UNPKG

8.03 kBTypeScriptView Raw
1export declare class AuthConfig {
2 /**
3 * The client's id as registered with the auth server
4 */
5 clientId?: string;
6 /**
7 * The client's redirectUri as registered with the auth server
8 */
9 redirectUri?: string;
10 /**
11 * An optional second redirectUri where the auth server
12 * redirects the user to after logging out.
13 */
14 postLogoutRedirectUri?: string;
15 /**
16 * Defines whether to use 'redirectUri' as a replacement
17 * of 'postLogoutRedirectUri' if the latter is not set.
18 */
19 redirectUriAsPostLogoutRedirectUriFallback?: boolean;
20 /**
21 * The auth server's endpoint that allows to log
22 * the user in when using implicit flow.
23 */
24 loginUrl?: string;
25 /**
26 * The requested scopes
27 */
28 scope?: string;
29 resource?: string;
30 rngUrl?: string;
31 /**
32 * Defines whether to use OpenId Connect during
33 * implicit flow.
34 */
35 oidc?: boolean;
36 /**
37 * Defines whether to request an access token during
38 * implicit flow.
39 */
40 requestAccessToken?: boolean;
41 options?: any;
42 /**
43 * The issuer's uri.
44 */
45 issuer?: string;
46 /**
47 * The logout url.
48 */
49 logoutUrl?: string;
50 /**
51 * Defines whether to clear the hash fragment after logging in.
52 */
53 clearHashAfterLogin?: boolean;
54 /**
55 * Url of the token endpoint as defined by OpenId Connect and OAuth 2.
56 */
57 tokenEndpoint?: string;
58 /**
59 * Url of the revocation endpoint as defined by OpenId Connect and OAuth 2.
60 */
61 revocationEndpoint?: string;
62 /**
63 * Names of known parameters sent out in the TokenResponse. https://tools.ietf.org/html/rfc6749#section-5.1
64 */
65 customTokenParameters?: string[];
66 /**
67 * Url of the userinfo endpoint as defined by OpenId Connect.
68 */
69 userinfoEndpoint?: string;
70 responseType?: string;
71 /**
72 * Defines whether additional debug information should
73 * be shown at the console. Note that in certain browsers
74 * the verbosity of the console needs to be explicitly set
75 * to include Debug level messages.
76 */
77 showDebugInformation?: boolean;
78 /**
79 * The redirect uri used when doing silent refresh.
80 */
81 silentRefreshRedirectUri?: string;
82 silentRefreshMessagePrefix?: string;
83 /**
84 * Set this to true to display the iframe used for
85 * silent refresh for debugging.
86 */
87 silentRefreshShowIFrame?: boolean;
88 /**
89 * Timeout for silent refresh.
90 * @internal
91 * @deprecated use silentRefreshTimeout
92 */
93 siletRefreshTimeout?: number;
94 /**
95 * Timeout for silent refresh.
96 */
97 silentRefreshTimeout?: number;
98 /**
99 * Some auth servers don't allow using password flow
100 * w/o a client secret while the standards do not
101 * demand for it. In this case, you can set a password
102 * here. As this password is exposed to the public
103 * it does not bring additional security and is therefore
104 * as good as using no password.
105 */
106 dummyClientSecret?: string;
107 /**
108 * Defines whether https is required.
109 * The default value is remoteOnly which only allows
110 * http for localhost, while every other domains need
111 * to be used with https.
112 */
113 requireHttps?: boolean | 'remoteOnly';
114 /**
115 * Defines whether every url provided by the discovery
116 * document has to start with the issuer's url.
117 */
118 strictDiscoveryDocumentValidation?: boolean;
119 /**
120 * JSON Web Key Set (https://tools.ietf.org/html/rfc7517)
121 * with keys used to validate received id_tokens.
122 * This is taken out of the disovery document. Can be set manually too.
123 */
124 jwks?: object;
125 /**
126 * Map with additional query parameter that are appended to
127 * the request when initializing implicit flow.
