Created
October 22, 2019 06:28
-
-
Save scanacs-agruhn/0f1249e279690be97c297110b37d5e10 to your computer and use it in GitHub Desktop.
OAuth2.0 Client for XSJS Classic with Client Credentials Grant Flow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* OAuth Client for HANA XS - Runtime processing for HANA Base DU | |
* | |
* Provide the following functionality: | |
* - get authorize URI | |
* - exchange authorization code for access token (authorization code flow) | |
* - get access token by providing SAML assertion (SAML bearer flow) | |
* - enrich application request by access token | |
* - refresh flow | |
* - revoke token(s) | |
* | |
* | |
*/ | |
var util = $.import("sap.hana.xs.oAuth.lib", "oAuthUtil"); | |
var iDef = $.import("sap.hana.xs.oAuth.lib", "InternalDefinition"); | |
/* | |
* --------------------------------------------------------------------------- | |
* Lib Common Data - OAuth Client Config and Exceptions | |
* --------------------------------------------------------------------------- | |
*/ | |
function OAuthClient(destPackage, destName){ | |
var oAuthHttpRequest = $.net.http.readOAuthHTTPRequest(destPackage,destName); | |
this.destinationPackage = destPackage; | |
this.destinationName = destName; | |
this.oAuthHttpRequest = oAuthHttpRequest; | |
var oAuthCC = $.net.http.readOAuthClientConfig(oAuthHttpRequest.clientConfigPackage, oAuthHttpRequest.clientConfigName); | |
this.oAuthClientConfig = oAuthCC; | |
this.oAuthFlavorPackage = this.oAuthHttpRequest.flavorPackage; | |
this.oAuthFlavorName = this.oAuthHttpRequest.flavorName; | |
this.authorizationCode = ""; | |
this.sessionState = ""; | |
this.appUrl = ""; | |
switch (this.oAuthClientConfig.oauthFlow) { | |
case 1: this.oauthFlow = "saml2Bearer";break; | |
case 2: this.oauthFlow = "authCode";break; | |
default: this.oauthFlow = "UNDEFINED";break; | |
} | |
} | |
function MissingInputException(sType, sSeverity, sMessage) { | |
this.name = sType; | |
this.severity = sSeverity; | |
this.message = sMessage; | |
} | |
MissingInputException.prototype = new Error(); | |
MissingInputException.prototype.constructor = MissingInputException; | |
function InternalErrorException(sType, sSeverity, sMessage) { | |
this.name = sType; | |
this.severity = sSeverity; | |
this.message = sMessage; | |
} | |
InternalErrorException.prototype = new Error(); | |
InternalErrorException.prototype.constructor = InternalErrorException; | |
function MissingConfigException(sType, sSeverity, sMessage) { | |
this.name = sType; | |
this.severity = sSeverity; | |
this.message = sMessage; | |
} | |
MissingConfigException.prototype = new Error(); | |
MissingConfigException.prototype.constructor = MissingConfigException; | |
function InvalidInputException(sType, sSeverity, sMessage) { | |
this.name = sType; | |
this.severity = sSeverity; | |
this.message = sMessage;} | |
InvalidInputException.prototype = new Error(); | |
InvalidInputException.prototype.constructor = InvalidInputException; | |
function NoAccessContextException(sType, sSeverity, sMessage) { | |
this.name = sType; | |
this.severity = sSeverity; | |
this.message = sMessage; | |
} | |
NoAccessContextException.prototype = new Error(); | |
NoAccessContextException.prototype.constructor = NoAccessContextException; | |
/* | |
* --------------------------------------------------------------------------- | |
* Lib Common functions - Local OAuth Client Utilities | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.getParameterFromConfig = function(parameter){ | |
"use strict"; | |
var result = null; | |
var parameterClientId = new RegExp("client_id"); | |
var parameterRedirectUri = new RegExp("redirect_uri"); | |
var parameterScope = new RegExp("scope"); | |
var parameterState = new RegExp("state"); | |
var parameterCode = new RegExp("code"); | |
if (parameterClientId.test(parameter)) { | |
result = this.oAuthClientConfig.clientID; | |
return result; | |
} | |
if (parameterRedirectUri.test(parameter)) { | |
result = this.oAuthClientConfig.redirectUrl; | |
return result; | |
} | |
if (parameterScope.test(parameter)) { | |
result = this.oAuthHttpRequest.maxScopesString; | |
return result; | |
} | |
if (parameterState.test(parameter)) { | |
return this.oAuthHttpRequest.stateCookieName; | |
} | |
if (parameterCode.test(parameter)) { | |
result = this.authorizationCode; | |
return result; | |
} | |
}; | |
//Validate authorization code validity on service provider config level | |
function isCodeValid(code) { | |
"use strict"; | |
var isValid = false; | |
if (code) { | |
//A real life google example: 4/sLVdhYumfQtVYgUZR173ZN4f2aG_.0hw-SGZU9FQROl05ti8ZT3apX5PYjAI | |
//Validation - see 1_getToken xsjs test flow: to include "-"; "."; "_";"/" | |
//These are the additional known characters provided in a code by google | |
isValid = /^[a-zA-Z0-9\-._\/]*$/.test(code); | |
} | |
return isValid; | |
} | |
//Set the request or header parameters | |
