Skip to content

Instantly share code, notes, and snippets.

@scanacs-agruhn
Created October 22, 2019 06:28
Show Gist options
  • Save scanacs-agruhn/0f1249e279690be97c297110b37d5e10 to your computer and use it in GitHub Desktop.
Save scanacs-agruhn/0f1249e279690be97c297110b37d5e10 to your computer and use it in GitHub Desktop.
OAuth2.0 Client for XSJS Classic with Client Credentials Grant Flow
/* OAuth Client for HANA XS - Runtime processing for HANA Base DU
*
* Provide the following functionality:
* - get authorize URI
* - exchange authorization code for access token (authorization code flow)
* - get access token by providing SAML assertion (SAML bearer flow)
* - enrich application request by access token
* - refresh flow
* - revoke token(s)
*
*
*/
var util = $.import("sap.hana.xs.oAuth.lib", "oAuthUtil");
var iDef = $.import("sap.hana.xs.oAuth.lib", "InternalDefinition");
/*
* ---------------------------------------------------------------------------
* Lib Common Data - OAuth Client Config and Exceptions
* ---------------------------------------------------------------------------
*/
function OAuthClient(destPackage, destName){
var oAuthHttpRequest = $.net.http.readOAuthHTTPRequest(destPackage,destName);
this.destinationPackage = destPackage;
this.destinationName = destName;
this.oAuthHttpRequest = oAuthHttpRequest;
var oAuthCC = $.net.http.readOAuthClientConfig(oAuthHttpRequest.clientConfigPackage, oAuthHttpRequest.clientConfigName);
this.oAuthClientConfig = oAuthCC;
this.oAuthFlavorPackage = this.oAuthHttpRequest.flavorPackage;
this.oAuthFlavorName = this.oAuthHttpRequest.flavorName;
this.authorizationCode = "";
this.sessionState = "";
this.appUrl = "";
switch (this.oAuthClientConfig.oauthFlow) {
case 1: this.oauthFlow = "saml2Bearer";break;
case 2: this.oauthFlow = "authCode";break;
default: this.oauthFlow = "UNDEFINED";break;
}
}
function MissingInputException(sType, sSeverity, sMessage) {
this.name = sType;
this.severity = sSeverity;
this.message = sMessage;
}
MissingInputException.prototype = new Error();
MissingInputException.prototype.constructor = MissingInputException;
function InternalErrorException(sType, sSeverity, sMessage) {
this.name = sType;
this.severity = sSeverity;
this.message = sMessage;
}
InternalErrorException.prototype = new Error();
InternalErrorException.prototype.constructor = InternalErrorException;
function MissingConfigException(sType, sSeverity, sMessage) {
this.name = sType;
this.severity = sSeverity;
this.message = sMessage;
}
MissingConfigException.prototype = new Error();
MissingConfigException.prototype.constructor = MissingConfigException;
function InvalidInputException(sType, sSeverity, sMessage) {
this.name = sType;
this.severity = sSeverity;
this.message = sMessage;}
InvalidInputException.prototype = new Error();
InvalidInputException.prototype.constructor = InvalidInputException;
function NoAccessContextException(sType, sSeverity, sMessage) {
this.name = sType;
this.severity = sSeverity;
this.message = sMessage;
}
NoAccessContextException.prototype = new Error();
NoAccessContextException.prototype.constructor = NoAccessContextException;
/*
* ---------------------------------------------------------------------------
* Lib Common functions - Local OAuth Client Utilities
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.getParameterFromConfig = function(parameter){
"use strict";
var result = null;
var parameterClientId = new RegExp("client_id");
var parameterRedirectUri = new RegExp("redirect_uri");
var parameterScope = new RegExp("scope");
var parameterState = new RegExp("state");
var parameterCode = new RegExp("code");
if (parameterClientId.test(parameter)) {
result = this.oAuthClientConfig.clientID;
return result;
}
if (parameterRedirectUri.test(parameter)) {
result = this.oAuthClientConfig.redirectUrl;
return result;
}
if (parameterScope.test(parameter)) {
result = this.oAuthHttpRequest.maxScopesString;
return result;
}
if (parameterState.test(parameter)) {
return this.oAuthHttpRequest.stateCookieName;
}
if (parameterCode.test(parameter)) {
result = this.authorizationCode;
return result;
}
};
//Validate authorization code validity on service provider config level
function isCodeValid(code) {
"use strict";
var isValid = false;
if (code) {
//A real life google example: 4/sLVdhYumfQtVYgUZR173ZN4f2aG_.0hw-SGZU9FQROl05ti8ZT3apX5PYjAI
//Validation - see 1_getToken xsjs test flow: to include "-"; "."; "_";"/"
//These are the additional known characters provided in a code by google
