UNPKG

@jsforce/jsforce-node

Version:

Salesforce API Library for JavaScript

github.com/jsforce/jsforce

jsforce/jsforce

245 lines (244 loc) 8.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.OAuth2 = void 0; /** * */ const crypto_1 = require("crypto"); const querystring_1 = __importDefault(require("querystring")); const transport_1 = __importStar(require("./transport")); const defaultOAuth2Config = { loginUrl: 'https://login.salesforce.com', }; // Makes a nodejs base64 encoded string compatible with rfc4648 alternative encoding for urls. // @param base64Encoded a nodejs base64 encoded string function base64UrlEscape(base64Encoded) { // builtin node js base 64 encoding is not 64 url compatible. // See https://toolsn.ietf.org/html/rfc4648#section-5 return base64Encoded .replace(/\+/g, '-') .replace(/\//g, '_') .replace(/=/g, ''); } /** * OAuth2 class */ class OAuth2 { loginUrl; authzServiceUrl; tokenServiceUrl; revokeServiceUrl; clientId; clientSecret; redirectUri; codeVerifier; _transport; /** * */ constructor(config) { const { loginUrl, authzServiceUrl, tokenServiceUrl, revokeServiceUrl, clientId, clientSecret, redirectUri, proxyUrl, httpProxy, useVerifier, } = config; if (authzServiceUrl && tokenServiceUrl) { this.loginUrl = authzServiceUrl.split('/').slice(0, 3).join('/'); this.authzServiceUrl = authzServiceUrl; this.tokenServiceUrl = tokenServiceUrl; this.revokeServiceUrl = revokeServiceUrl || `${this.loginUrl}/services/oauth2/revoke`; } else { this.loginUrl = loginUrl ?? defaultOAuth2Config.loginUrl; const maybeSlash = this.loginUrl.endsWith('/') ? '' : '/'; this.authzServiceUrl = `${this.loginUrl}${maybeSlash}services/oauth2/authorize`; this.tokenServiceUrl = `${this.loginUrl}${maybeSlash}services/oauth2/token`; this.revokeServiceUrl = `${this.loginUrl}${maybeSlash}services/oauth2/revoke`; } this.clientId = clientId; this.clientSecret = clientSecret; this.redirectUri = redirectUri; if (proxyUrl) { this._transport = new transport_1.XdProxyTransport(proxyUrl); } else if (httpProxy) { this._transport = new transport_1.HttpProxyTransport(httpProxy); } else { this._transport = new transport_1.default(); } if (useVerifier) { // Set a code verifier string for OAuth authorization this.codeVerifier = base64UrlEscape((0, crypto_1.randomBytes)(Math.ceil(128)).toString('base64')); } } /** * Get Salesforce OAuth2 authorization page URL to redirect user agent. */ getAuthorizationUrl(params = {}) { if (this.codeVerifier) { // code verifier must be a base 64 url encoded hash of 128 bytes of random data. Our random data is also // base 64 url encoded. See Connection.create(); params.code_challenge = base64UrlEscape((0, crypto_1.createHash)('sha256').update(this.codeVerifier).digest('base64')); } const _params = { ...params, response_type: 'code', client_id: this.clientId, redirect_uri: this.redirectUri, }; return (this.authzServiceUrl + (this.authzServiceUrl.includes('?') ? '&' : '?') + querystring_1.default.stringify(_params)); } /** * OAuth2 Refresh Token Flow */ async refreshToken(refreshToken) { if (!this.clientId) { throw new Error('No OAuth2 client id information is specified'); } const params = { grant_type: 'refresh_token', refresh_token: refreshToken, client_id: this.clientId, }; if (this.clientSecret) { params.client_secret = this.clientSecret; } const ret = await this._postParams(params); return ret; } /** * Send access token request to the token endpoint. * When a code (string) is passed in first argument, it will use Web Server Authentication Flow (Authorization Code Grant). * Otherwise, it will use the specified `grant_type` and pass parameters to the endpoint. */ async requestToken(codeOrParams, params = {}) { if (typeof codeOrParams === 'string' && (!this.clientId || !this.redirectUri)) { throw new Error('No OAuth2 client id or redirect uri configuration is specified'); } const _params = { ...params, ...(typeof codeOrParams === 'string' ? { grant_type: 'authorization_code', code: codeOrParams } : codeOrParams), }; if (this.clientId) { _params.client_id = this.clientId; } if (this.clientSecret) { _params.client_secret = this.clientSecret; } if (this.redirectUri) { _params.redirect_uri = this.redirectUri; } const ret = await this._postParams(_params); return ret; } /** * OAuth2 Username-Password Flow (Resource Owner Password Credentials) */ async authenticate(username, password) { if (!this.clientId || !this.clientSecret) { throw new Error('No valid OAuth2 client configuration set'); } const ret = await this._postParams({ grant_type: 'password', username, password, client_id: this.clientId, client_secret: this.clientSecret, }); return ret; } /** * OAuth2 Revoke Session Token */ async revokeToken(token) { const response = await this._transport.httpRequest({ method: 'POST', url: this.revokeServiceUrl, body: querystring_1.default.stringify({ token }), headers: { 'content-type': 'application/x-www-form-urlencoded', }, }); if (response.statusCode >= 400) { let res = querystring_1.default.parse(response.body); if (!res || !res.error) { res = { error: `ERROR_HTTP_${response.statusCode}`, error_description: response.body, }; } throw new (class extends Error { constructor({ error, error_description, }) { super(error_description); this.name = error; } })(res); } } /** * @private */ async _postParams(params) { if (this.codeVerifier) params.code_verifier = this.codeVerifier; const response = await this._transport.httpRequest({ method: 'POST', url: this.tokenServiceUrl, body: querystring_1.default.stringify(params), headers: { 'content-type': 'application/x-www-form-urlencoded', }, }); let res; try { res = JSON.parse(response.body); } catch (e) { /* eslint-disable no-empty */ } if (response.statusCode >= 400) { res = res || { error: `ERROR_HTTP_${response.statusCode}`, error_description: response.body, }; throw new (class extends Error { constructor({ error, error_description, }) { super(error_description); this.name = error; } })(res); } return res; } } exports.OAuth2 = OAuth2; exports.default = OAuth2;