UNPKG

angular-oauth2-oidc-codeflow-pkce

Version:

[![Build Status](https://travis-ci.org/bechhansen/angular-oauth2-oidc.svg?branch=master)](https://travis-ci.org/bechhansen/angular-oauth2-oidc)

github.com/bipiane/angular-oauth2-oidc

bipiane/angular-oauth2-oidc

275 lines (274 loc) 9.93 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
import { NgZone } from '@angular/core'; import { HttpClient, HttpHeaders } from '@angular/common/http'; import { Observable } from 'rxjs'; import { ValidationHandler } from './token-validation/validation-handler'; import { UrlHelperService } from './url-helper.service'; import { OAuthEvent } from './events'; import { OAuthStorage, LoginOptions, ParsedIdToken } from './types'; import { AuthConfig } from './auth.config'; /** * Service for logging in and logging out with * OIDC and OAuth2. Supports implicit flow and * password flow. */ export declare class OAuthService extends AuthConfig { private ngZone; private http; private config; private urlHelper; /** * The ValidationHandler used to validate received * id_tokens. */ tokenValidationHandler: ValidationHandler; /** * @internal * Deprecated: use property events instead */ discoveryDocumentLoaded: boolean; /** * @internal * Deprecated: use property events instead */ discoveryDocumentLoaded$: Observable<object>; /** * Informs about events, like token_received or token_expires. * See the string enum EventType for a full list of events. */ events: Observable<OAuthEvent>; /** * The received (passed around) state, when logging * in with implicit flow. */ state?: string; private eventsSubject; private discoveryDocumentLoadedSubject; private silentRefreshPostMessageEventListener; private grantTypesSupported; private _storage; private accessTokenTimeoutSubscription; private idTokenTimeoutSubscription; private sessionCheckEventListener; private jwksUri; private sessionCheckTimer; private silentRefreshSubject; private inImplicitFlow; constructor(ngZone: NgZone, http: HttpClient, storage: OAuthStorage, tokenValidationHandler: ValidationHandler, config: AuthConfig, urlHelper: UrlHelperService); /** * Use this method to configure the service * @param config the configuration */ configure(config: AuthConfig): void; private configChanged(); restartSessionChecksIfStillLoggedIn(): void; private restartRefreshTimerIfStillLoggedIn(); private setupSessionCheck(); /** * * @param params Additional parameter to pass */ setupAutomaticSilentRefresh(params?: object): void; loadDiscoveryDocumentAndTryLogin(options?: LoginOptions): Promise<void>; loadDiscoveryDocumentAndLogin(options?: LoginOptions): Promise<boolean>; private debug(...args); private validateUrlFromDiscoveryDocument(url); private validateUrlForHttps(url); private validateUrlAgainstIssuer(url); private setupRefreshTimer(); private setupExpirationTimers(); private setupAccessTokenTimer(); private setupIdTokenTimer(); private clearAccessTokenTimer(); private clearIdTokenTimer(); private calcTimeout(storedAt, expiration); /** * Sets a custom storage used to store the received * tokens on client side. By default, the browser's * sessionStorage is used. * * @param storage */ setStorage(storage: OAuthStorage): void; /** * Loads the discovery document to configure most * properties of this service. The url of the discovery * document is infered from the issuer's url according * to the OpenId Connect spec. To use another url you * can pass it to to optional parameter fullUrl. * * @param fullUrl */ loadDiscoveryDocument(fullUrl?: string): Promise<object>; private loadJwks(); private validateDiscoveryDocument(doc); /** * Uses password flow to exchange userName and password for an * access_token. After receiving the access_token, this method * uses it to query the userinfo endpoint in order to get information * about the user in question. * * When using this, make sure that the property oidc is set to false. * Otherwise stricter validations take happen that makes this operation * fail. * * @param userName * @param password * @param headers Optional additional http-headers. */ fetchTokenUsingPasswordFlowAndLoadUserProfile(userName: string, password: string, headers?: HttpHeaders): Promise<object>; /** * Loads the user profile by accessing the user info endpoint defined by OpenId Connect. * * When using this with OAuth2 password flow, make sure that the property oidc is set to false. * Otherwise stricter validations take happen that makes this operation * fail. */ loadUserProfile(): Promise<object>; /** * Uses password flow to exchange userName and