OAuthClient.prototype.setOAuthHTTPRequestParams = function(input, step, location) { | |
// input is a URL (string) for location = "uri" | |
// is empty for locations = "header" and "param" (use oAuthHttpRequest of oAuthClient) | |
// maybe empty for location = "uri": In this case use oAuthHttpRequest of oAuthClient | |
var i = 0, | |
j = 0; | |
var paraLen = 0, | |
flavorLen = 0; | |
var aParams = []; | |
var isCollected = []; | |
var oException = {}; | |
//Serve the interceptor patterns: | |
var clientSecretPattern = new RegExp(iDef.getTokenType("CS_Type", "AC")); | |
var accessTokenPattern = new RegExp(iDef.getTokenType("AT_Type", "AC")); | |
var refreshTokenPattern = new RegExp(iDef.getTokenType("RT_Type", "AC")); | |
var samlAssertionPattern = new RegExp(iDef.getTokenType("SA_Type", "SB")); | |
var samlAssertionClientIdAttributeNamePattern = new RegExp("saml_assertion_client_id_attribute_name"); | |
var aFlavor = []; | |
var replaced = false; | |
// TODO : Might check !input for authorize uri | |
if ( !step || !location) { | |
oException.Type = "MissingArgument"; | |
oException.Severity = "Error"; | |
oException.Message = "Input or parameters missing for setting the request parameters"; | |
$.trace.error("oAuthClient.xsjslib::setOAuthHTTPRequestParams: " + oException.Message); | |
throw new Error("Context - " + oException.Type + ": " + oException.Message); | |
} | |
//Get the relevant flavor parameters to be set for this step: | |
aFlavor = util.getFlavorByStep(this.oAuthHttpRequest.flavorPackage, this.oAuthHttpRequest.flavorName, step, location); | |
for (i = 0, flavorLen = aFlavor.length; i < flavorLen; i++) { | |
var oParamRecord = {}; | |
oParamRecord.name = aFlavor[i].paramName; | |
oParamRecord.type = aFlavor[i].valueType; | |
//Regular processing | |
if (aFlavor[i].valueType === iDef.getValueType("evaluatedType")){ | |
oParamRecord.value = this.getParameterFromConfig(aFlavor[i].paramName); | |
} else { | |
oParamRecord.value = aFlavor[i].paramValue; | |
} | |
aParams.push(oParamRecord); | |
} | |
//Assign loaded flavor parameters with current configuration + security controller data | |
for (j = 0, paraLen = aParams.length; j < paraLen; j++) { | |
replaced = false; | |
if (isCollected.indexOf(aParams[j].name.toUpperCase()) === -1) { | |
switch (location) { | |
case iDef.getParameterLocation("headerParameter"): | |
if (accessTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
if (input.setOAuthAccessToken){ // check required to recognized whether input is of type $.net.HttpRequest (where we can set the access token) | |
input.setOAuthAccessToken(aParams[j].name, this.oAuthClientConfig.packageID, this.oAuthClientConfig.clientName ); | |
} | |
break; | |
} | |
if (aParams[j].type === iDef.getValueType("secureType") && aParams[j].value === iDef.getBasicAuthenticationName()) { | |
this.oAuthHttpRequest.setBasicAuthorizationHeader(aParams[j].name, "Basic"); | |
} else { | |
//Set regular header parameters - no special treatment in this case | |
this.oAuthHttpRequest.setHeaders(aParams[j].name, aParams[j].value); | |
} | |
//Intercept client secret: | |
if (clientSecretPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
//This is the request pattern if a client secret interception is requested | |
this.oAuthHttpRequest.setClientSecret(location, aParams[j].name); | |
} | |
break; | |
case iDef.getParameterLocation("requestParameter"): | |
//Special treatment: Check for an access- or refresh token or client secret interceptor pattern | |
// Intercept access token | |
if (accessTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
//This is the request pattern if an access token interception is requested | |
this.oAuthHttpRequest.setAccessToken(location, aParams[j].name, ""); // no prefix for parameters | |
replaced = true; | |
} | |
// Intercept refresh token | |
if (refreshTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
//This is the request pattern if a refresh token interception is requested | |
//$set_refresh_token | |
this.oAuthHttpRequest.setRefreshToken(location, aParams[j].name, ""); // no prefix for parameters | |
replaced = true; | |
} | |
//Intercept client secret: | |
if (clientSecretPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
//This is the request pattern if a client secret interception is requested | |
this.oAuthHttpRequest.setClientSecret(location, aParams[j].name); | |
replaced = true; | |
} | |
//Intercept SAML assertion: | |
if (samlAssertionPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
//This is the request pattern if a SAML assertion interception is requested | |
this.oAuthHttpRequest.configureSAMLFlow(aParams[j].name); | |
replaced = true; | |
} | |
//ELSE: Set parameters on a regular base if no special replacement was done. | |
if (!replaced) { | |
this.oAuthHttpRequest.setParameters(aParams[j].name, aParams[j].value); | |
} | |
break; | |
