UNPKG

angular-oauth2-oidc

Version:

Support for OAuth 2 and OpenId Connect (OIDC) in Angular. Already prepared for the upcoming OAuth 2.1.

github.com/manfredsteyer/angular-oauth2-oidc

manfredsteyer/angular-oauth2-oidc

43 lines 6.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import { base64UrlEncode } from '../base64-helper'; /** * Interface for Handlers that are hooked in to * validate tokens. */ export class ValidationHandler { } /** * This abstract implementation of ValidationHandler already implements * the method validateAtHash. However, to make use of it, * you have to override the method calcHash. */ export class AbstractValidationHandler { /** * Validates the at_hash in an id_token against the received access_token. */ async validateAtHash(params) { const hashAlg = this.inferHashAlgorithm(params.idTokenHeader); const tokenHash = await this.calcHash(params.accessToken, hashAlg); // sha256(accessToken, { asString: true }); const leftMostHalf = tokenHash.substr(0, tokenHash.length / 2); const atHash = base64UrlEncode(leftMostHalf); const claimsAtHash = params.idTokenClaims['at_hash'].replace(/=/g, ''); if (atHash !== claimsAtHash) { console.error('exptected at_hash: ' + atHash); console.error('actual at_hash: ' + claimsAtHash); } return atHash === claimsAtHash; } /** * Infers the name of the hash algorithm to use * from the alg field of an id_token. * * @param jwtHeader the id_token's parsed header */ inferHashAlgorithm(jwtHeader) { const alg = jwtHeader['alg']; if (!alg.match(/^.S[0-9]{3}$/)) { throw new Error('Algorithm not supported: ' + alg); } return 'sha-' + alg.substr(2); } } //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGlvbi1oYW5kbGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vcHJvamVjdHMvbGliL3NyYy90b2tlbi12YWxpZGF0aW9uL3ZhbGlkYXRpb24taGFuZGxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFXbkQ7OztHQUdHO0FBQ0gsTUFBTSxPQUFnQixpQkFBaUI7Q0FjdEM7QUFFRDs7OztHQUlHO0FBQ0gsTUFBTSxPQUFnQix5QkFBeUI7SUFNN0M7O09BRUc7SUFDSCxLQUFLLENBQUMsY0FBYyxDQUFDLE1BQXdCO1FBQzNDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDLENBQUM7UUFFOUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxXQUFXLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQywyQ0FBMkM7UUFFL0csTUFBTSxZQUFZLEdBQUcsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsU0FBUyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQztRQUUvRCxNQUFNLE1BQU0sR0FBRyxlQUFlLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFN0MsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLGFBQWEsQ0FBQyxTQUFTLENBQUMsQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRXZFLElBQUksTUFBTSxLQUFLLFlBQVksRUFBRTtZQUMzQixPQUFPLENBQUMsS0FBSyxDQUFDLHFCQUFxQixHQUFHLE1BQU0sQ0FBQyxDQUFDO1lBQzlDLE9BQU8sQ0FBQyxLQUFLLENBQUMsa0JBQWtCLEdBQUcsWUFBWSxDQUFDLENBQUM7U0FDbEQ7UUFFRCxPQUFPLE1BQU0sS0FBSyxZQUFZLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ08sa0JBQWtCLENBQUMsU0FBaUI7UUFDNUMsTUFBTSxHQUFHLEdBQVcsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRXJDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxFQUFFO1lBQzlCLE1BQU0sSUFBSSxLQUFLLENBQUMsMkJBQTJCLEdBQUcsR0FBRyxDQUFDLENBQUM7U0FDcEQ7UUFFRCxPQUFPLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7Q0FhRiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IGJhc2U2NFVybEVuY29kZSB9IGZyb20gJy4uL2Jhc2U2NC1oZWxwZXInO1xuXG5leHBvcnQgaW50ZXJmYWNlIFZhbGlkYXRpb25QYXJhbXMge1xuICBpZFRva2VuOiBzdHJpbmc7XG4gIGFjY2Vzc1Rva2VuOiBzdHJpbmc7XG4gIGlkVG9rZW5IZWFkZXI6IG9iamVjdDtcbiAgaWRUb2tlbkNsYWltczogb2JqZWN0O1xuICBqd2tzOiBvYmplY3Q7XG4gIGxvYWRLZXlzOiAoKSA9PiBQcm9taXNlPG9iamVjdD47XG59XG5cbi8qKlxuICogSW50ZXJmYWNlIGZvciBIYW5kbGVycyB0aGF0IGFyZSBob29rZWQgaW4gdG9cbiAqIHZhbGlkYXRlIHRva2Vucy5cbiAqL1xuZXhwb3J0IGFic3RyYWN0IGNsYXNzIFZhbGlkYXRpb25IYW5kbGVyIHtcbiAgLyoqXG4gICAqIFZhbGlkYXRlcyB0aGUgc2lnbmF0dXJlIG9mIGFuIGlkX3Rva2VuLlxuICAgKi9cbiAgcHVibGljIGFic3RyYWN0IHZhbGlkYXRlU2lnbmF0dXJlKFxuICAgIHZhbGlkYXRpb25QYXJhbXM6IFZhbGlkYXRpb25QYXJhbXNcbiAgKTogUHJvbWlzZTxhbnk+O1xuXG4gIC8qKlxuICAgKiBWYWxpZGF0ZXMgdGhlIGF0X2hhc2ggaW4gYW4gaWRfdG9rZW4gYWdhaW5zdCB0aGUgcmVjZWl2ZWQgYWNjZXNzX3Rva2VuLlxuICAgKi9cbiAgcHVibGljIGFic3RyYWN0IHZhbGlkYXRlQXRIYXNoKFxuICAgIHZhbGlkYXRpb25QYXJhbXM6IFZhbGlkYXRpb25QYXJhbXNcbiAgKTogUHJvbWlzZTxib29sZWFuPjtcbn1cblxuLyoqXG4gKiBUaGlzIGFic3RyYWN0IGltcGxlbWVudGF0aW9uIG9mIFZhbGlkYXRpb25IYW5kbGVyIGFscmVhZHkgaW1wbGVtZW50c1xuICogdGhlIG1ldGhvZCB2YWxpZGF0ZUF0SGFzaC4gSG93ZXZlciwgdG8gbWFrZSB1c2Ugb2YgaXQsXG4gKiB5b3UgaGF2ZSB0byBvdmVycmlkZSB0aGUgbWV0aG9kIGNhbGNIYXNoLlxuICovXG5leHBvcnQgYWJzdHJhY3QgY2xhc3MgQWJzdHJhY3RWYWxpZGF0aW9uSGFuZGxlciBpbXBsZW1lbnRzIFZhbGlkYXRpb25IYW5kbGVyIHtcbiAgLyoqXG4gICAqIFZhbGlkYXRlcyB0aGUgc2lnbmF0dXJlIG9mIGFuIGlkX3Rva2VuLlxuICAgKi9cbiAgYWJzdHJhY3QgdmFsaWRhdGVTaWduYXR1cmUodmFsaWRhdGlvblBhcmFtczogVmFsaWRhdGlvblBhcmFtcyk6IFByb21pc2U8YW55PjtcblxuICAvKipcbiAgICogVmFsaWRhdGVzIHRoZSBhdF9oYXNoIGluIGFuIGlkX3Rva2VuIGFnYWluc3QgdGhlIHJlY2VpdmVkIGFjY2Vzc190b2tlbi5cbiAgICovXG4gIGFzeW5jIHZhbGlkYXRlQXRIYXNoKHBhcmFtczogVmFsaWRhdGlvblBhcmFtcyk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICAgIGNvbnN0IGhhc2hBbGcgPSB0aGlzLmluZmVySGFzaEFsZ29yaXRobShwYXJhbXMuaWRUb2tlbkhlYWRlcik7XG5cbiAgICBjb25zdCB0b2tlbkhhc2ggPSBhd2FpdCB0aGlzLmNhbGNIYXNoKHBhcmFtcy5hY2Nlc3NUb2tlbiwgaGFzaEFsZyk7IC8vIHNoYTI1NihhY2Nlc3NUb2tlbiwgeyBhc1N0cmluZzogdHJ1ZSB9KTtcblxuICAgIGNvbnN0IGxlZnRNb3N0SGFsZiA9IHRva2VuSGFzaC5zdWJzdHIoMCwgdG9rZW5IYXNoLmxlbmd0aCAvIDIpO1xuXG4gICAgY29uc3QgYXRIYXNoID0gYmFzZTY0VXJsRW5jb2RlKGxlZnRNb3N0SGFsZik7XG5cbiAgICBjb25zdCBjbGFpbXNBdEhhc2ggPSBwYXJhbXMuaWRUb2tlbkNsYWltc1snYXRfaGFzaCddLnJlcGxhY2UoLz0vZywgJycpO1xuXG4gICAgaWYgKGF0SGFzaCAhPT0gY2xhaW1zQXRIYXNoKSB7XG4gICAgICBjb25zb2xlLmVycm9yKCdleHB0ZWN0ZWQgYXRfaGFzaDogJyArIGF0SGFzaCk7XG4gICAgICBjb25zb2xlLmVycm9yKCdhY3R1YWwgYXRfaGFzaDogJyArIGNsYWltc0F0SGFzaCk7XG4gICAgfVxuXG4gICAgcmV0dXJuIGF0SGFzaCA9PT0gY2xhaW1zQXRIYXNoO1xuICB9XG5cbiAgLyoqXG4gICAqIEluZmVycyB0aGUgbmFtZSBvZiB0aGUgaGFzaCBhbGdvcml0aG0gdG8gdXNlXG4gICAqIGZyb20gdGhlIGFsZyBmaWVsZCBvZiBhbiBpZF90b2tlbi5cbiAgICpcbiAgICogQHBhcmFtIGp3dEhlYWRlciB0aGUgaWRfdG9rZW4ncyBwYXJzZWQgaGVhZGVyXG4gICAqL1xuICBwcm90ZWN0ZWQgaW5mZXJIYXNoQWxnb3JpdGhtKGp3dEhlYWRlcjogb2JqZWN0KTogc3RyaW5nIHtcbiAgICBjb25zdCBhbGc6IHN0cmluZyA9IGp3dEhlYWRlclsnYWxnJ107XG5cbiAgICBpZiAoIWFsZy5tYXRjaCgvXi5TWzAtOV17M30kLykpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignQWxnb3JpdGhtIG5vdCBzdXBwb3J0ZWQ6ICcgKyBhbGcpO1xuICAgIH1cblxuICAgIHJldHVybiAnc2hhLScgKyBhbGcuc3Vic3RyKDIpO1xuICB9XG5cbiAgLyoqXG4gICAqIENhbGN1bGF0ZXMgdGhlIGhhc2ggZm9yIHRoZSBwYXNzZWQgdmFsdWUgYnkgdXNpbmdcbiAgICogdGhlIHBhc3NlZCBoYXNoIGFsZ29yaXRobS5cbiAgICpcbiAgICogQHBhcmFtIHZhbHVlVG9IYXNoXG4gICAqIEBwYXJhbSBhbGdvcml0aG1cbiAgICovXG4gIHByb3RlY3RlZCBhYnN0cmFjdCBjYWxjSGFzaChcbiAgICB2YWx1ZVRvSGFzaDogc3RyaW5nLFxuICAgIGFsZ29yaXRobTogc3RyaW5nXG4gICk6IFByb21pc2U8c3RyaW5nPjtcbn1cbiJdfQ==