isValid = /^[a-zA-Z0-9\-._\/]*$/.test(code);
}
return isValid;
}
//Set the request or header parameters
OAuthClient.prototype.setOAuthHTTPRequestParams = function(input, step, location) {
// input is a URL (string) for location = "uri"
// is empty for locations = "header" and "param" (use oAuthHttpRequest of oAuthClient)
// maybe empty for location = "uri": In this case use oAuthHttpRequest of oAuthClient
var i = 0,
j = 0;
var paraLen = 0,
flavorLen = 0;
var aParams = [];
var isCollected = [];
var oException = {};
//Serve the interceptor patterns:
var clientSecretPattern = new RegExp(iDef.getTokenType("CS_Type", "AC"));
var accessTokenPattern = new RegExp(iDef.getTokenType("AT_Type", "AC"));
var refreshTokenPattern = new RegExp(iDef.getTokenType("RT_Type", "AC"));
var samlAssertionPattern = new RegExp(iDef.getTokenType("SA_Type", "SB"));
var samlAssertionClientIdAttributeNamePattern = new RegExp("saml_assertion_client_id_attribute_name");
var aFlavor = [];
var replaced = false;
// TODO : Might check !input for authorize uri
if ( !step || !location) {
oException.Type = "MissingArgument";
oException.Severity = "Error";
oException.Message = "Input or parameters missing for setting the request parameters";
$.trace.error("oAuthClient.xsjslib::setOAuthHTTPRequestParams: " + oException.Message);
throw new Error("Context - " + oException.Type + ": " + oException.Message);
}
//Get the relevant flavor parameters to be set for this step:
aFlavor = util.getFlavorByStep(this.oAuthHttpRequest.flavorPackage, this.oAuthHttpRequest.flavorName, step, location);
for (i = 0, flavorLen = aFlavor.length; i < flavorLen; i++) {
var oParamRecord = {};
oParamRecord.name = aFlavor[i].paramName;
oParamRecord.type = aFlavor[i].valueType;
//Regular processing
if (aFlavor[i].valueType === iDef.getValueType("evaluatedType")){
oParamRecord.value = this.getParameterFromConfig(aFlavor[i].paramName);
} else {
oParamRecord.value = aFlavor[i].paramValue;
}
aParams.push(oParamRecord);
}
//Assign loaded flavor parameters with current configuration + security controller data
for (j = 0, paraLen = aParams.length; j < paraLen; j++) {
replaced = false;
if (isCollected.indexOf(aParams[j].name.toUpperCase()) === -1) {
switch (location) {
case iDef.getParameterLocation("headerParameter"):
if (accessTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
if (input.setOAuthAccessToken){ // check required to recognized whether input is of type $.net.HttpRequest (where we can set the access token)
input.setOAuthAccessToken(aParams[j].name, this.oAuthClientConfig.packageID, this.oAuthClientConfig.clientName );
}
break;
}
if (aParams[j].type === iDef.getValueType("secureType") && aParams[j].value === iDef.getBasicAuthenticationName()) {
this.oAuthHttpRequest.setBasicAuthorizationHeader(aParams[j].name, "Basic");
} else {
//Set regular header parameters - no special treatment in this case
this.oAuthHttpRequest.setHeaders(aParams[j].name, aParams[j].value);
}
//Intercept client secret:
if (clientSecretPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
//This is the request pattern if a client secret interception is requested
this.oAuthHttpRequest.setClientSecret(location, aParams[j].name);
}
break;
case iDef.getParameterLocation("requestParameter"):
//Special treatment: Check for an access- or refresh token or client secret interceptor pattern
// Intercept access token
if (accessTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
//This is the request pattern if an access token interception is requested
this.oAuthHttpRequest.setAccessToken(location, aParams[j].name, ""); // no prefix for parameters
replaced = true;
}
// Intercept refresh token
if (refreshTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
//This is the request pattern if a refresh token interception is requested
//$set_refresh_token
this.oAuthHttpRequest.setRefreshToken(location, aParams[j].name, ""); // no prefix for parameters
replaced = true;
}
//Intercept client secret:
if (clientSecretPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
//This is the request pattern if a client secret interception is requested
this.oAuthHttpRequest.setClientSecret(location, aParams[j].name);
replaced = true;
}
//Intercept SAML assertion:
if (samlAssertionPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
//This is the request pattern if a SAML assertion interception is requested
this.oAuthHttpRequest.configureSAMLFlow(aParams[j].name);
replaced = true;
}
//ELSE: Set parameters on a regular base if no special replacement was done.
