UNPKG

@okta/okta-angular

Version:

Angular support for Okta

github.com/okta/okta-angular

okta/okta-angular

76 lines 10.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; import { Injectable, Inject } from '@angular/core'; import { BehaviorSubject } from 'rxjs'; import { mergeMap } from 'rxjs/operators'; import { OKTA_AUTH } from '../models/okta.config'; import * as i0 from "@angular/core"; import * as i1 from "@okta/okta-auth-js"; const defaultAuthState = { isAuthenticated: false }; export class OktaAuthStateService { constructor(oktaAuth) { this.oktaAuth = oktaAuth; this._authState = new BehaviorSubject(defaultAuthState); // only expose readonly property this.authState$ = this._authState.asObservable(); this.updateAuthState = this.updateAuthState.bind(this); // set initial authState const initialAuthState = this.oktaAuth.authStateManager.getAuthState() || defaultAuthState; this._authState.next(initialAuthState); // subscribe to future changes this.oktaAuth.authStateManager.subscribe(this.updateAuthState); } ngOnDestroy() { this.oktaAuth.authStateManager.unsubscribe(this.updateAuthState); } // Observes as true when any group input can match groups from user claims hasAnyGroups(groups) { return this.authState$.pipe(mergeMap(({ isAuthenticated, idToken }) => __awaiter(this, void 0, void 0, function* () { // return false when not authenticated or openid is not in scopes if (!isAuthenticated || !idToken) { return false; } // transform inputs to consistent object format if (typeof groups === 'string') { groups = { groups: [groups] }; } if (Array.isArray(groups)) { groups = { groups }; } const key = Object.keys(groups)[0]; const value = groups[key]; // groups or custom claims is available in idToken if (idToken.claims[key]) { return value.some((authority) => idToken.claims[key].includes(authority)); } // try /userinfo endpoint when thin idToken (no groups claim) is returned // https://developer.okta.com/docs/concepts/api-access-management/#tokens-and-scopes const userInfo = yield this.oktaAuth.getUser(); if (!userInfo[key]) { return false; } return value.some((authority) => userInfo[key].includes(authority)); }))); } updateAuthState(authState) { this._authState.next(authState); } } OktaAuthStateService.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "12.2.17", ngImport: i0, type: OktaAuthStateService, deps: [{ token: OKTA_AUTH }], target: i0.ɵɵFactoryTarget.Injectable }); OktaAuthStateService.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "12.2.17", ngImport: i0, type: OktaAuthStateService }); i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "12.2.17", ngImport: i0, type: OktaAuthStateService, decorators: [{ type: Injectable }], ctorParameters: function () { return [{ type: i1.OktaAuth, decorators: [{ type: Inject, args: [OKTA_AUTH] }] }]; } }); //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aC1zdGF0ZS5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL3NyYy9va3RhL3NlcnZpY2VzL2F1dGgtc3RhdGUuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7QUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFhLE1BQU0sRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUU5RCxPQUFPLEVBQUUsZUFBZSxFQUFjLE1BQU0sTUFBTSxDQUFDO0FBQ25ELE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUMxQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sdUJBQXVCLENBQUM7OztBQUVsRCxNQUFNLGdCQUFnQixHQUFHO0lBQ3ZCLGVBQWUsRUFBRSxLQUFLO0NBQ3ZCLENBQUM7QUFLRixNQUFNLE9BQU8sb0JBQW9CO0lBTS9CLFlBQXVDLFFBQWtCO1FBQWxCLGFBQVEsR0FBUixRQUFRLENBQVU7UUFMakQsZUFBVSxHQUErQixJQUFJLGVBQWUsQ0FBWSxnQkFBZ0IsQ0FBQyxDQUFDO1FBRWxHLGdDQUFnQztRQUNoQixlQUFVLEdBQTBCLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxFQUFFLENBQUM7UUFHakYsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUV2RCx3QkFBd0I7UUFDeEIsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLFlBQVksRUFBRSxJQUFJLGdCQUFnQixDQUFDO1FBQzNGLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFFdkMsOEJBQThCO1FBQzlCLElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNqRSxDQUFDO0lBRUQsV0FBVztRQUNULElBQUksQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUNuRSxDQUFDO0lBRUQsMkVBQTJFO0lBQzNFLFlBQVksQ0FBQyxNQUFjO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQ3pCLFFBQVEsQ0FBQyxDQUFPLEVBQUUsZUFBZSxFQUFFLE9BQU8sRUFBRSxFQUFFLEVBQUU7WUFDOUMsaUVBQWlFO1lBQ2pFLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxPQUFPLEVBQUU7Z0JBQ2hDLE9BQU8sS0FBSyxDQUFDO2FBQ2Q7WUFFRCwrQ0FBK0M7WUFDL0MsSUFBSSxPQUFPLE1BQU0sS0FBSyxRQUFRLEVBQUU7Z0JBQzlCLE1BQU0sR0FBRyxFQUFFLE1BQU0sRUFBRSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7YUFDL0I7WUFDRCxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUU7Z0JBQ3pCLE1BQU0sR0FBRyxFQUFFLE1BQU0sRUFBRSxDQUFDO2FBQ3JCO1lBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQXFCLENBQUM7WUFDdkQsTUFBTSxLQUFLLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBRTFCLGtEQUFrRDtZQUNsRCxJQUFJLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUU7Z0JBQ3ZCLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQWlCLEVBQUUsRUFBRSxDQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUF5QixDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDO2FBQzVHO1lBRUQseUVBQXlFO1lBQ3pFLG9GQUFvRjtZQUNwRixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDL0MsSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRTtnQkFDbEIsT0FBTyxLQUFLLENBQUM7YUFDZDtZQUNELE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQWlCLEVBQUUsRUFBRSxDQUFFLFFBQVEsQ0FBQyxHQUFHLENBQXlCLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDdkcsQ0FBQyxDQUFBLENBQUMsQ0FDSCxDQUFDO0lBQ0osQ0FBQztJQUVPLGVBQWUsQ0FBQyxTQUFvQjtRQUMxQyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNsQyxDQUFDOztrSEEzRFUsb0JBQW9CLGtCQU1YLFNBQVM7c0hBTmxCLG9CQUFvQjs0RkFBcEIsb0JBQW9CO2tCQURoQyxVQUFVOzswQkFPSSxNQUFNOzJCQUFDLFNBQVMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3RhYmxlLCBPbkRlc3Ryb3ksIEluamVjdCB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQXV0aFN0YXRlLCBPa3RhQXV0aCwgVXNlckNsYWltcyB9IGZyb20gJ0Bva3RhL29rdGEtYXV0aC1qcyc7XG5pbXBvcnQgeyBCZWhhdmlvclN1YmplY3QsIE9ic2VydmFibGUgfSBmcm9tICdyeGpzJztcbmltcG9ydCB7IG1lcmdlTWFwIH0gZnJvbSAncnhqcy9vcGVyYXRvcnMnO1xuaW1wb3J0IHsgT0tUQV9BVVRIIH0gZnJvbSAnLi4vbW9kZWxzL29rdGEuY29uZmlnJztcblxuY29uc3QgZGVmYXVsdEF1dGhTdGF0ZSA9IHtcbiAgaXNBdXRoZW50aWNhdGVkOiBmYWxzZVxufTtcblxuZXhwb3J0IHR5cGUgR3JvdXBzID0gc3RyaW5nIHwgc3RyaW5nW10gfCB7IFtrZXk6IHN0cmluZ106IHN0cmluZ1tdIH07XG5cbkBJbmplY3RhYmxlKClcbmV4cG9ydCBjbGFzcyBPa3RhQXV0aFN0YXRlU2VydmljZSBpbXBsZW1lbnRzIE9uRGVzdHJveSB7XG4gIHByaXZhdGUgX2F1dGhTdGF0ZTogQmVoYXZpb3JTdWJqZWN0PEF1dGhTdGF0ZT4gPSBuZXcgQmVoYXZpb3JTdWJqZWN0PEF1dGhTdGF0ZT4oZGVmYXVsdEF1dGhTdGF0ZSk7XG4gIFxuICAvLyBvbmx5IGV4cG9zZSByZWFkb25seSBwcm9wZXJ0eVxuICBwdWJsaWMgcmVhZG9ubHkgYXV0aFN0YXRlJDogT2JzZXJ2YWJsZTxBdXRoU3RhdGU+ID0gdGhpcy5fYXV0aFN0YXRlLmFzT2JzZXJ2YWJsZSgpO1xuXG4gIGNvbnN0cnVjdG9yKEBJbmplY3QoT0tUQV9BVVRIKSBwcml2YXRlIG9rdGFBdXRoOiBPa3RhQXV0aCkge1xuICAgIHRoaXMudXBkYXRlQXV0aFN0YXRlID0gdGhpcy51cGRhdGVBdXRoU3RhdGUuYmluZCh0aGlzKTtcblxuICAgIC8vIHNldCBpbml0aWFsIGF1dGhTdGF0ZVxuICAgIGNvbnN0IGluaXRpYWxBdXRoU3RhdGUgPSB0aGlzLm9rdGFBdXRoLmF1dGhTdGF0ZU1hbmFnZXIuZ2V0QXV0aFN0YXRlKCkgfHwgZGVmYXVsdEF1dGhTdGF0ZTtcbiAgICB0aGlzLl9hdXRoU3RhdGUubmV4dChpbml0aWFsQXV0aFN0YXRlKTtcblxuICAgIC8vIHN1YnNjcmliZSB0byBmdXR1cmUgY2hhbmdlc1xuICAgIHRoaXMub2t0YUF1dGguYXV0aFN0YXRlTWFuYWdlci5zdWJzY3JpYmUodGhpcy51cGRhdGVBdXRoU3RhdGUpO1xuICB9XG5cbiAgbmdPbkRlc3Ryb3koKTogdm9pZCB7XG4gICAgdGhpcy5va3RhQXV0aC5hdXRoU3RhdGVNYW5hZ2VyLnVuc3Vic2NyaWJlKHRoaXMudXBkYXRlQXV0aFN0YXRlKTtcbiAgfVxuXG4gIC8vIE9ic2VydmVzIGFzIHRydWUgd2hlbiBhbnkgZ3JvdXAgaW5wdXQgY2FuIG1hdGNoIGdyb3VwcyBmcm9tIHVzZXIgY2xhaW1zIFxuICBoYXNBbnlHcm91cHMoZ3JvdXBzOiBHcm91cHMpOiBPYnNlcnZhYmxlPGJvb2xlYW4+IHtcbiAgICByZXR1cm4gdGhpcy5hdXRoU3RhdGUkLnBpcGUoXG4gICAgICBtZXJnZU1hcChhc3luYyAoeyBpc0F1dGhlbnRpY2F0ZWQsIGlkVG9rZW4gfSkgPT4ge1xuICAgICAgICAvLyByZXR1cm4gZmFsc2Ugd2hlbiBub3QgYXV0aGVudGljYXRlZCBvciBvcGVuaWQgaXMgbm90IGluIHNjb3Blc1xuICAgICAgICBpZiAoIWlzQXV0aGVudGljYXRlZCB8fCAhaWRUb2tlbikge1xuICAgICAgICAgIHJldHVybiBmYWxzZTtcbiAgICAgICAgfVxuXG4gICAgICAgIC8vIHRyYW5zZm9ybSBpbnB1dHMgdG8gY29uc2lzdGVudCBvYmplY3QgZm9ybWF0XG4gICAgICAgIGlmICh0eXBlb2YgZ3JvdXBzID09PSAnc3RyaW5nJykge1xuICAgICAgICAgIGdyb3VwcyA9IHsgZ3JvdXBzOiBbZ3JvdXBzXSB9O1xuICAgICAgICB9XG4gICAgICAgIGlmIChBcnJheS5pc0FycmF5KGdyb3VwcykpIHtcbiAgICAgICAgICBncm91cHMgPSB7IGdyb3VwcyB9O1xuICAgICAgICB9XG5cbiAgICAgICAgY29uc3Qga2V5ID0gT2JqZWN0LmtleXMoZ3JvdXBzKVswXSBhcyBrZXlvZiBVc2VyQ2xhaW1zO1xuICAgICAgICBjb25zdCB2YWx1ZSA9IGdyb3Vwc1trZXldO1xuXG4gICAgICAgIC8vIGdyb3VwcyBvciBjdXN0b20gY2xhaW1zIGlzIGF2YWlsYWJsZSBpbiBpZFRva2VuXG4gICAgICAgIGlmIChpZFRva2VuLmNsYWltc1trZXldKSB7XG4gICAgICAgICAgcmV0dXJuIHZhbHVlLnNvbWUoKGF1dGhvcml0eTogc3RyaW5nKSA9PiAoaWRUb2tlbi5jbGFpbXNba2V5XSBhcyB1bmtub3duIGFzIHN0cmluZ1tdKS5pbmNsdWRlcyhhdXRob3JpdHkpKTtcbiAgICAgICAgfVxuXG4gICAgICAgIC8vIHRyeSAvdXNlcmluZm8gZW5kcG9pbnQgd2hlbiB0aGluIGlkVG9rZW4gKG5vIGdyb3VwcyBjbGFpbSkgaXMgcmV0dXJuZWRcbiAgICAgICAgLy8gaHR0cHM6Ly9kZXZlbG9wZXIub2t0YS5jb20vZG9jcy9jb25jZXB0cy9hcGktYWNjZXNzLW1hbmFnZW1lbnQvI3Rva2Vucy1hbmQtc2NvcGVzXG4gICAgICAgIGNvbnN0IHVzZXJJbmZvID0gYXdhaXQgdGhpcy5va3RhQXV0aC5nZXRVc2VyKCk7XG4gICAgICAgIGlmICghdXNlckluZm9ba2V5XSkge1xuICAgICAgICAgIHJldHVybiBmYWxzZTtcbiAgICAgICAgfVxuICAgICAgICByZXR1cm4gdmFsdWUuc29tZSgoYXV0aG9yaXR5OiBzdHJpbmcpID0+ICh1c2VySW5mb1trZXldIGFzIHVua25vd24gYXMgc3RyaW5nW10pLmluY2x1ZGVzKGF1dGhvcml0eSkpO1xuICAgICAgfSlcbiAgICApO1xuICB9XG5cbiAgcHJpdmF0ZSB1cGRhdGVBdXRoU3RhdGUoYXV0aFN0YXRlOiBBdXRoU3RhdGUpOiB2b2lkIHtcbiAgICB0aGlzLl9hdXRoU3RhdGUubmV4dChhdXRoU3RhdGUpO1xuICB9XG59XG4iXX0=