/** * Copyright (c) Trimble Inc. */ import { EndpointProvider } from '../interfaces/EndpointProvider'; import RefreshableTokenProvider from './RefreshableTokenProvider'; /** * The Authorization Code grant type is intended to be used by user-facing web applications with a server-side component. * When the user grants authorization, the Identity authorization endpoint provides the client with a short-lived authorization code through a browser redirect. * The client subsequently exchanges the authorization_code for an access_token. * * The Authorization Code with Proof Key for Code Exchange (PKCE) flow is an extension of the Authorization Code grant flow. * Along with the request, the client application sends code_challenge and code_challenge_method. */ export default class AuthorizationCodeGrantTokenProvider extends RefreshableTokenProvider { private readonly _redirectUrl; private _scopes; private _state; private _identityProvider?; /** * Public constructor for AuthorizationCodeGrantTokenProvider class * * @param endpointProvider An endpoint provider that provides the URL for the Trimble Identity authorization and token endpoints. * It can be OpenIdEndpointProvider/FixedEndpointProvider * @param clientId The client id for the calling application * @param redirectUrl The URL to which Trimble Identity should redirect after successfully authenticating a user */ constructor(endpointProvider: EndpointProvider, clientId: string, redirectUrl: string); /** * Fluent extension to add scopes * * @param scopes The scopes to add to the token provider */ WithScopes(scopes: string[]): this; /** * Fluent extension to add logout redirect URL * * @param logoutRedirectUrl The logout redirect URL */ WithLogoutRedirect(logoutRedirectUrl: string): this; /** * Fluent extension to add identity provider * * @param identityProvider The identity provider */ WithIdentityProvider(identityProvider: string): this; /** * Get a redirect URL for Trimble Identity * * @param state An optional state parameter that will be passed back to the caller via the redirect URL * @returns A promise that resolves to the redirect URL * @throws Thrown when an authorization endpoint is not provided by the endpoint provider */ GetOAuthRedirect(state?: string): Promise; /** * Validate the query parameters passed back to the application by Trimble Identity * * @param query The query string from the URL * @returns A promise that resolves to true if the query string is valid * @throws Thrown when a token endpoint is not provided by the endpoint provider * @throws Thrown when a call to the token endpoint fails */ ValidateQuery(query: string): Promise; /** * Return a redirect URL to log out of all Trimble Identity applications * * @param state An optional state parameter that will be passed back to the caller via the redirect URL * @returns A promise that resolves to the value of the redirect URL on completion */ GetOAuthLogoutRedirect(state?: string | null): Promise; /** * Validate the code passed back to the application by Trimble Identity * * @param code from the URL * @returns A promise that resolves to true if the code is valid * @throws Thrown when a token endpoint is not provided by the endpoint provider * @throws Thrown when a call to the token endpoint fails */ ValidateCode(code: string): Promise; /** * Internal method to validate the code passed back to the application by Trimble Identity * * @param code from the URL * @returns A promise that resolves to true if the code is valid */ private _validateCode; }