Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@pega/auth
Advanced tools
@pega/auth - npm Package Compare versions
Comparing version 0.1.5 to 0.1.6
@@ -15,2 +15,3 @@ export class PegaAuth { | ||
| revokeTokens(accessToken: any, refreshToken?: null): Promise<void>; | ||
| getUserinfo(accessToken: any): Promise<any>; | ||
| #private; | ||
@@ -17,0 +18,0 @@ } |
@@ -123,3 +123,3 @@ export class PegaAuth { | ||
| async #buildAuthorizeUrl(state) { | ||
| const { serverType, clientId, redirectUri, authorizeUri, authService, appAlias, userIdentifier, password, noPKCE, isolationId } = this.#config; | ||
| const { serverType, clientId, redirectUri, authorizeUri, userinfoUri, authService, appAlias, userIdentifier, password, noPKCE, isolationId } = this.#config; | ||
| const { sessionIndex } = this.#dynState; | ||
@@ -146,4 +146,5 @@ const bInfinity = serverType === 'infinity'; | ||
| // Trim alias to include just the real alias piece | ||
| const additionalScope = appAlias ? `+app.alias.${appAlias.replace(/^app\//, '')}` : ''; | ||
| const scope = bInfinity ? `openid${additionalScope}` : 'user_info'; | ||
| const additionalScope = (userinfoUri ? '+profile' : '') + | ||
| (appAlias ? `+app.alias.${appAlias.replace(/^app\//, '')}` : ''); | ||
| const scope = bInfinity ? `openid+email${additionalScope}` : 'user_info'; | ||
| // Add explicit creds if specified to try to avoid login popup | ||
@@ -703,2 +704,33 @@ const authServiceArg = authService | ||
| } | ||
| // For userinfo endpoint to return meaningful data, endpoint must include appAlias (if specified) and authorize must | ||
| // specify profile and optionally email scope to get such info returned | ||
| async getUserinfo(accessToken) { | ||
| if (!this.#config || !this.#config.userinfoUri) { | ||
| // Must have a config structure and userInfo to proceed | ||
| return {}; | ||
| } | ||
| const headers = { | ||
| authorization: `bearer ${accessToken}`, | ||
| 'content-type': 'application/json;charset=UTF-8' | ||
| }; | ||
| return fetch(this.#config.userinfoUri, { | ||
| agent: this.#getAgent(), | ||
| method: 'GET', | ||
| headers: new Headers(headers) | ||
| }) | ||
| .then(response => { | ||
| if (response.ok) { | ||
| return response.json(); | ||
| } | ||
| // eslint-disable-next-line no-console | ||
| console.log(`Error invoking userinfo: ${response.status}`); | ||
| }) | ||
| .then(data => { | ||
| return data; | ||
| }) | ||
| .catch(e => { | ||
| // eslint-disable-next-line no-console | ||
| console.log(e); | ||
| }); | ||
| } | ||
| #sha256Hash(str) { | ||
@@ -705,0 +737,0 @@ // Found that the Node implementation of subtle.digest is yielding incorrect results |
@@ -37,2 +37,4 @@ // This file wraps various calls related to logging in, logging out, etc. | ||
| #foldSpot = 2; | ||
| // Whether to load and cache user info as part of login | ||
| #loadUserinfo = false; | ||
| constructor() { | ||
@@ -726,3 +728,5 @@ // Auth Manager specific state is saved within session storage as important in redirect and popup window scenarios | ||
| this.#processTokenOnLogin(token); | ||
| // this.getUserInfo(); | ||
| if (this.#loadUserinfo) { | ||
| this.getUserInfo(); | ||
| } | ||
| resolve(token.access_token); | ||
@@ -753,3 +757,5 @@ }) | ||
| this.#processTokenOnLogin(token, false); | ||
| // this.getUserInfo(); | ||
| if (this.#loadUserinfo) { | ||
| this.getUserInfo(); | ||
| } | ||
| if (fnLoggedInCB) { | ||
@@ -813,3 +819,5 @@ fnLoggedInCB(token.access_token); | ||
| this.#fireTokenAvailable(this.#tokenInfo); | ||
| // this.getUserInfo(); | ||
| if (this.#loadUserinfo) { | ||
| this.getUserInfo(); | ||
| } | ||
| } | ||
@@ -816,0 +824,0 @@ else { |
| { | ||
| "name": "@pega/auth", | ||
| "version": "0.1.5", | ||
| "version": "0.1.6", | ||
| "description": "Pega OAuth 2.0 Client Library (supports Infinity and Launchpad).", | ||
@@ -5,0 +5,0 @@ "repository": { |
@@ -23,2 +23,83 @@ # Pega Auth | ||
| ## oauth-client library usage | ||
| To leverage this library, import the **PegaAuth** class from the default @pega/auth package or from '@pega/auth/oauth-client'. | ||
| Main methods: | ||
| ### constructor( ssKeyConfig, ssKeyDynState='') | ||
| The PegaAuth constructor takes one required argument (ssKeyConfig) which passes in an object with various configuration properties and values or is a string value indicating a sessionStorage key from which to read a JSON stringified representation of such a config object. | ||
| The constructor also has a 2nd optional argument (ssKeyDynState) which can either pass an initial empty object which should be used to place all dynamic state runtime property values, or may be a string value indicating a sessionStorage key from which to read and update such dynamic state. If omitted, and a string value is passed as first argument, '\_DS' is appended to that value and dynamic state is saved to that session storage location. | ||
| Table of config values | ||
| | Property Name | Type | Default | Description | | ||
| | ------------------- | -------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | | ||
| | serverType | string | 'infinity' | 'infinity' or 'launchpad' | | ||
| | clientId | string | | OAuth 2.0 client registration id | | ||
