UNPKG

remix-auth-okta

Version:

![CI](https://img.shields.io/github/actions/workflow/status/jrakotoharisoa/remix-auth-okta/main.yml?branch=main&style=flat-square) ![npm](https://img.shields.io/npm/v/remix-auth-okta?style=flat-square) # OktaStrategy

115 lines (114 loc) 4.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.OktaStrategy = void 0; const remix_auth_oauth2_1 = require("remix-auth-oauth2"); class OktaStrategy extends remix_auth_oauth2_1.OAuth2Strategy { constructor({ issuer, scope = "openid profile email", clientID, clientSecret, callbackURL, ...rest }, verify) { super({ authorizationURL: `${issuer}/v1/authorize`, tokenURL: `${issuer}/v1/token`, clientID, clientSecret, callbackURL, }, verify); this.name = "okta"; this.sessionToken = ""; this.scope = scope; this.userInfoURL = `${issuer}/v1/userinfo`; this.authenticationURL = `${issuer}/api/v1/authn`; this.withCustomLoginForm = !!rest.withCustomLoginForm; this.authenticationURL = rest.withCustomLoginForm ? `${rest.oktaDomain}/api/v1/authn` : ""; } async authenticate(request, sessionStorage, options) { var _a; if (!this.withCustomLoginForm) { return super.authenticate(request, sessionStorage, options); } let session = await sessionStorage.getSession(request.headers.get("Cookie")); let user = (_a = session.get(options.sessionKey)) !== null && _a !== void 0 ? _a : null; if (user) { return this.success(user, request.clone(), sessionStorage, options); } const url = new URL(request.url); const callbackUrl = this.getCallbackURLFrom(url); if (url.pathname !== callbackUrl.pathname) { const form = await request.formData(); const email = form.get("email"); const password = form.get("password"); if (!email || !password) { throw new Response(JSON.stringify({ message: "Bad request, missing email and password.", }), { headers: { "Content-Type": "application/json; charset=utf-8", }, status: 400, }); } this.sessionToken = await this.getSessionTokenWith(email.toString(), password.toString()); } return super.authenticate(request, sessionStorage, options); } getCallbackURLFrom(url) { if (this.callbackURL.startsWith("http:") || this.callbackURL.startsWith("https:")) { return new URL(this.callbackURL); } if (this.callbackURL.startsWith("/")) { return new URL(this.callbackURL, url); } return new URL(`${url.protocol}//${this.callbackURL}`); } async getSessionTokenWith(email, password) { let response = await fetch(this.authenticationURL, { method: "POST", headers: { "Content-Type": "application/json", }, body: JSON.stringify({ username: email, password, }), }); if (!response.ok) { try { let body = await response.text(); throw new Error(body); } catch (error) { throw error; } } const data = await response.json(); return data.sessionToken; } authorizationParams() { return new URLSearchParams({ scope: this.scope, sessionToken: this.sessionToken, }); } async userProfile(accessToken) { var _a; const response = await fetch(this.userInfoURL, { headers: { Authorization: `Bearer ${accessToken}`, }, }); const profile = await response.json(); return { provider: "okta", id: profile.sub, name: { familyName: profile.family_name, givenName: profile.given_name, middleName: profile.middle_name, }, displayName: (_a = profile.name) !== null && _a !== void 0 ? _a : profile.preferred_username, email: profile.email, }; } } exports.OktaStrategy = OktaStrategy;