@sddxzxqy/core-js-sdk/dist/lib/common/OidcAuthenticationClient.js

Official SDK of OCP Auth

import{__awaiter as e,__generator as t}from"tslib";import{generateRandomString as n}from"./secure/SecureUtils.js";import o from"qs";import r from"crypto-js/sha256";import i from"crypto-js";import{importJWK as c,compactVerify as s}from"jose";var a,u=function(){function a(e,t){var n,o;if(!t.oidcConfig)throw new Error("缺少oidcConfig参数");if(t.oidcConfig.scopes=null!==(n=t.oidcConfig.scopes)&&void 0!==n?n:"openid profile email phone address",!(null===(o=t.oidcConfig.scopes)||void 0===o?void 0:o.includes("openid")))throw new Error("scope 中必须包含 openid");this.options=t,this.httpClient=e}return a.prototype.loginWithRedirect=function(){return e(this,void 0,void 0,(function(){return t(this,(function(e){return[2]}))}))},a.prototype.buildAuthorizeUrl=function(c){var s,a,u,l;return e(this,void 0,void 0,(function(){var e,d,p,h,f,v,g;return t(this,(function(t){switch(t.label){case 0:return e=n(16),d=n(16),p=null!==(s=c.scope)&&void 0!==s?s:this.options.oidcConfig.scopes,h=null!==(a=c.codeChallengeMethod)&&void 0!==a?a:"S256",f=n(43),[4,this.httpClient.localStorage.save("codeChallenge",f)];case 1:if(t.sent(),"S256"===h)v=r(f).toString(i.enc.Base64).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"");else{if("plain"!==h)throw new Error("不支持的 codeChallengeMethod，可选值为 S256、plain");v=f}return g={code_challenge:v,code_challenge_method:h,redirect_uri:null!==(u=c.redirectUri)&&void 0!==u?u:this.options.oidcConfig.redirectUri,response_mode:null!==(l=c.responseMode)&&void 0!==l?l:"query",response_type:"code",client_id:this.options.appId,scope:p,state:e,nonce:d},c.forced?g.prompt="login":p.split(" ").includes("offline_access")&&(g.prompt="consent"),[2,{url:"".concat(this.options.host,"/ocp/api/oauth/authorize?").concat(o.stringify(g)),state:e,nonce:d}]}}))}))},a.prototype.parseUrlQuery=function(){var e={},t="";try{t=window.location.search.split("?")[1]}catch(e){t=window.location.hash.split("#")[1]}return t?(t.split("&").forEach((function(t){var n=t.split("="),o=n[0],r=n[1];e[o]=r})),e):e},a.prototype.getCodeAndCodeChallenge=function(){var e=this.parseUrlQuery().code;return{code:void 0===e?"":e,codeChallenge:localStorage.getItem("codeChallenge")||""}},a.prototype.handleRedirectCallback=function(){return e(this,void 0,void 0,(function(){var e,n,o,r,i,c,s;return t(this,(function(t){switch(t.label){case 0:return e=this.getCodeAndCodeChallenge(),n=e.code,o=e.codeChallenge,[4,this.getAccessTokenByCode(n,o)];case 1:return r=t.sent(),i=r.success,c=r.access_token,s=r.id_token,i?[4,this.httpClient.localStorage.save("accessToken",c)]:[3,4];case 2:return t.sent(),[4,this.httpClient.localStorage.save("idToken",s)];case 3:return t.sent(),[2,r];case 4:return[2,{}]}}))}))},a.prototype.fetchJWKS=function(){return e(this,void 0,void 0,(function(){var e;return t(this,(function(t){switch(t.label){case 0:return[4,this.httpClient.fetchGet("/ocp/api/oauth/jwks",{})];case 1:return e=t.sent(),[2,Promise.all(e.keys.map((function(e){return c(e).then((function(t){return{id:e.kid,key:t}}))})))]}}))}))},a.prototype.getUserInfoFromIdToken=function(){return e(this,void 0,void 0,(function(){var e,n,o;return t(this,(function(t){switch(t.label){case 0:return[4,this.httpClient.localStorage.get("idToken")];case 1:return(e=t.sent())?[4,this.fetchJWKS()]:[2,{}];case 2:return n=t.sent(),[4,s(e,(function(e,t){var o;return(null!==(o=n.find((function(t){return e.kid===t.id})))&&void 0!==o?o:n[0]).key}))];case 3:return o=t.sent().payload,[2,JSON.parse((new TextDecoder).decode(o))]}}))}))},a.prototype.parseAccessToken=function(n){return e(this,void 0,void 0,(function(){var e,o,r;return t(this,(function(t){switch(t.label){case 0:return null==n?[3,1]:(e=n,[3,3]);case 1:return[4,this.httpClient.localStorage.get("accessToken")];case 2:e=t.sent(),t.label=3;case 3:return n=e,[4,this.fetchJWKS()];case 4:return o=t.sent(),[4,s(n,(function(e,t){var n;return(null!==(n=o.find((function(t){return e.kid===t.id})))&&void 0!==n?n:o[0]).key}))];case 5:return r=t.sent().payload,[2,JSON.parse((new TextDecoder).decode(r))]}}))}))},a.prototype.getAccessTokenByCode=function(n,o){return e(this,void 0,void 0,(function(){var e,r,i,c,a,u;return t(this,(function(t){switch(t.label){case 0:return[4,this.httpClient.fetchPostForm("/ocp/api/oauth/token",{client_id:this.options.appId,grant_type:"authorization_code",code:n,redirect_uri:this.options.oidcConfig.redirectUri,code_verifier:o})];case 1:return e=t.sent(),r=e.access_token,i=e.id_token,r&&i?[4,this.fetchJWKS()]:[3,5];case 2:return c=t.sent(),[4,s(r,(function(e,t){var n;return(null!==(n=c.find((function(t){return e.kid===t.id})))&&void 0!==n?n:c[0]).key}))];case 3:return a=t.sent().payload,[4,s(i,(function(e,t){var n;return(null!==(n=c.find((function(t){return e.kid===t.id})))&&void 0!==n?n:c[0]).key}))];case 4:return u=t.sent().payload,a&&u?[2,Object.assign(e,{success:!0})]:(console.error("jwt 验证失败"),[2,{success:!1}]);case 5:return[2,{success:!1}];case 6:return[2]}}))}))},a}();!function(e){e.FRONT_CHANNEL="FRONT_CHANNEL",e.BACK_CHANNEL="BACK_CHANNEL"}(a||(a={}));export{a as OIDCConnectionMode,u as OidcAuthenticationClient};