UNPKG

@c8y/client

Version:

Client application programming interface to access the Cumulocity IoT-Platform REST services.

166 lines 5.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
/** * A list of supported [[ITenantLoginOption]] which * describe the way a user can login to the Platform. */ import { TfaStrategy } from '../tenant/index.js'; export interface ITenantLoginOptions { /** * Link to the resource */ self?: string; /** * The list of tenant login options */ loginOptions: ITenantLoginOption[]; } /** * Describes the login option which can be requested by any * application on startup without login. It describes which kind * of login mechanism (e.g. Basic, SSO or OAI-Secure) is * supported by the current Platform. */ export interface ITenantLoginOption { /** * Identifies the login option */ id?: string; /** * Login option type */ type?: TenantLoginOptionType; /** * Grant type */ grantType?: GrantType; /** * The origin of the users REMOTE or INTERNAL */ userManagementSource: UserManagementSource; /** * Link to the resource */ self?: string; /** * The strategy for Two Factor Authentication */ tfaStrategy?: TfaStrategy; /** * Indicates whether the login option should be visible on the login page of UI applications. * If set to `true` for more than one login option, then the preferred one will be selected according to priority: * 1. OAI-Secure: authentication information is stored in a HttpOnly cookie * 2. Basic Auth: authentication information is stored in a session storage * 3. SSO redirect: allows a user to login with a single 3rd-party authorization server using the OAuth2 protocol. * If no login option has `visibleOnLoginPage` set to `true`, the preferred login option will be Basic Auth. */ visibleOnLoginPage?: boolean; /** * The label which is shown on the login button */ buttonName?: string; /** * The request which is used to initialize an oauth flow */ initRequest?: string; /** * Determines if password strength is enforced on system level */ enforceStrength?: boolean; /** * Minimum length of a password to be considered as a “green” strong one */ greenMinLength?: number; /** * Determines if password strength is enforced on tenant level */ strengthValidity?: boolean; /** * Organizations name which provides login option */ providerName?: string; /** * Basic authentication restrictions. */ authenticationRestrictions?: IAuthenticationRestrictions; /** * Configuration for OAI-Secure sessions. */ sessionConfiguration?: ISessionConfiguration; /** * Tenant correct domain for OAI-Secure login option. * UI will redirect to this domain if OAI-Secure is * set as preferred login mode and domain in browser is wrong. */ loginRedirectDomain?: string; /** * If true, UI controls SSO flow. */ flowControlledByUI?: boolean; /** * A flag used only for OAI-SECURE that indicates whether the OAI-SECURE backend implementation supports TFA logging. */ tfaSupported?: boolean; } export interface ITenantLoginOptionParams { /** * If true, all user sessions will be terminated after updating the tenant's login option. */ terminateUserSessions?: boolean; } export interface IAuthenticationRestrictions { /** * The list of user agents which are allowed to use the platform's REST API. * The values are compared with `User-Agent` HTTP header. */ trustedUserAgents: string[]; /** * The list of user agents which are forbidden to use the platform's REST API. * The values are compared with `User-Agent` HTTP header. */ forbiddenUserAgents: string[]; /** * The list of clients which are forbidden to use the platform's REST API. * For now, the only value supported in the array is `'WEB_BROWSERS'` (which blocks all web browsers). */ forbiddenClients: string[]; } export interface ISessionConfiguration { /** * The maximum amount of time a session can be active. */ absoluteTimeoutMillis: number; /** * The maximum amount of sessions per user. */ maximumNumberOfParallelSessions: number; /** * The timeout after which the session id is automatically renewed. If there is no activity after renewal timeout and before absolute session timeout, the session will not be renewed. */ renewalTimeoutMillis: number; /** * If `true`, then every request needs to use the same `User-Agent` header as the first request which initiated the session. */ userAgentValidationRequired: boolean; } export declare enum TenantLoginOptionType { /** * OAI-Secure: authentication information is stored in a HttpOnly cookie */ OAUTH2_INTERNAL = "OAUTH2_INTERNAL", /** * SSO redirect: allows a user to login with a single 3rd-party authorization server using the OAuth2 protocol. */ OAUTH2 = "OAUTH2", /** * Basic Auth: authentication information is stored in a session storage */ BASIC = "BASIC" } export declare enum GrantType { AUTHORIZATION_CODE = "AUTHORIZATION_CODE", PASSWORD = "PASSWORD" } export declare enum UserManagementSource { REMOTE = "REMOTE", INTERNAL = "INTERNAL" } //# sourceMappingURL=ITenantLoginOptions.d.ts.map