case iDef.getParameterLocation("uriParameter"): | |
if (typeof input === "string" ){ | |
if (j === 0) { | |
input += "?" + aParams[j].name; | |
} else { | |
input += "&" + aParams[j].name; | |
} | |
input += "=" + aParams[j].value; | |
} else { | |
// Intercept access token | |
if (accessTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
//This is the request pattern if an access token interception is requested | |
this.oAuthHttpRequest.setAccessToken(location, aParams[j].name, ""); | |
replaced = true; | |
} | |
// Intercept refresh token | |
if (refreshTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
//This is the request pattern if a refresh token interception is requested | |
//$set_refresh_token | |
this.oAuthHttpRequest.setRefreshToken(location, aParams[j].name, ""); | |
replaced = true; | |
} | |
} | |
break; | |
case iDef.getParameterLocation("samlAssertionParameter"): | |
if (samlAssertionClientIdAttributeNamePattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) { | |
this.oAuthHttpRequest.setSAMLClientIdAttributeName(aParams[j].name); | |
replaced = true; | |
} | |
break; | |
default: | |
break; | |
} | |
//Did we already collect this name / value record? Otherwise skip or alert next stage! | |
isCollected[j] = aParams[j].name; | |
} | |
} | |
return input; | |
}; | |
function dispatchException(oException, source) { | |
"use strict"; | |
if (util.is401Caused(oException)) { | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = "User is not authorized - access grant missing (401)"; | |
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
if (util.is500Caused(oException)) { | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = "User is no longer authorized - access grant expired (500)"; // if details?: + oException.toString(); | |
//Details: "SyntaxError: JSON.parse: unexpected character; Status: 500" | |
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
if (util.isSSLCaused(oException)) { | |
oException.Type = "MissingConfigException"; | |
oException.Severity = "Error"; | |
oException.Message = "SSL requested but trust store assignment is missing (SSL Config)"; | |
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message); | |
throw new MissingConfigException(oException.Type, oException.Severity, oException.Message); | |
} | |
//Any other context is assigned with an internal error exception | |
oException.Type = "InternalError"; | |
oException.Severity = "Error"; | |
oException.Message = oException.toString(); | |
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
/* | |
* --------------------------------------------------------------------------- | |
* 0.) Get Authorize URI - to be provided as business user self service | |
* Start of Authorize Code Flow | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.userAuthorizeUri = function (appUrl) { | |
"use strict"; | |
var oException = {}; | |
if (this.oauthFlow === "saml2Bearer") { | |
oException.Type = "CallerError"; | |
oException.Severity = "Error"; | |
oException.Message = "Method userAuthorizeUri not supported for flow type saml2Bearer"; | |
$.trace.error("oAuthClient.xsjslib::userAuthorizeUri: Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
try { | |
this.oAuthHttpRequest.setStateCookie(appUrl, $.response); | |
var authorizeUri = this.oAuthHttpRequest.authorizationEndpointURL; | |
this.appUrl = appUrl; | |
authorizeUri = this.setOAuthHTTPRequestParams(authorizeUri, iDef.getFlavorStepName("userAuthorizeAccessStep"), iDef.getParameterLocation("uriParameter")); | |
return util.encodeUri(authorizeUri); | |
} catch (e) { | |
oException.Type = "InternalError"; | |
oException.Severity = "Error"; | |
oException.Message = "Error when assigning Service Provider Configuration : " + e.toString(); | |
$.trace.error("oAuthClient.xsjslib::userAuthorizeUri: Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
}; | |
/* | |
* --------------------------------------------------------------------------- | |
* 1.) Get Token(s) from Code | |
* Exchange the authorization code into an token set | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.userGrantAccess = function (code) { | |
"use strict"; | |
var oException = {}; | |
if (!isCodeValid(code)) { | |
oException.Type = "InvalidInput"; | |
oException.Severity = "Error"; | |
oException.Message = "This code is not accepted: " + code; | |
$.trace.error("oAuthClient.xsjslib::userGrantAccess: Error: " + oException.Message); | |
throw new InvalidInputException(oException.Type, oException.Severity, oException.Message); | |
} | |
try { | |
this.authorizationCode = code; | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("headerParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("requestParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("uriParameter")); | |
var status = this.oAuthHttpRequest.triggerAccessTokenFlow(); | |
return status; | |
} catch (e) { | |
oException.Type = "InternalError"; | |