if (!replaced) {
this.oAuthHttpRequest.setParameters(aParams[j].name, aParams[j].value);
}
break;
case iDef.getParameterLocation("uriParameter"):
if (typeof input === "string" ){
if (j === 0) {
input += "?" + aParams[j].name;
} else {
input += "&" + aParams[j].name;
}
input += "=" + aParams[j].value;
} else {
// Intercept access token
if (accessTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
//This is the request pattern if an access token interception is requested
this.oAuthHttpRequest.setAccessToken(location, aParams[j].name, "");
replaced = true;
}
// Intercept refresh token
if (refreshTokenPattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
//This is the request pattern if a refresh token interception is requested
//$set_refresh_token
this.oAuthHttpRequest.setRefreshToken(location, aParams[j].name, "");
replaced = true;
}
}
break;
case iDef.getParameterLocation("samlAssertionParameter"):
if (samlAssertionClientIdAttributeNamePattern.test(aParams[j].value) && aParams[j].type === iDef.getValueType("secureType")) {
this.oAuthHttpRequest.setSAMLClientIdAttributeName(aParams[j].name);
replaced = true;
}
break;
default:
break;
}
//Did we already collect this name / value record? Otherwise skip or alert next stage!
isCollected[j] = aParams[j].name;
}
}
return input;
};
function dispatchException(oException, source) {
"use strict";
if (util.is401Caused(oException)) {
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = "User is not authorized - access grant missing (401)";
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
if (util.is500Caused(oException)) {
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = "User is no longer authorized - access grant expired (500)"; // if details?: + oException.toString();
//Details: "SyntaxError: JSON.parse: unexpected character; Status: 500"
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
if (util.isSSLCaused(oException)) {
oException.Type = "MissingConfigException";
oException.Severity = "Error";
oException.Message = "SSL requested but trust store assignment is missing (SSL Config)";
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message);
throw new MissingConfigException(oException.Type, oException.Severity, oException.Message);
}
//Any other context is assigned with an internal error exception
oException.Type = "InternalError";
oException.Severity = "Error";
oException.Message = oException.toString();
$.trace.error("AuthConfigHandler.xsjslib:: " + source + " : Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
/*
* ---------------------------------------------------------------------------
* 0.) Get Authorize URI - to be provided as business user self service
* Start of Authorize Code Flow
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.userAuthorizeUri = function (appUrl) {
"use strict";
var oException = {};
if (this.oauthFlow === "saml2Bearer") {
oException.Type = "CallerError";
oException.Severity = "Error";
oException.Message = "Method userAuthorizeUri not supported for flow type saml2Bearer";
$.trace.error("oAuthClient.xsjslib::userAuthorizeUri: Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
try {
this.oAuthHttpRequest.setStateCookie(appUrl, $.response);
var authorizeUri = this.oAuthHttpRequest.authorizationEndpointURL;
this.appUrl = appUrl;
authorizeUri = this.setOAuthHTTPRequestParams(authorizeUri, iDef.getFlavorStepName("userAuthorizeAccessStep"), iDef.getParameterLocation("uriParameter"));
return util.encodeUri(authorizeUri);
} catch (e) {
oException.Type = "InternalError";
oException.Severity = "Error";
oException.Message = "Error when assigning Service Provider Configuration : " + e.toString();
$.trace.error("oAuthClient.xsjslib::userAuthorizeUri: Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
};
/*
* ---------------------------------------------------------------------------
* 1.) Get Token(s) from Code
* Exchange the authorization code into an token set
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.userGrantAccess = function (code) {
"use strict";
var oException = {};
if (!isCodeValid(code)) {
oException.Type = "InvalidInput";
oException.Severity = "Error";
oException.Message = "This code is not accepted: " + code;