| | grantType | string | 'authCode' | OAuth 2.0 grant type (or 'none' for custom auth). Supported values: 'authCode", 'customBearer', 'clientCreds', 'passwordCreds' or 'none' | | ||
| | clientSecret | string | | OAuth 2.0 client secret (only for confidential OAuth 2.0 client registrations) | | ||
| | redirectUri | string | | OAuth 2.0 redirect URI (only relevant for 'authCode' grant type) | | ||
| | authorizeUri | string | | URI to OAuth 2.0 authorize endpoint (only relevant for 'authCode' grant type) | | ||
| | authService | string | | Infinity Authentication service alias (only relevant for 'authCode' grant type) | | ||
| | appAlias | string | | Application alias for pega app being accessed. If not specified will utilize the default access group within the current user's operator record | | ||
| | userIdentifier | string | | Pega operator user identifier to use (only relevant for 'authCode' grant type) | | ||
| | password | string | | B64 encoded Pega operator password to use (only relevant for 'authCode' grant type) | | ||
| | noPKCE | boolean | false | Set to true to disable PKCE (only relevant for 'authCode' grant type) | | ||
| | silentTimeout | integer | 5000 | Milliseconds to wait for response during 'silent authentication' (only relevant for 'authCode' grant type) | | ||
| | iframeLoginUI | boolean | false | Set to _true_ to make a failed silent authentication iframe visible, rather than opening a popup window when silent authentication fails or times out (only relevant for 'authCode' grant type) | | ||
| | tokenUri | string | | OAuth 2.0 token URI | | ||
| | customTokenParams | string | | JSON structure with params to pass as part of customBearer grant flow | | ||
| | noPopups | boolean | false | | Set to _true_ to disable any popup window attempts (only relevant for 'authCode' grant type) | | ||
| | cert | string | | Path to certificate (only relevant for node usage and for 'authCode' grant type) | | ||
| | key | string | | Path to key (only relevant for node usage and for 'authCode' grant type) | | ||
| | winTitle | string | | Title of window to use on a local redirect (only relevant for node usage and for 'authCode' grant type) | | ||
| | winBodyHtml | string | | Markup to place within window for a local redirect (only relevant for node usage and for 'authCode' grant type) | | ||
| | isolationId | string | | Deprecated (Launchpad only) | | ||
| | transform | boolean | true | Set to _false_ to disable obfuscation of values stored in sessionStorage | | ||
| | fnDynStateChangedCB | function | | function to invoke when a dynamic static property has changed | | ||
| | useNodeFetch | boolean | false | Set to _true_ to force the usage of node-fetch library (only relevant for node usage) | | ||
| Current Dynamic State properties updated during PegaAuth usage | ||
| | Property Name | Type | Default | Description | | ||
| | -------------------- | ------ | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | codeVerifier | string | | codeVerifier value at start of auth code flow (important to save and have available particularly on a main window redirect) (only relevant for 'authCode' grant type) | | ||
| | state | string | | state value generated by client at start of auth code flow and used to compare with state returned with authorization code | | ||
| | sessionIndex | string | | sessionIndex value returned with first token endpoint call to then be passed on subsequent full re-authentications to tie the sessions together | | ||
| | sessionIndexAttempts | number | | used prior to Infinity '24 and support for proper auth code flow error reporting | | ||
| | acRedirectUri | string | | redirect uri used at start of auth code flow and sent later on matching token endpoint | | ||
| ### async login() | ||
| The login method executes the specified OAuth 2.0 grantType and returns a promise which will contain the immediate or eventual token endpoint response. | ||
| ### loginRedirect() | ||
| The loginRedirect method kicks off an authorization code grant flow on the main window (only relevant for grantType='authCode'). | ||
| ### checkStateMatch(state) | ||
| Returns true if the passed in state value matches the state which was set at the start of an authorization code grant flow (only relevant for grantType='authCode'). | ||
| ### getToken(authCode) | ||
| Uses the passed in authCode to retrieve the access_token and any optional refresh_token specified for the OAuth 2.0 client registration. | ||
| ### async refreshToken(refreshToken) | ||
| Uses he passed in refreshToken to generate a new access_token as well as an updated refresh_token (if a refresh_token is enabled within the OAuth 2.0 client registration). | ||
| ### async revokeTokens(accessToken, refreshToken=null) | ||
| Revoke the specified tokens to in effect end the authentication session. | ||
| ### async getUserinfo(accessToken) | ||
| Retrieve the "user information" object associated with the passed in accessToken. | ||
| <hr /> | ||
| ## License | ||
@@ -25,0 +106,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by7.18%
191052
- Lines of code
- increased by1.98%
2109
- Number of lines in readme file
- increased by289.29%
109
Worsened metrics
- Number of medium supply chain risk alerts
- increased by16.67%
7
No dependency changes