UNPKG

apim-developer-portal2

Version:

API management developer portal

215 lines (178 loc) 9.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
import * as ClientOAuth2 from "client-oauth2"; import { HttpClient } from "@paperbits/common/http"; import { ISettingsProvider } from "@paperbits/common/configuration"; import { GrantTypes } from "./../constants"; import { MapiClient } from "./mapiClient"; import { AuthorizationServerContract } from "../contracts/authorizationServer"; import { AuthorizationServer } from "../models/authorizationServer"; import { PageContract } from "../contracts/page"; import { OpenIdConnectProviderContract } from "../contracts/openIdConnectProvider"; import { OpenIdConnectProvider } from "./../models/openIdConnectProvider"; import { OpenIdConnectMetadata } from "./../contracts/openIdConnectMetadata"; export class OAuthService { constructor( private readonly mapiClient: MapiClient, private readonly httpClient: HttpClient, private readonly settingsProvider: ISettingsProvider ) { } /** * Returns configured OAuth 2.0 and OpenID Connect providers. */ public async getOAuthServers(): Promise<AuthorizationServer[]> { try { const authorizationServers = []; const pageOfOAuthServers = await this.mapiClient.get<PageContract<AuthorizationServerContract>>("/authorizationServers"); const oauthServers = pageOfOAuthServers.value.map(authServer => new AuthorizationServer(authServer)); authorizationServers.push(...oauthServers); const pageOfOicdServers = await this.mapiClient.get<PageContract<OpenIdConnectProviderContract>>("/openidConnectProviders"); const oicdServers = pageOfOicdServers.value.map(authServer => new OpenIdConnectProvider(authServer)); for (const provider of oicdServers) { try { const authServer = await this.discoverOAuthServer(provider.metadataEndpoint); authServer.name = provider.name; authServer.clientId = provider.clientId; authServer.displayName = provider.displayName; authServer.description = provider.description; authorizationServers.push(authServer); } catch (error) { // Swallow discovery errors until publishing-related notification channel gets implemented. } } return authorizationServers; } catch (error) { throw new Error(`Unable to fetch configured authorization servers.`); } } /** * Acquires access token using specified grant flow. * @param grantType {string} Requested grant type. * @param authorizationServer {AuthorizationServer} Authorization server details. */ public async authenticate(grantType: string, authorizationServer: AuthorizationServer): Promise<string> { const backendUrl = await this.settingsProvider.getSetting<string>("backendUrl") || `https://${location.hostname}`; let accessToken; switch (grantType) { case GrantTypes.implicit: accessToken = await this.authenticateImplicit(backendUrl, authorizationServer); break; case GrantTypes.authorizationCode: accessToken = await this.authenticateCode(backendUrl, authorizationServer); break; case GrantTypes.clientCredentials: accessToken = await this.authenticateClientCredentials(backendUrl, authorizationServer); break; default: throw new Error(`Unsupported grant type: ${grantType}`); } return accessToken; } /** * Acquires access token using "implicit" grant flow. * @param backendUrl {string} Portal backend URL. * @param authorizationServer {AuthorizationServer} Authorization server details. */ public authenticateImplicit(backendUrl: string, authorizationServer: AuthorizationServer): Promise<string> { const redirectUri = `${backendUrl}/signin-oauth/implicit/callback`; const oauthClient = new ClientOAuth2({ clientId: authorizationServer.clientId, accessTokenUri: authorizationServer.tokenEndpoint, authorizationUri: authorizationServer.authorizationEndpoint, redirectUri: redirectUri, scopes: authorizationServer.scopes }); return new Promise((resolve, reject) => { try { window.open(oauthClient.token.getUri(), "_blank", "width=400,height=500"); const receiveMessage = async (event: MessageEvent) => { const tokenHash = event.data["uri"]; if (!tokenHash) { return; } const oauthToken = await oauthClient.token.getToken(redirectUri + tokenHash); resolve(`${oauthToken.tokenType} ${oauthToken.accessToken}`); }; window.addEventListener("message", receiveMessage, false); } catch (error) { reject(error); } }); } /** * Acquires access token using "authorization code" grant flow. * @param backendUrl {string} Portal backend URL. * @param authorizationServer {AuthorizationServer} Authorization server details. */ public async authenticateCode(backendUrl: string, authorizationServer: AuthorizationServer): Promise<string> { const redirectUri = `${backendUrl}/signin-oauth/code/callback/${authorizationServer.name}`; const oauthClient = new ClientOAuth2({ clientId: authorizationServer.clientId, accessTokenUri: authorizationServer.tokenEndpoint, authorizationUri: authorizationServer.authorizationEndpoint, redirectUri: redirectUri, scopes: authorizationServer.scopes }); return new Promise<string>((resolve, reject) => { try { window.open(oauthClient.code.getUri(), "_blank", "width=400,height=500"); const receiveMessage = async (event: MessageEvent) => { if (!event.data["accessToken"]) { return; } const accessToken = event.data["accessToken"]; const accessTokenType = event.data["accessTokenType"]; resolve(`${accessTokenType} ${accessToken}`); }; window.addEventListener("message", receiveMessage, false); } catch (error) { reject(error); } }); } /** * Acquires access token using "client credentials" grant flow. * @param backendUrl {string} Portal backend URL. * @param authorizationServer {AuthorizationServer} Authorization server details. */ public async authenticateClientCredentials(backendUrl: string, authorizationServer: AuthorizationServer): Promise<string> { let uri = `${backendUrl}/signin-oauth/credentials/${authorizationServer.name}`; if (authorizationServer.scopes) { const scopesString = authorizationServer.scopes.join(" "); uri += `?scopes=${encodeURIComponent(scopesString)}`; } return new Promise<string>((resolve, reject) => { try { window.open(uri, "_blank", "width=400,height=500"); const receiveMessage = async (event: MessageEvent) => { if (!event.data["accessToken"]) { return; } const accessToken = event.data["accessToken"]; const accessTokenType = event.data["accessTokenType"]; resolve(`${accessTokenType} ${accessToken}`); }; window.addEventListener("message", receiveMessage, false); } catch (error) { reject(error); } }); } public async discoverOAuthServer(metadataEndpoint: string): Promise<AuthorizationServer> { const response = await this.httpClient.send<OpenIdConnectMetadata>({ url: metadataEndpoint }); const metadata = response.toObject(); const server = new AuthorizationServer(); server.authorizationEndpoint = metadata.authorization_endpoint; server.tokenEndpoint = metadata.token_endpoint; server.scopes = metadata.scopes_supported || ["openid"]; // Leaving only "implicit" grant flow until backend gets deployed. const supportedGrantTypes = [GrantTypes.implicit.toString()]; server.grantTypes = metadata.grant_types_supported ? metadata.grant_types_supported.filter(grantType => supportedGrantTypes.includes(grantType)) : [GrantTypes.implicit]; return server; } }