oException.Severity = "Error"; | |
oException.Message = "Error when during user grant access: " + e.toString(); | |
$.trace.error("oAuthClient.xsjslib::userGrantAccess: Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
}; | |
/* | |
* --------------------------------------------------------------------------- | |
* 2.) Trigger refresh flow | |
* | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.userRefreshAccess = function () { | |
"use strict"; | |
var oException = {}; | |
if (!this.hasValidRefreshToken()) { | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = "No refresh token available"; | |
$.trace.error("oAuthClient.xsjslib::userRefreshAccess: Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
try { | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRefreshAccessStep"), iDef.getParameterLocation("uriParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRefreshAccessStep"), iDef.getParameterLocation("headerParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRefreshAccessStep"), iDef.getParameterLocation("requestParameter")); | |
return this.oAuthHttpRequest.triggerRefreshTokenFlow(); | |
} catch (e) { | |
oException.Type = "InternalError"; | |
oException.Severity = "Error"; | |
oException.Message = "Error when during user grant access: " + e.toString(); | |
$.trace.error("oAuthClient.xsjslib::userRefreshAccess: Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
}; | |
/* | |
* --------------------------------------------------------------------------- | |
* 3.) Data Processing | |
* | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.processData = function(appHttpClient, appRequest, appDestination) { | |
"use strict"; | |
var clientPackage = this.oAuthClientConfig.packageID; | |
var clientName = this.oAuthClientConfig.clientName; | |
var response = null; | |
var responseStatus =null; | |
var oException = {}; | |
var aSignatureCheck = [{ | |
name: "Client Package", | |
value: clientPackage | |
}, { | |
name: "Service Provider Name", | |
value: clientName | |
}, { | |
name: "Application http client", | |
value: appHttpClient | |
}, { | |
name: "Application Request", | |
value: appRequest | |
}, { | |
name: "Application Resource Destination", | |
value: appDestination | |
} | |
]; | |
//Check input---------------------------------------------------------------------------------------- | |
var signatureCheckResult = util.validateInput(aSignatureCheck); | |
if (signatureCheckResult !== "") { | |
oException.Type = "MissingArgument"; | |
oException.Severity = "Error"; | |
oException.Message = "No value provided for the following parameter(s): " +signatureCheckResult; | |
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message); | |
throw new MissingInputException(oException.Type, oException.Severity, oException.Message); | |
} | |
//Try to use the app provided destination. | |
try { | |
util.validateDestination(appDestination); | |
} catch (e) { | |
oException.Type = "MissingConfigException"; | |
oException.Severity = "Error"; | |
oException.Message = "Wrong destination setup - please check destination.host and ssl property!"; | |
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message); | |
throw new MissingConfigException(oException.Type, oException.Severity, oException.Message); | |
} | |
//Check if access token is available | |
if (!this.hasValidAccessToken()) { | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = "No access token available"; | |
$.trace.error("oAuthClient.xsjslib::processData: Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
//Add access token to HTTP request and submit it | |
try { | |
try { | |
this.setOAuthHTTPRequestParams(appRequest, iDef.getFlavorStepName("processDataStep"), iDef.getParameterLocation("headerParameter")); | |
//appRequest.setOAuthAccessToken("Bearer ", clientPackage, clientName); | |
appHttpClient.request(appRequest, appDestination); | |
// ... get the response and back. | |
response = appHttpClient.getResponse(); | |
// trigger refresh flow | |
// if (response.status === $.net.http.INTERNAL_SERVER_ERROR || response.status === 401) { | |
// var refreshStatus = this.userRefreshAccess(); | |
// if (refreshStatus === 200) { | |
// // Initialize + replay the request | |
// var replayResponse = null; | |
// appRequest.setOAuthAccessToken("Bearer ", clientPackage, clientName); | |
// appHttpClient.request(appRequest, appDestination); | |
// replayResponse = appHttpClient.getResponse(); | |
// response = replayResponse; | |
// } else { | |
// $.trace.debug("OAuthClient.xsjslib::processData: Ignoring refreshAccess with status !=200. Status " + refreshStatus); | |
// } | |
// } | |
} catch (ex) { | |
oException.Type = "InternalError"; | |
oException.Severity = "Error"; | |
oException.Message = "Error within request processing: " + ex.toString() + "; Status: " + responseStatus; | |
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message); | |
