UNPKG

@solid/community-server

Version:

Community Solid Server: an open and modular implementation of the Solid specifications

github.com/CommunitySolidServer/CommunitySolidServer

CommunitySolidServer/CommunitySolidServer

141 lines (140 loc) 5.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import type { Configuration } from 'oidc-provider'; import Provider from 'oidc-provider'; import type { ErrorHandler } from '../../http/output/error/ErrorHandler'; import type { ResponseWriter } from '../../http/output/ResponseWriter'; import type { KeyValueStorage } from '../../storage/keyvalue/KeyValueStorage'; import type { ClientCredentialsStore } from '../interaction/client-credentials/util/ClientCredentialsStore'; import type { InteractionRoute } from '../interaction/routing/InteractionRoute'; import type { AdapterFactory } from '../storage/AdapterFactory'; import type { JwkGenerator } from './JwkGenerator'; import type { PromptFactory } from './PromptFactory'; import type { ProviderFactory } from './ProviderFactory'; export interface IdentityProviderFactoryArgs { /** * Used to generate new prompt that are needed in addition to the defaults prompts. */ promptFactory: PromptFactory; /** * Factory that creates the adapter used for OIDC data storage. */ adapterFactory: AdapterFactory; /** * Base URL of the server. */ baseUrl: string; /** * Path for all requests targeting the OIDC library. */ oidcPath: string; /** * The route where requests should be redirected to in case of an OIDC interaction. */ interactionRoute: InteractionRoute; /** * Store containing the generated client credentials with their associated WebID. */ clientCredentialsStore: ClientCredentialsStore; /** * Storage used to store cookie keys, so they can be re-used in case of multithreading. */ storage: KeyValueStorage<string, string[]>; /** * Generates the JWK used for signing and decryption. */ jwkGenerator: JwkGenerator; /** * Extra information will be added to the error output if this is true. */ showStackTrace: boolean; /** * Used to convert errors thrown by the OIDC library. */ errorHandler: ErrorHandler; /** * Used to write out errors thrown by the OIDC library. */ responseWriter: ResponseWriter; } /** * Creates an OIDC Provider based on the provided configuration and parameters. * The provider will be cached and returned on subsequent calls. * Cookie and JWT keys will be stored in an internal storage, so they can be re-used over multiple threads. * Necessary claims for Solid OIDC interactions will be added. * Routes will be updated based on the `baseUrl` and `oidcPath`. */ export declare class IdentityProviderFactory implements ProviderFactory { protected readonly logger: import("global-logger-factory").Logger<unknown>; private readonly promptFactory; private readonly config; private readonly adapterFactory; private readonly baseUrl; private readonly oidcPath; private readonly interactionRoute; private readonly clientCredentialsStore; private readonly storage; private readonly jwkGenerator; private readonly showStackTrace; private readonly errorHandler; private readonly responseWriter; private provider?; /** * @param config - JSON config for the OIDC library @range {json} * @param args - Remaining parameters required for the factory. */ constructor(config: Configuration, args: IdentityProviderFactoryArgs); getProvider(): Promise<Provider>; /** * Creates a Provider by building a Configuration using all the stored parameters. */ private createProvider; /** * In the `configureErrors` function below, we configure the `renderError` function of the provider configuration. * This function is called by the OIDC provider library to render errors, * but only does this if the accept header is HTML. * Otherwise, it just returns the error object itself as a JSON object. * See https://github.com/panva/node-oidc-provider/blob/0fcc112e0a95b3b2dae4eba6da812253277567c9/lib/shared/error_handler.js#L48-L52. * * In this function we override the `ctx.accepts` function * to make the above code think HTML is always requested there. * This way we have full control over error representation as configured in `configureErrors`. * We still check the accept headers ourselves so there still is content negotiation on the output, * the client will not simply always receive HTML. * * Should this part of the OIDC library code ever change, our function will break, * at which point behaviour will simply revert to what it was before. */ private captureErrorResponses; /** * Creates a configuration by copying the internal configuration * and adding the adapter, default audience and jwks/cookie keys. */ private initConfig; /** * Generates a cookie secret to be used for cookie signing. * The key will be cached so subsequent calls return the same key. */ private generateCookieKeys; /** * Checks whether the given token is an access token. * The AccessToken interface is not exported, so we have to access it like this. */ private isAccessToken; /** * Adds the necessary claims to the id and access tokens based on the Solid OIDC spec. */ private configureClaims; /** * Creates the route string as required by the `oidc-provider` library. * In case base URL is `http://test.com/foo/`, `oidcPath` is `/idp` and `relative` is `device/auth`, * this would result in `/foo/idp/device/auth`. */ private createRoute; /** * Sets up all the IDP routes relative to the IDP path. */ private configureRoutes; /** * Pipes library errors to the provided ErrorHandler and ResponseWriter. */ private configureErrors; }