UNPKG

@mvx/identity

Version:

identity is oidc for mvc, type-mvc is base on koa. Decorator, Ioc, AOP mvc framework on server.

github.com/zhouhoujun/type-mvc

zhouhoujun/type-mvc

183 lines (182 loc) 7.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
import { AfterInit } from '@tsdi/components'; import { OAuth2 } from './oauth2'; import { Strategy } from './Strategy'; import { IStrategyOption } from './IAuthenticator'; import { StateStore } from '../stores'; import { Context } from 'koa'; import { FailResult, SuccessResult, RedirectResult } from './results'; export declare type VerifyFunction = (accessToken: string, refreshToken: string, params: any, profile: object) => Promise<{ user: any; info: any; }>; /** * oauth2 option. * * @export * @interface OAuth2Option * @extends {IStrategyOption} */ export interface OAuth2Option extends IStrategyOption { authorizationURL: string; tokenURL: string; verify: VerifyFunction; skipUserProfile: boolean; scopeSeparator: string; callbackURL?: string; scope?: string | string[]; sessionKey?: string; clientSecret: string; customHeaders?: any; stateStore?: object | boolean; /** * Retrieve user profile from service provider. * * OAuth 2.0-based authentication strategies can overrride this function in * order to load the user's profile from the service provider. This assists * applications (and users of those applications) in the initial registration * process by automatically submitting required information. */ userProfile?: (accessToken: string) => Promise<any>; /** * Return extra parameters to be included in the token request. * * Some OAuth 2.0 providers allow additional, non-standard parameters to be * included when requesting an access token. Since these parameters are not * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication * strategies can overrride this function in order to populate these parameters * as required by the provider. * */ tokenParams: (options: any) => any; /** * Return extra parameters to be included in the authorization request. * * Some OAuth 2.0 providers allow additional, non-standard parameters to be * included when requesting authorization. Since these parameters are not * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication * strategies can overrride this function in order to populate these parameters * as required by the provider. * */ authorizationParams(options: any): any; } /** * Creates an instance of `OAuth2Strategy`. * * The OAuth 2.0 authentication strategy authenticates requests using the OAuth * 2.0 framework. * * OAuth 2.0 provides a facility for delegated authentication, whereby users can * authenticate using a third-party service such as Facebook. Delegating in * this manner involves a sequence of events, including redirecting the user to * the third-party service for authorization. Once authorization has been * granted, the user is redirected back to the application and an authorization * code can be used to obtain credentials. * * Applications must supply a `verify` callback, for which the function * signature is: * * function(accessToken, refreshToken, profile, done) { ... } * * The verify callback is responsible for finding or creating the user, and * invoking `done` with the following arguments: * * done(err, user, info); * * `user` should be set to `false` to indicate an authentication failure. * Additional `info` can optionally be passed as a third argument, typically * used to display informational messages. If an exception occured, `err` * should be set. * * Params: * * - `authorizationURL` URL used to obtain an authorization grant * - `tokenURL` URL used to obtain an access token * - `clientId` identifies client to service provider * - `clientSecret` secret used to establish ownership of the client identifer * - `callbackURL` URL to which the service provider will redirect the user after obtaining authorization * - `passReqToCallback` when `true`, `req` is the first argument to the verify callback (default: `false`) * * Examples: * * passport.use(new OAuth2Strategy({ * authorizationURL: 'https://www.example.com/oauth2/authorize', * tokenURL: 'https://www.example.com/oauth2/token', * clientId: '123-456-789', * clientSecret: 'shhh-its-a-secret' * callbackURL: 'https://www.example.net/auth/example/callback' * }, * function(accessToken, refreshToken, profile, done) { * User.findOrCreate(..., function (err, user) { * done(err, user); * }); * } * )); * */ export declare class OAuth2Strategy extends Strategy implements AfterInit { protected oauth2: OAuth2; protected stateStore: StateStore; protected clientId: string; protected authorizationURL: string; protected tokenURL: string; protected verify: VerifyFunction; protected skipUserProfile: boolean; protected scopeSeparator: string; protected callbackURL?: string; protected scope?: string | string[]; protected sessionKey?: string; clientSecret: string; customHeaders?: any; /** * Retrieve user profile from service provider. * * OAuth 2.0-based authentication strategies can overrride this function in * order to load the user's profile from the service provider. This assists * applications (and users of those applications) in the initial registration * process by automatically submitting required information. */ protected userProfile: (accessToken: string) => Promise<any>; /** * Return extra parameters to be included in the token request. * * Some OAuth 2.0 providers allow additional, non-standard parameters to be * included when requesting an access token. Since these parameters are not * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication * strategies can overrride this function in order to populate these parameters * as required by the provider. * */ protected tokenParams: (options: any) => any; /** * Return extra parameters to be included in the authorization request. * * Some OAuth 2.0 providers allow additional, non-standard parameters to be * included when requesting authorization. Since these parameters are not * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication * strategies can overrride this function in order to populate these parameters * as required by the provider. * */ protected authorizationParams: (options: any) => any; onAfterInit(): Promise<void>; authenticate(ctx: Context, options?: any): Promise<FailResult | RedirectResult | SuccessResult>; /** * Parse error response from OAuth 2.0 endpoint. * * OAuth 2.0-based authentication strategies can overrride this function in * order to parse error responses received from the token endpoint, allowing the * most informative message to be displayed. * * If this function is not overridden, the body will be parsed in accordance * with RFC 6749, section 5.2. * */ private parseOAuthError; /** * Load user profile, contingent upon options. * */ private loadUserProfile; static ρAnn(): any; }