UNPKG

@europeana/portal

Version:

Europeana Portal

github.com/europeana/portal.js

europeana/portal.js

105 lines (85 loc) 3.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
// @see https://github.com/nuxt-community/auth-module/blob/v4.9.1/lib/schemes/oauth2.js#L157-L201 const refreshAccessToken = async({ $auth, $axios, redirect, route }, requestConfig) => { let refreshAccessTokenResponse; try { refreshAccessTokenResponse = await $auth.request(refreshAccessTokenRequestOptions($auth)); } catch { // Refresh token is no longer valid; clear tokens and try again $auth.logout(); delete requestConfig.headers['Authorization']; return $axios.request(requestConfig); } if (!updateAccessToken($auth, requestConfig, refreshAccessTokenResponse)) { // No new access token; redirect to login URL return redirect($auth.options.redirect.login, { redirect: route.path }); } updateRefreshToken($auth, refreshAccessTokenResponse); // Retry request with new access token return $axios.request(requestConfig); }; const updateRefreshToken = ($auth, refreshAccessTokenResponse) => { const options = $auth.strategy.options; let newRefreshToken = refreshAccessTokenResponse[options.refresh_token_key]; if (!newRefreshToken) { return false; } if (options.token_type) { newRefreshToken = `${options.token_type} ${newRefreshToken}`; } // Store refresh token $auth.setRefreshToken($auth.strategy.name, newRefreshToken); return newRefreshToken; }; const updateAccessToken = ($auth, requestConfig, refreshAccessTokenResponse) => { const options = $auth.strategy.options; let newAccessToken = refreshAccessTokenResponse[options.token_key]; if (!newAccessToken) { return false; } if (options.token_type) { newAccessToken = `${options.token_type} ${newAccessToken}`; } // Store token $auth.setToken($auth.strategy.name, newAccessToken); // Set axios token $auth.strategy._setToken(newAccessToken); // eslint-disable-line no-underscore-dangle delete requestConfig.headers['Authorization']; return newAccessToken; }; const refreshAccessTokenRequestOptions = ($auth) => { const refreshToken = $auth.getRefreshToken($auth.strategy.name); const options = $auth.strategy.options; // Nuxt Auth stores token type e.g. "Bearer " with token, but refresh_token // grant does not need it; remove it before sending to OIDC. const refreshTokenWithoutType = refreshToken.replace(new RegExp(`^${options.token_type} `), ''); return { method: 'post', url: options.access_token_endpoint, headers: { 'content-type': 'application/x-www-form-urlencoded' }, data: new URLSearchParams({ 'client_id': options.client_id, 'refresh_token': refreshTokenWithoutType, 'grant_type': 'refresh_token' }).toString() }; }; export const keycloakResponseErrorHandler = (context, error) => { if (error.response.status === 401) { return keycloakUnauthorizedResponseErrorHandler(context, error); } else { return Promise.reject(error); } }; const keycloakUnauthorizedResponseErrorHandler = ({ $auth, $axios, redirect, route }, error) => { if ($auth.getRefreshToken($auth.strategy.name)) { // User has previously logged in, and we have a refresh token, e.g. // access token has expired return refreshAccessToken({ $auth, $axios, redirect, route }, error.config); } else { // User has not already logged in, or we have no refresh token: // redirect to OIDC login URL return redirect($auth.options.redirect.login, { redirect: route.path }); } };