password for an access_token. * @param userName * @param password * @param headers Optional additional http-headers. */ fetchTokenUsingPasswordFlow(userName: string, password: string, headers?: HttpHeaders): Promise<object>; /** * Refreshes the token using a refresh_token. * This does not work for implicit flow, b/c * there is no refresh_token in this flow. * A solution for this is provided by the * method silentRefresh. */ refreshToken(): Promise<object>; /** * Get token using an intermediate code. Works for the Authorization Code flow. */ private getTokenFromCode(code); private fetchToken(params); private removeSilentRefreshEventListener(); private setupSilentRefreshEventListener(); /** * Performs a silent refresh for implicit flow. * Use this method to get a new tokens when/ before * the existing tokens expires. */ silentRefresh(params?: object, noPrompt?: boolean): Promise<OAuthEvent>; private canPerformSessionCheck(); private setupSessionCheckEventListener(); private handleSessionUnchanged(); private handleSessionChange(); private waitForSilentRefreshAfterSessionChange(); private handleSessionError(); private removeSessionCheckEventListener(); private initSessionCheck(); private startSessionCheckTimer(); private stopSessionCheckTimer(); private checkSession(); private createLoginUrl(state?, loginHint?, customRedirectUri?, noPrompt?, params?); initImplicitFlowInternal(additionalState?: string, params?: string | object): void; /** * Starts the implicit flow and redirects to user to * the auth servers login url. * * @param additionalState Optinal state that is passes around. * You find this state in the property ``state`` after ``tryLogin`` logged in the user. * @param params Hash with additional parameter. If it is a string, it is used for the * parameter loginHint (for the sake of compatibility with former versions) */ initImplicitFlow(additionalState?: string, params?: string | object): void; /** * Starts the authorization code flow and redirects to user to * the auth servers login url. */ initAuthorizationCodeFlow(): void; private initAuthorizationCodeFlowInternal(); private getResponseType(implicit); private callOnTokenReceivedIfExists(options); private storeAccessTokenResponse(accessToken, refreshToken, expiresIn, grantedScopes); /** * Checks whether there are tokens in the hash fragment * as a result of the implicit flow. These tokens are * parsed, validated and used to sign the user in to the * current client. * * @param options Optinal options. */ tryLogin(options?: LoginOptions): Promise<void>; private tryLoginAuthorizationCode(); /** * Checks whether there are tokens in the hash fragment * as a result of the implicit flow. These tokens are * parsed, validated and used to sign the user in to the * current client. * * @param options Optinal options. */ private tryLoginImplicit(options?); private validateNonceForAccessToken(accessToken, nonceInState); protected storeIdToken(idToken: ParsedIdToken): void; protected storeSessionState(sessionState: string): void; protected getSessionState(): string; private handleLoginError(options, parts); /** * @ignore */ processIdToken(idToken: string, accessToken: string): Promise<ParsedIdToken>; /** * Returns the received claims about the user. */ getIdentityClaims(): object; /** * Returns the granted scopes from the server. */ getGrantedScopes(): object; /** * Returns the current id_token. */ getIdToken(): string; private padBase64(base64data); /** * Returns the current access_token. */ getAccessToken(): string; getRefreshToken(): string; /** * Returns the expiration date of the access_token * as milliseconds since 1970. */ getAccessTokenExpiration(): number; private getAccessTokenStoredAt(); private getIdTokenStoredAt(); /** * Returns the expiration date of the id_token * as milliseconds since 1970. */ getIdTokenExpiration(): number; /** * Checkes, whether there is a valid access_token. */ hasValidAccessToken(): boolean; /** * Checkes, whether there is a valid id_token. */ hasValidIdToken(): boolean; /** * Returns the auth-header that can be used * to transmit the access_token to a service */ authorizationHeader(): string; getAuthorizationHeader(): Promise<string>; /** * Removes all tokens and logs the user out. * If a logout url is configured, the user is * redirected to it. * @param noRedirectToLogoutUrl */ logOut(noRedirectToLogoutUrl?: boolean): void; private clearStorage(); /** * @ignore */ createAndSaveNonce(): string; protected createNonce(): string; private checkAtHash(params); private checkSignature(params); }