$.trace.error("oAuthClient.xsjslib::userGrantAccess: Error: " + oException.Message);
throw new InvalidInputException(oException.Type, oException.Severity, oException.Message);
}
try {
this.authorizationCode = code;
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("headerParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("requestParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("uriParameter"));
var status = this.oAuthHttpRequest.triggerAccessTokenFlow();
return status;
} catch (e) {
oException.Type = "InternalError";
oException.Severity = "Error";
oException.Message = "Error when during user grant access: " + e.toString();
$.trace.error("oAuthClient.xsjslib::userGrantAccess: Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
};
/*
* ---------------------------------------------------------------------------
* 2.) Trigger refresh flow
*
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.userRefreshAccess = function () {
"use strict";
var oException = {};
if (!this.hasValidRefreshToken()) {
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = "No refresh token available";
$.trace.error("oAuthClient.xsjslib::userRefreshAccess: Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
try {
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRefreshAccessStep"), iDef.getParameterLocation("uriParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRefreshAccessStep"), iDef.getParameterLocation("headerParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRefreshAccessStep"), iDef.getParameterLocation("requestParameter"));
return this.oAuthHttpRequest.triggerRefreshTokenFlow();
} catch (e) {
oException.Type = "InternalError";
oException.Severity = "Error";
oException.Message = "Error when during user grant access: " + e.toString();
$.trace.error("oAuthClient.xsjslib::userRefreshAccess: Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
};
/*
* ---------------------------------------------------------------------------
* 3.) Data Processing
*
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.processData = function(appHttpClient, appRequest, appDestination) {
"use strict";
var clientPackage = this.oAuthClientConfig.packageID;
var clientName = this.oAuthClientConfig.clientName;
var response = null;
var responseStatus =null;
var oException = {};
var aSignatureCheck = [{
name: "Client Package",
value: clientPackage
}, {
name: "Service Provider Name",
value: clientName
}, {
name: "Application http client",
value: appHttpClient
}, {
name: "Application Request",
value: appRequest
}, {
name: "Application Resource Destination",
value: appDestination
}
];
//Check input----------------------------------------------------------------------------------------
var signatureCheckResult = util.validateInput(aSignatureCheck);
if (signatureCheckResult !== "") {
oException.Type = "MissingArgument";
oException.Severity = "Error";
oException.Message = "No value provided for the following parameter(s): " +signatureCheckResult;
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message);
throw new MissingInputException(oException.Type, oException.Severity, oException.Message);
}
//Try to use the app provided destination.
try {
util.validateDestination(appDestination);
} catch (e) {
oException.Type = "MissingConfigException";
oException.Severity = "Error";
oException.Message = "Wrong destination setup - please check destination.host and ssl property!";
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message);
throw new MissingConfigException(oException.Type, oException.Severity, oException.Message);
}
//Check if access token is available
if (!this.hasValidAccessToken()) {
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = "No access token available";
$.trace.error("oAuthClient.xsjslib::processData: Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
//Add access token to HTTP request and submit it
try {
try {
this.setOAuthHTTPRequestParams(appRequest, iDef.getFlavorStepName("processDataStep"), iDef.getParameterLocation("headerParameter"));
//appRequest.setOAuthAccessToken("Bearer ", clientPackage, clientName);
appHttpClient.request(appRequest, appDestination);
// ... get the response and back.