throw new Error("Context - " + oException.Type + ": " + oException.Message); | |
} | |
} catch (exc) { | |
//Special handling for 'not authorized/granted' status - we can only assume 401 as all other reasons require | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = exc.toString(); | |
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
return response; | |
}; | |
/* | |
* --------------------------------------------------------------------------- | |
* 4.) Revoke the current access grant of this user | |
* | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.userRevokeAccess = function () { | |
"use strict"; | |
var oException = {}; | |
// if (!this.hasValidAccessToken()) { | |
// oException.Type = "NoAccessContext"; | |
// oException.Severity = "Error"; | |
// oException.Message = "No access token available"; | |
// $.trace.error("oAuthClient.xsjslib::userRevokeAccess: Error: " + oException.Message); | |
// throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
// } | |
try { | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRevokeAccessStep"), iDef.getParameterLocation("uriParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRevokeAccessStep"), iDef.getParameterLocation("headerParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRevokeAccessStep"), iDef.getParameterLocation("requestParameter")); | |
var status = this.oAuthHttpRequest.triggerRevocationFlow(); | |
return status; | |
} catch (exc) { | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = exc.toString(); | |
$.trace.error("oAuthClient.xsjslib::userRevokeAccess: Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
}; | |
OAuthClient.prototype.hasValidAccessToken = function () { | |
"use strict"; | |
var oException = {}; | |
try { | |
var status = this.oAuthHttpRequest.hasValidAccessToken; | |
} catch (exc) { | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = exc.toString(); | |
$.trace.error("oAuthClient.xsjslib::hasValidAccessToken: Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
return status; | |
}; | |
OAuthClient.prototype.hasValidRefreshToken = function () { | |
"use strict"; | |
var oException = {}; | |
try { | |
var status = this.oAuthHttpRequest.hasValidRefreshToken; | |
} catch (exc) { | |
oException.Type = "NoAccessContext"; | |
oException.Severity = "Error"; | |
oException.Message = exc.toString(); | |
$.trace.error("oAuthClient.xsjslib::hasValidRefreshToken: Error: " + oException.Message); | |
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message); | |
} | |
return status; | |
}; | |
/* | |
* --------------------------------------------------------------------------- | |
* 6.) SAML Flow | |
* Exchange a SAML assertion into an token set | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.samlAccess = function () { | |
"use strict"; | |
var oException = {}; | |
if (this.oauthFlow !== "saml2Bearer") { | |
oException.Type = "CallerError"; | |
oException.Severity = "Error"; | |
oException.Message = "Method samlAccess not supported for flow type "+this.oauthFlow; | |
$.trace.error("oAuthClient.xsjslib::samlAccess: Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
try { | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("headerParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("requestParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("uriParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("samlAssertionParameter")); | |
var status = this.oAuthHttpRequest.triggerAccessTokenFlow(); | |
return status; | |
} catch (e) { | |
oException.Type = "InternalError"; | |
oException.Severity = "Error"; | |
oException.Message = "Error during SAML access: " + e.toString(); | |
$.trace.error("oAuthClient.xsjslib::samlAccess: Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
}; | |
/* | |
* --------------------------------------------------------------------------- | |
* 7.) Client Credentials Flow | |
* Use ClientId and ClientSecret to get the access token | |
* --------------------------------------------------------------------------- | |
*/ | |
OAuthClient.prototype.clientCredentialsAccess = function () { | |
"use strict"; | |
const oException = {}; | |
try { | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("headerParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("requestParameter")); | |
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("uriParameter")); | |
var status = this.oAuthHttpRequest.triggerAccessTokenFlow(); | |
return status; | |
} catch (e) { | |
oException.Type = "InternalError"; | |
oException.Severity = "Error"; | |
oException.Message = "Error during OAuth2.0 Client Credentials Access : " + e.toString(); | |
$.trace.error("lib.oauth.oAuthClient.xsjslib::clientCredentialsAccess: Error: " + oException.Message); | |
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message); | |
} | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment