@obelisk/client
Advanced tools
Comparing version 2.7.7 to 2.8.0
@@ -95,2 +95,10 @@ import { Observable } from "rxjs"; | ||
/** | ||
* Keep logged in session alive by refreshing or re-requesting RPTs (in case of offline token present) | ||
* Subscribe to start. | ||
* | ||
* @param leeway Configurable leeway in milliseconds for when expiration and thus refresh logic is due. (Defaults to 3000) | ||
* @return Observable<boolean> of which the boolean signifies if the last refresh action succeeded. | ||
*/ | ||
keepSessionAlive(leeway?: number): Observable<boolean>; | ||
/** | ||
* Once this observable returns, the authentication procedure is over. | ||
@@ -97,0 +105,0 @@ * This is usefull for any Auth checking (eg. Auth Guards) |
@@ -22,2 +22,3 @@ import { Observable, Observer } from 'rxjs'; | ||
private CRED_KEY; | ||
private useOfflineToken; | ||
private readonly defaultOptions; | ||
@@ -126,4 +127,12 @@ /** | ||
*/ | ||
private scheduleTokenRefresh; | ||
/** | ||
* @inheritdoc | ||
*/ | ||
keepSessionAlive(leeway?: number): Observable<boolean>; | ||
/** | ||
* Internal call that defers execution of refresh logic until RPT expires (- minus some leeway in ms) | ||
* @param leeway The leeway in ms (default to 3000ms) | ||
*/ | ||
private scheduleRefreshRpt; | ||
/** | ||
* Only for refreshing the PAT token. **Only meant for some specific cases** | ||
@@ -134,6 +143,4 @@ */ | ||
* Only for refreshing the RPT token. **Only meant for some specific cases** | ||
* @param useClientCredentials Optional parameter: if true it will refresh using the session client credentials, | ||
* instead of the credenitals set at client init time. | ||
*/ | ||
refreshRptToken(useClientCredentials?: boolean): Observable<boolean>; | ||
refreshRptToken(): Observable<boolean>; | ||
/** | ||
@@ -140,0 +147,0 @@ * @inheritdoc |
@@ -21,2 +21,3 @@ "use strict"; | ||
this.UMA2CONFIG_PATH = '/.well-known/uma2-configuration'; | ||
this.useOfflineToken = false; | ||
this.defaultOptions = { | ||
@@ -61,3 +62,2 @@ authMode: 'entitlement', | ||
// If scope includes offline_access and refresh_expires_in=== 0 (store in localstorage to skip login next time) | ||
// if (!offlineLoginHandling && authResponse.scope.split(' ').includes('offline_access') && authResponse.refresh_expires_in <= 0) { | ||
if (authResponse.scope.split(' ').includes('offline_access') && authResponse.refresh_expires_in <= 0) { | ||
@@ -321,2 +321,4 @@ // this._storage!.add('logInfo', { authenticated: true, expires: -1, offline_token: patRefresh.getToken() }); | ||
isAuthenticated() { | ||
// reseting useOfflineToken | ||
this.useOfflineToken = false; | ||
// check storage | ||
@@ -334,2 +336,4 @@ try { | ||
if (offline && offline.token) { | ||
// Set offline token usage to true | ||
this.useOfflineToken = true; | ||
// console.debug('--trying offline_token login'); | ||
@@ -375,2 +379,3 @@ const url = this._uma2Config.token_endpoint; | ||
this._storage.clearAll(); | ||
this.useOfflineToken = false; | ||
this._tokens = {}; | ||
@@ -467,13 +472,29 @@ } | ||
*/ | ||
scheduleTokenRefresh(pat, patRefresh) { | ||
// Get date from pat token | ||
const expiry = pat.getExpiresAt(); | ||
// Refresh 30 seconds before expiry | ||
const refreshTime = expiry - (30 * 1000); | ||
// Use patRefresh to refresh | ||
setTimeout(() => { | ||
// TODO: onTokenExpired callback | ||
}, refreshTime - new Date().getTime()); | ||
// private scheduleTokenRefresh(pat: Token, patRefresh: Token): void { | ||
// // Get date from pat token | ||
// const expiry = pat.getExpiresAt(); | ||
// // Refresh 30 seconds before expiry | ||
// const refreshTime = expiry - (30 * 1000); | ||
// // Use patRefresh to refresh | ||
// setTimeout(() => { | ||
// // TODO: onTokenExpired callback | ||
// }, refreshTime - new Date().getTime()); | ||
// } | ||
/** | ||
* @inheritdoc | ||
*/ | ||
keepSessionAlive(leeway = 3000) { | ||
return this.scheduleRefreshRpt(leeway).pipe(operators_1.expand(_ => this.scheduleRefreshRpt(leeway))); | ||
} | ||
/** | ||
* Internal call that defers execution of refresh logic until RPT expires (- minus some leeway in ms) | ||
