.
scopebothfalse""Space separated string of scopes to request.
extraRequestParametersbothfalse{}Map of extra parameters to send in the request to the authorize endpoint.
extraHttpHeadersbothfalse{}Map of extra http headers to send in all requests to the authentication API.

Usage

All functions of the module are async operations. The application may use events produced by the module to drive the authentication flow, or rely on results return by promises.

Load

To use the module, first load the module with the desired configuration.

import {NativeModules} from "react-native";

const {HaapiModule} = NativeModules;

// Example configuration
const haapiConfiguration = {
    "appRedirect": "app:start",
    "keyStoreAlias": "haapi-react-native",
    "clientId": "react-dev-client",
    "baseUri": "https://login.example.com",
    "tokenEndpointUri": "https://login.example.com/oauth/token",
    "authorizationEndpointUri": "https://login.example.com/oauth/authorize",
    "revocationEndpointUri": "https://login.example.com/oauth/revoke",
    "scope": "openid profile",
    "registrationEndpointUri": "https://login.example.com/oauth/registration",
    "fallback_template_id": "react-native-fallback",
    "registration_secret": "my-good-secret"
    "validateTlsCertificate": true,
    "extraRequestParameters": {"prompt": "login"},
    "extraHttpHeaders": {"x-my-good-header": "foobar"}
    "acrValues": ""
}

HaapiModule.load(HaapiConfiguration).catch(e => {
    console.error('Error in loading configuration', e);
});

export default HaapiModule;

load() may be called multiple times with different configuration, to be able to start authentication flows requesting different acr or scope.

Start

After the module has been loaded, the start() function may be called. start() will setup the communication with HAAPI, perform attestation, and then start emitting events for the application to react on. Receiving events will allow the application to know more about the contents of the current state than if it were to receive the raw HaapiResponse. The module will follow redirect responses automatically.

try {
    await HaapiModule.start();
} catch (e) {
    console.error(e);
}

To listen for the events produced:

const eventEmitter = new NativeEventEmitter(HaapiModule);
eventEmitter.addListener("EventName", () => {
    // Handle event
});

Navigate

To follow a link in a HAAPI response, the navigate(model) function can be used. model is an object conforming to Link

try {
    await HaapiModule.navigate(model);
} catch (e) {
    console.error(e);
}

Submit form

To submit a form in an action, use the submitForm(action, parameters), where action is the form to submit, and parameters is an object containing the field names and the values to fill the form.

try {
    await HaapiModule.submitForm(action, parameters);
} catch (e) {
    console.error(e);
}

Refresh Access Token

Refresh the access token using the refresh token. The application may listen to the events TokenResponse/TokenResponseError for the result of the refresh.

HaapiModule.refreshAccessToken(refreshToken);

Log out

Calling log out will revoke the tokens, and close the underlying managers to clear the state.

HaapiModule.logout().then(/* Remove tokens from state */);

Events

Event NameEmitted when
AuthenticationStepAn action is required by the user as part of authentication. See Authentication Step
AuthenticationSelectorStepAn AuthenticationStep with the kind authenticator-selector is received. An authenticator selector screen should be be shown to the user.
ContinueSameStepA screen should be shown to the user, containing some information. The only required action by the user is to accept or in some cases cancel. Continue Same Step
PollingStepAn authentication step that requires polling was received. May contain information for the user for how to proceed authentication out of band. Polling Step
PollingStepResultA poll result was received with the status PENDING. The application may show new information to the user and continue polling.
StopPollingA successful poll result was received. Application should stop polling, and the module will continue execution and may issue new events.
TokenResponseAuthentication was successful, and the resulting token(s) was received. The payload of the event will contain accessToken, expiresIn and scope. May contain refreshToken and idToken
TokenResponseErrorAuthentication was successful, but the token request returned an error.
SessionTimedOutThe authentication process took too long, and timed out. The user will have to start over using start() method again.
IncorrectCredentialsThe user enter wrong credentials in an AuthenticationStep. Show an error to the user and allow them to try again. Invalid Input Problem
ProblemRepresentationThe server returned an unexpected problem. Problem
HaapiErrorAn unexpected problem happened. Event will have members error and error_description

Example implementation

See https://github.com/curityio/react-native-haapi-example for example implementation in javascript which is mostly driven by events.

Development

To deploy changes in the modules to an application without publishing a new package, a file system dependency may be used.

  • Pack your module with: npm pack. This will provide a .tgz file containing the module.
  • Then in your application, depend on your file using npm install $path_to_file/react-native-haapi-module/curity-react-native-haapi-module-0.4.2.tgz --save

Known limitations

  • Registration steps no yet supported
  • External Browser flow not yet supported
  • Webauthn/Passkeys not yet supported

Keywords

FAQs

Package last updated on 07 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc