-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathappAuthHelperFetchTokens.js
More file actions
156 lines (149 loc) · 6.52 KB
/
appAuthHelperFetchTokens.js
File metadata and controls
156 lines (149 loc) · 6.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
/* global TRUSTED_ORIGIN */
(function () {
"use strict";
// appAuth expects the details to be provided via hash, so copy them there
window.location.hash = window.location.search.substring(1); // removes the '?'
var appAuthConfig;
if (window.location.search) {
const params = new URLSearchParams(window.location.search);
const iss = params.get("iss");
const getMatchingAppAuthConfig = ((domainToMatch) => {
for (let key = 0; key < localStorage.length; key++ ) {
const itemName = localStorage.key(key);
if (itemName.includes("appAuthConfig-")) {
const appAuthConfig = JSON.parse(localStorage.getItem(itemName));
const match = appAuthConfig && (
domainToMatch ?
domainToMatch === appAuthConfig.appHostname :
appAuthConfig.authId === "Primary"
);
if (match) {
return appAuthConfig;
}
}
}
});
if (iss) {
const domain = new URL(iss).host;
appAuthConfig = getMatchingAppAuthConfig(domain);
} else {
appAuthConfig = getMatchingAppAuthConfig();
}
}
var TokenManager = require("./TokenManager");
// var tokenManager;
var tokenManagerInstance;
// don't trigger any default token management behavior unless
// we have some parameters to process
if (appAuthConfig && window.location.hash.replace("#","").length) {
tokenManagerInstance = new TokenManager(appAuthConfig);
tokenManagerInstance.getAvailableData()
.then((data) => {
// We succeeded, so we don't need to retain any hash details.
window.location.hash = "";
parent.postMessage({
message: "appAuth-tokensAvailable",
resourceServer: data.resourceServer,
idTokenClaims: data.claims,
idToken: data.idToken,
authId: appAuthConfig.authId
}, TRUSTED_ORIGIN);
},
(error) => {
// When an error is returned, we need to report that to
// the parent frame along with the url that the user needs to
// visit and the specific error code.
tokenManagerInstance.getAuthzURL().then((url) => {
return parent.postMessage({
message: "appAuth-interactionRequired",
error: error,
authorizationUrl: url,
authId: appAuthConfig.authId
}, TRUSTED_ORIGIN);
});
})
.finally(() => {
// if we are running in the context of a full window (rather than an iframe)
if (!parent.document.getElementById(`AppAuthIframe-${appAuthConfig.authId}`)) {
setTimeout(() => {
var appLocation = document.createElement("a");
appLocation.href = appAuthConfig.appLocation || ".";
appLocation.hash = appLocation.hash + "&loggedin=true";
window.location.assign(appLocation.href);
}, 0);
}
});
}
// will receive these messages when running in an iframe
window.addEventListener("message", function (e) {
if (e.origin !== TRUSTED_ORIGIN) {
return;
}
var authId = e.data.config.authId;
tokenManagerInstance = tokenManagerInstance || new TokenManager(e.data.config);
switch (e.data.message) {
case "appAuth-config":
localStorage.setItem(`appAuthConfig-${authId}`, JSON.stringify(e.data.config));
// There normally shouldn't be an active authorization request going on when the
// config is first passed in here. Just in case we somehow got here with a
// remnant left over, clean it out.
tokenManagerInstance.clearActiveAuthzRequests().then(() => {
return e.ports[0].postMessage("configured");
});
break;
case "appAuth-logout":
tokenManagerInstance.logout(e.data.options).then(() => {
localStorage.removeItem(`appAuthConfig-${authId}`);
parent.postMessage({
message: "appAuth-logoutComplete",
authId,
}, TRUSTED_ORIGIN);
});
break;
case "appAuth-getFreshAccessToken":
tokenManagerInstance.silentAuthzRequest(e.data.resourceServer).then((strategyUsed) => {
if (strategyUsed === "refreshToken") {
parent.postMessage({
message: "appAuth-tokensAvailable",
resourceServer: e.data.resourceServer,
authId,
}, TRUSTED_ORIGIN);
}
});
break;
case "appAuth-getAvailableData":
tokenManagerInstance.getAvailableData()
.then((data) => {
parent.postMessage({
message: "appAuth-tokensAvailable",
idTokenClaims: data.claims,
idToken: data.idToken,
authId,
}, TRUSTED_ORIGIN);
}, () => {
if (e.data.config.attemptSilentAuthGrant) {
tokenManagerInstance.silentAuthzRequest();
} else {
tokenManagerInstance.getAuthzURL().then((url) =>
parent.postMessage({
message: "appAuth-interactionRequired",
error: "Stored tokens unavailable and silent auth code grant not attempted",
authorizationUrl: url
}, TRUSTED_ORIGIN)
);
}
});
break;
case "makeRSRequest":
tokenManagerInstance.makeRSRequest(e.data.request)
.then(
(response) => {
return e.ports[0].postMessage({response});},
(error) => {
return e.ports[0].postMessage({error});
}
);
break;
}
});
}());