@sap/xssec
Version:
XS Advanced Container Security API for node.js
50 lines (41 loc) • 2.14 kB
JavaScript
const ConfigurationError = require("../error/configuration/ConfigurationError");
const SecurityContext = require("./SecurityContext");
/**
* @typedef {import('../service/IdentityService')} IdentityService
* @typedef {import('../token/IdentityServiceToken')} IdentityServiceToken
*/
/** @extends {SecurityContext<IdentityService, IdentityServiceToken>} */
class IdentityServiceSecurityContext extends SecurityContext {
/**
* Returns the service plans of the consumer application.
* This method is only available if the context was created from an app2service token and a service with proof token validation enabled.
* @returns {string[]}
*/
get servicePlans() {
if(!this.service.hasProofTokenEnabled()) {
throw new ConfigurationError("This property is only available on IdentityServiceSecurityContexts created on an IdentityService with proofToken validation enabled.");
}
return this.config.servicePlans;
}
/**
* Checks whether the token from which this context was created is a token fetched by the OAuth 2.0 client for internal use.
* This method requires the IdentityService instance to have x5t validation enabled.
* @returns true if the token was fetched via client credentials flow with the credentials of this context's IdentityService instance, false otherwise.
*/
isInternal() {
if(!this.service.hasX5tEnabled()) {
throw new ConfigurationError("This method is only available on IdentityServiceSecurityContexts created on an IdentityService instance with x5t validation enabled.");
}
return this.token.azp === this.service.credentials.clientid
&& this.token.subject === this.service.credentials.clientid
&& this.token.appTid === this.service.credentials.app_tid;
}
// Methods for backward-compatibility
getUserInfo() {
return {
...super.getUserInfo(),
logonName: this.token.payload.user_name || this.token.email || this.token.payload.user_uuid || "",
};
}
}
module.exports = IdentityServiceSecurityContext;