* @param leeway The leeway in ms (default to 3000ms) | ||
*/ | ||
scheduleRefreshRpt(leeway = 3000) { | ||
return rxjs_1.defer(() => { | ||
const delay = Math.max(0, this._tokens.rpt.getExpiresAt() * 1000 - Date.now() - leeway); | ||
return rxjs_1.timer(delay).pipe(operators_1.flatMap(_ => this.refreshRptToken())); | ||
}); | ||
} | ||
/** | ||
* Only for refreshing the PAT token. **Only meant for some specific cases** | ||
@@ -509,14 +530,14 @@ */ | ||
* Only for refreshing the RPT token. **Only meant for some specific cases** | ||
* @param useClientCredentials Optional parameter: if true it will refresh using the session client credentials, | ||
* instead of the credenitals set at client init time. | ||
*/ | ||
refreshRptToken(useClientCredentials) { | ||
const url = this._uma2Config.token_endpoint; | ||
if (this._tokens && this._tokens.rptRefresh) { | ||
const tok = this._tokens.rptRefresh; | ||
const headers = { | ||
'Content-Type': 'application/x-www-form-urlencoded', | ||
}; | ||
let params = `grant_type=refresh_token&refresh_token=${tok.getToken()}`; | ||
if (useClientCredentials) { | ||
refreshRptToken() { | ||
if (!this.useOfflineToken) { | ||
// console.log('== Normal online refresh'); | ||
const url = this._uma2Config.token_endpoint; | ||
if (this._tokens && this._tokens.rptRefresh) { | ||
const tok = this._tokens.rptRefresh; | ||
const headers = { | ||
'Content-Type': 'application/x-www-form-urlencoded', | ||
}; | ||
let params = `grant_type=refresh_token&refresh_token=${tok.getToken()}`; | ||
// if (useClientCredentials) { | ||
try { | ||
@@ -527,30 +548,35 @@ const cred = this.loadClientCredentials(); | ||
catch (_a) { | ||
// Credentials are not present, log out. | ||
this.logout(); | ||
return rxjs_1.of(false); | ||
// Credentials are not present, use just client_id | ||
const clientId = this._options.clientId; | ||
params += `&client_id=${clientId}`; | ||
// this.logout(); | ||
// return of(false); | ||
} | ||
// } else { | ||
// const clientId = this._options!.clientId; | ||
// params += `&client_id=${clientId}`; | ||
// } | ||
return ajax_1.ajax.post(url, params, headers).pipe(operators_1.flatMap(resp => { | ||
if (resp.status === 200) { | ||
const body = resp.response; | ||
this._tokens.rpt = new auth_1.Token(body.access_token); | ||
this._tokens.rptRefresh = new auth_1.Token(body.refresh_token); | ||
this._tokens.idtoken = new auth_1.Token(body.id_token); | ||
// ADDED | ||
this.updateLogInfo(this._tokens.rpt); | ||
this._events$.next({ type: interfaces_1.ClientEventType.OnRptChanged }); | ||
this._events$.next({ type: interfaces_1.ClientEventType.OnRolesChanged }); | ||
return rxjs_1.of(true); | ||
} | ||
else { | ||
return rxjs_1.throwError(resp.status + ' ' + resp.responseText); | ||
} | ||
})); | ||
} | ||
else { | ||
const clientId = this._options.clientId; | ||
params += `&client_id=${clientId}`; | ||
return rxjs_1.of(false); | ||
} | ||
return ajax_1.ajax.post(url, params, headers).pipe(operators_1.flatMap(resp => { | ||
if (resp.status === 200) { | ||
const body = resp.response; | ||
this._tokens.rpt = new auth_1.Token(body.access_token); | ||
this._tokens.rptRefresh = new auth_1.Token(body.refresh_token); | ||
this._tokens.idtoken = new auth_1.Token(body.id_token); | ||
// ADDED | ||
this.updateLogInfo(this._tokens.rpt); | ||
this._events$.next({ type: interfaces_1.ClientEventType.OnRptChanged }); | ||
this._events$.next({ type: interfaces_1.ClientEventType.OnRolesChanged }); | ||
return rxjs_1.of(true); | ||
} | ||
else { | ||
return rxjs_1.throwError(resp.status + ' ' + resp.responseText); | ||
} | ||
})); | ||
} | ||
else { | ||
return rxjs_1.of(false); | ||
return this.refreshPatToken().pipe(operators_1.flatMap(succeeded => succeeded ? this.getNewRpt().pipe(operators_1.map(_ => true)) : rxjs_1.of(false))); | ||
} | ||
@@ -557,0 +583,0 @@ } |
{ | ||
"name": "@obelisk/client", | ||
"version": "2.7.7", | ||
"version": "2.8.0", | ||
"description": "Typescript client to interact with Obelisk on a higher level than the regular ReST API calls.", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
87897
2281