128 */
129 customQueryParams?: object;
130 silentRefreshIFrameName?: string;
131 /**
132 * Defines when the token_timeout event should be raised.
133 * If you set this to the default value 0.75, the event
134 * is triggered after 75% of the token's life time.
135 */
136 timeoutFactor?: number;
137 /**
138 * If true, the lib will try to check whether the user
139 * is still logged in on a regular basis as described
140 * in http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
141 */
142 sessionChecksEnabled?: boolean;
143 /**
144 * Interval in msec for checking the session
145 * according to http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
146 */
147 sessionCheckIntervall?: number;
148 /**
149 * Url for the iframe used for session checks
150 */
151 sessionCheckIFrameUrl?: string;
152 /**
153 * Name of the iframe to use for session checks
154 */
155 sessionCheckIFrameName?: string;
156 /**
157 * This property has been introduced to disable at_hash checks
158 * and is indented for Identity Provider that does not deliver
159 * an at_hash EVEN THOUGH its recommended by the OIDC specs.
160 * Of course, when disabling these checks then we are bypassing
161 * a security check which means we are more vulnerable.
162 */
163 disableAtHashCheck?: boolean;
164 /**
165 * Defines wether to check the subject of a refreshed token after silent refresh.
166 * Normally, it should be the same as before.
167 */
168 skipSubjectCheck?: boolean;
169 useIdTokenHintForSilentRefresh?: boolean;
170 /**
171 * Defined whether to skip the validation of the issuer in the discovery document.
172 * Normally, the discovey document's url starts with the url of the issuer.
173 */
174 skipIssuerCheck?: boolean;
175 /**
176 * According to rfc6749 it is recommended (but not required) that the auth
177 * server exposes the access_token's life time in seconds.
178 * This is a fallback value for the case this value is not exposed.
179 */
180 fallbackAccessTokenExpirationTimeInSec?: number;
181 /**
182 * final state sent to issuer is built as follows:
183 * state = nonce + nonceStateSeparator + additional state
184 * Default separator is ';' (encoded %3B).
185 * In rare cases, this character might be forbidden or inconvenient to use by the issuer so it can be customized.
186 */
187 nonceStateSeparator?: string;
188 /**
189 * Set this to true to use HTTP BASIC auth for AJAX calls
190 */
191 useHttpBasicAuth?: boolean;
192 /**
193 * The window of time (in seconds) to allow the current time to deviate when validating id_token's iat and exp values.
194 */
195 clockSkewInSec?: number;
196 /**
197 * Decreases the Expiration time of tokens by this number of seconds
198 */
199 decreaseExpirationBySec?: number;
200 /**
201 * The interceptors waits this time span if there is no token
202 */
203 waitForTokenInMsec?: number;
204 /**
205 * Set this to true if you want to use silent refresh together with
206 * code flow. As silent refresh is the only option for refreshing
207 * with implicit flow, you don't need to explicitly turn it on in
208 * this case.
209 */
210 useSilentRefresh?: any;
211 /**
212 * Code Flow is by defauld used together with PKCI which is also higly recommented.
213 * You can disbale it here by setting this flag to true.
214 * https://tools.ietf.org/html/rfc7636#section-1.1
215 */
216 disablePKCE?: boolean;
217 /**
218 * Set this to true to preserve the requested route including query parameters after code flow login.
219 * This setting enables deep linking for the code flow.
220 */
221 preserveRequestedRoute?: boolean;
222 /**
223 * Allows to disable the timer for the id_token used
224 * for token refresh
225 */
226 disableIdTokenTimer?: boolean;
227 /**
228 * Blocks other origins requesting a silent refresh
229 */
230 checkOrigin?: boolean;
231 constructor(json?: Partial<AuthConfig>);
232 /**
233 * This property allows you to override the method that is used to open the login url,
234 * allowing a way for implementations to specify their own method of routing to new
235 * urls.
236 */
237 openUri?: (uri: string) => void;
238}