response = appHttpClient.getResponse();
// trigger refresh flow
// if (response.status === $.net.http.INTERNAL_SERVER_ERROR || response.status === 401) {
// var refreshStatus = this.userRefreshAccess();
// if (refreshStatus === 200) {
// // Initialize + replay the request
// var replayResponse = null;
// appRequest.setOAuthAccessToken("Bearer ", clientPackage, clientName);
// appHttpClient.request(appRequest, appDestination);
// replayResponse = appHttpClient.getResponse();
// response = replayResponse;
// } else {
// $.trace.debug("OAuthClient.xsjslib::processData: Ignoring refreshAccess with status !=200. Status " + refreshStatus);
// }
// }
} catch (ex) {
oException.Type = "InternalError";
oException.Severity = "Error";
oException.Message = "Error within request processing: " + ex.toString() + "; Status: " + responseStatus;
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message);
throw new Error("Context - " + oException.Type + ": " + oException.Message);
}
} catch (exc) {
//Special handling for 'not authorized/granted' status - we can only assume 401 as all other reasons require
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = exc.toString();
$.trace.error("OAuthClient.xsjslib::processData: Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
return response;
};
/*
* ---------------------------------------------------------------------------
* 4.) Revoke the current access grant of this user
*
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.userRevokeAccess = function () {
"use strict";
var oException = {};
// if (!this.hasValidAccessToken()) {
// oException.Type = "NoAccessContext";
// oException.Severity = "Error";
// oException.Message = "No access token available";
// $.trace.error("oAuthClient.xsjslib::userRevokeAccess: Error: " + oException.Message);
// throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
// }
try {
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRevokeAccessStep"), iDef.getParameterLocation("uriParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRevokeAccessStep"), iDef.getParameterLocation("headerParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userRevokeAccessStep"), iDef.getParameterLocation("requestParameter"));
var status = this.oAuthHttpRequest.triggerRevocationFlow();
return status;
} catch (exc) {
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = exc.toString();
$.trace.error("oAuthClient.xsjslib::userRevokeAccess: Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
};
OAuthClient.prototype.hasValidAccessToken = function () {
"use strict";
var oException = {};
try {
var status = this.oAuthHttpRequest.hasValidAccessToken;
} catch (exc) {
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = exc.toString();
$.trace.error("oAuthClient.xsjslib::hasValidAccessToken: Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
return status;
};
OAuthClient.prototype.hasValidRefreshToken = function () {
"use strict";
var oException = {};
try {
var status = this.oAuthHttpRequest.hasValidRefreshToken;
} catch (exc) {
oException.Type = "NoAccessContext";
oException.Severity = "Error";
oException.Message = exc.toString();
$.trace.error("oAuthClient.xsjslib::hasValidRefreshToken: Error: " + oException.Message);
throw new NoAccessContextException(oException.Type, oException.Severity, oException.Message);
}
return status;
};
/*
* ---------------------------------------------------------------------------
* 6.) SAML Flow
* Exchange a SAML assertion into an token set
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.samlAccess = function () {
"use strict";
var oException = {};
if (this.oauthFlow !== "saml2Bearer") {
oException.Type = "CallerError";
oException.Severity = "Error";
oException.Message = "Method samlAccess not supported for flow type "+this.oauthFlow;
$.trace.error("oAuthClient.xsjslib::samlAccess: Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
try {
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("headerParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("requestParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("uriParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("samlFlowStep"), iDef.getParameterLocation("samlAssertionParameter"));
var status = this.oAuthHttpRequest.triggerAccessTokenFlow();
return status;
} catch (e) {
oException.Type = "InternalError";
oException.Severity = "Error";
oException.Message = "Error during SAML access: " + e.toString();
$.trace.error("oAuthClient.xsjslib::samlAccess: Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
};
/*
* ---------------------------------------------------------------------------
* 7.) Client Credentials Flow
* Use ClientId and ClientSecret to get the access token
* ---------------------------------------------------------------------------
*/
OAuthClient.prototype.clientCredentialsAccess = function () {
"use strict";
const oException = {};
try {
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("headerParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("requestParameter"));
this.setOAuthHTTPRequestParams(this.oAuthHttpRequest, iDef.getFlavorStepName("userGrantAccessStep"), iDef.getParameterLocation("uriParameter"));
var status = this.oAuthHttpRequest.triggerAccessTokenFlow();
return status;
} catch (e) {
oException.Type = "InternalError";
oException.Severity = "Error";
oException.Message = "Error during OAuth2.0 Client Credentials Access : " + e.toString();
$.trace.error("lib.oauth.oAuthClient.xsjslib::clientCredentialsAccess: Error: " + oException.Message);
throw new InternalErrorException(oException.Type, oException.Severity, oException.Message);
}
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment