@mindconnect/mindconnect-nodejs

/// <reference types="node" /> import "url-search-params-polyfill"; import { AccessToken, IConfigurationStorage, IMindConnectConfiguration, OnboardingStatus } from ".."; import { MindConnectBase, TokenRotation } from "./mindconnect-base"; export declare abstract class AgentAuth extends MindConnectBase implements TokenRotation { protected _tokenValidity: number; /** * The assertion response contains the /exchange token plus additional information. If this is not set, the client will try to * acquire a new token. * @private * @type {AccessToken} * @memberof AgentAuth */ protected _accessToken?: AccessToken; /** * The /exchange tokens from the mindsphere use RSA256 algorithm also for SHARED_SECRET for token signing. This is where the public * key of mindsphere is cached during the lifetime of the agent. * * @private * @type {TokenKey} * @memberof AgentAuth */ private _oauthPublicKey?; /** * lock object for client secret renewal. (this is the most sensitive part in the tocken rotation, which needs to be done in critical section) * * @private * @type {AsyncLock} * @memberOf AgentAuth */ private secretLock; /** * Asynchronous method which saves the agent state in the .mc (or reconfigured) folder. * * @private * @returns {Promise<object>} * @memberof AgentAuth */ protected SaveConfig(): Promise<object>; /** * Onboard the agent and return the onboarding state. * * @returns {Promise<OnBoardingState>} * @memberof MindConnectAgent */ OnBoard(): Promise<OnboardingStatus.StatusEnum>; private PushKey; private TryRecovery; /** * This method rotates the client secret (reregisters the agent). It is called by RenewToken when the secret is expiring. * * @private * @returns {Promise<boolean>} * @memberof AgentAuth */ private RotateKey; /** * Create Initial self-signed JWT Token which is needed to acquire the actual /exchange token. * * @private * @param {number} [expiration=3600] * @returns {URLSearchParams} * @memberof AgentAuth */ private CreateClientAssertion; /** * Acquires the /exchange token and stores it in _assertionResponse. * * @private * @returns {Promise<boolean>} * @memberof AgentAuth */ private AquireToken; private isSecretExpired; private GetCertificate; /** * Validates /exchange token on the client. If the certificate is not available retrieves certificate from /oauth/token_key endpoint * acnd caches it in _oauthPublicKey property for the lifetime of the agent. * * @private * @returns {Promise<boolean>} * @memberof AgentAuth */ private ValidateToken; /** * The /exchange token handling. Handles validation, secret renewal and token renewal. Should be called * at the beginning of each operation which handles /exchange endpoint. * @private * @returns {Promise<boolean>} * @memberof AgentAuth */ RenewToken(): Promise<boolean>; /** * Returns the current agent token. * This token can be used in e.g. in Postman to call mindspher APIs. * * @returns {(Promise<string>)} * * @memberOf AgentAuth */ GetAgentToken(): Promise<string>; private _profile; /** * returns the security profile of the agent * * @returns "SHARED_SECRET" || "RSA_3072" * * @memberOf AgentAuth */ GetProfile(): string; private _privateCert?; private _publicJwk?; /** * Set up the certificate for RSA_3072 communication. * You can generate a certificate e.g. using openssl * openssl genrsa -out private.key 3072 * * @param {(string | Buffer)} privateCert * * @memberOf AgentAuth */ SetupAgentCertificate(privateCert: string | Buffer): void; protected _storage?: IConfigurationStorage; protected _configuration: IMindConnectConfiguration; /** * Creates an instance of AgentAuth. * @param {IMindConnectConfiguration} _configuration * @param {number} [_tokenValidity=600] // this was required in previous versions of the implmentation , kept for compatibility. * @param {string} [_basePath=process.cwd() + "/.mc/"] * @memberof AgentAuth */ constructor(configuration: IMindConnectConfiguration, _tokenValidity?: number, basePath?: string | IConfigurationStorage); }