UNPKG

9.25 kBJavaScriptView Raw
1"use strict";
2/*
3 * Copyright (c) Microsoft Corporation. All rights reserved.
4 * Licensed under the MIT License.
5 */
6Object.defineProperty(exports, "__esModule", { value: true });
7exports.Authority = exports.AuthorityType = void 0;
8var tslib_1 = require("tslib");
9var ClientConfigurationError_1 = require("../error/ClientConfigurationError");
10var XHRClient_1 = require("../XHRClient");
11var UrlUtils_1 = require("../utils/UrlUtils");
12var TrustedAuthority_1 = require("./TrustedAuthority");
13var Constants_1 = require("../utils/Constants");
14/**
15 * @hidden
16 */
17var AuthorityType;
18(function (AuthorityType) {
19 AuthorityType[AuthorityType["Default"] = 0] = "Default";
20 AuthorityType[AuthorityType["Adfs"] = 1] = "Adfs";
21})(AuthorityType = exports.AuthorityType || (exports.AuthorityType = {}));
22/**
23 * @hidden
24 */
25var Authority = /** @class */ (function () {
26 function Authority(authority, validateAuthority, authorityMetadata) {
27 this.IsValidationEnabled = validateAuthority;
28 this.CanonicalAuthority = authority;
29 this.validateAsUri();
30 this.tenantDiscoveryResponse = authorityMetadata;
31 }
32 Authority.isAdfs = function (authorityUrl) {
33 var components = UrlUtils_1.UrlUtils.GetUrlComponents(authorityUrl);
34 var pathSegments = components.PathSegments;
35 return (pathSegments.length && pathSegments[0].toLowerCase() === Constants_1.Constants.ADFS);
36 };
37 Object.defineProperty(Authority.prototype, "AuthorityType", {
38 get: function () {
39 return Authority.isAdfs(this.canonicalAuthority) ? AuthorityType.Adfs : AuthorityType.Default;
40 },
41 enumerable: false,
42 configurable: true
43 });
44 Object.defineProperty(Authority.prototype, "Tenant", {
45 get: function () {
46 return this.CanonicalAuthorityUrlComponents.PathSegments[0];
47 },
48 enumerable: false,
49 configurable: true
50 });
51 Object.defineProperty(Authority.prototype, "AuthorizationEndpoint", {
52 get: function () {
53 this.validateResolved();
54 return this.tenantDiscoveryResponse.AuthorizationEndpoint.replace(/{tenant}|{tenantid}/g, this.Tenant);
55 },
56 enumerable: false,
57 configurable: true
58 });
59 Object.defineProperty(Authority.prototype, "EndSessionEndpoint", {
60 get: function () {
61 this.validateResolved();
62 return this.tenantDiscoveryResponse.EndSessionEndpoint.replace(/{tenant}|{tenantid}/g, this.Tenant);
63 },
64 enumerable: false,
65 configurable: true
66 });
67 Object.defineProperty(Authority.prototype, "SelfSignedJwtAudience", {
68 get: function () {
69 this.validateResolved();
70 return this.tenantDiscoveryResponse.Issuer.replace(/{tenant}|{tenantid}/g, this.Tenant);
71 },
72 enumerable: false,
73 configurable: true
74 });
75 Authority.prototype.validateResolved = function () {
76 if (!this.hasCachedMetadata()) {
77 throw "Please call ResolveEndpointsAsync first";
78 }
79 };
80 Object.defineProperty(Authority.prototype, "CanonicalAuthority", {
81 /**
82 * A URL that is the authority set by the developer
83 */
84 get: function () {
85 return this.canonicalAuthority;
86 },
87 set: function (url) {
88 this.canonicalAuthority = UrlUtils_1.UrlUtils.CanonicalizeUri(url);
89 this.canonicalAuthorityUrlComponents = null;
90 },
91 enumerable: false,
92 configurable: true
93 });
94 Object.defineProperty(Authority.prototype, "CanonicalAuthorityUrlComponents", {
95 get: function () {
96 if (!this.canonicalAuthorityUrlComponents) {
97 this.canonicalAuthorityUrlComponents = UrlUtils_1.UrlUtils.GetUrlComponents(this.CanonicalAuthority);
98 }
99 return this.canonicalAuthorityUrlComponents;
100 },
101 enumerable: false,
102 configurable: true
103 });
104 Object.defineProperty(Authority.prototype, "DefaultOpenIdConfigurationEndpoint", {
105 // http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
106 get: function () {
107 return (this.AuthorityType === AuthorityType.Adfs) ? "" + this.CanonicalAuthority + Constants_1.WELL_KNOWN_SUFFIX : this.CanonicalAuthority + "v2.0/" + Constants_1.WELL_KNOWN_SUFFIX;
108 },
109 enumerable: false,
110 configurable: true
111 });
112 /**
113 * Given a string, validate that it is of the form https://domain/path
114 */
115 Authority.prototype.validateAsUri = function () {
116 var components;
117 try {
118 components = this.CanonicalAuthorityUrlComponents;
119 }
120 catch (e) {
121 throw ClientConfigurationError_1.ClientConfigurationErrorMessage.invalidAuthorityType;
122 }
123 if (!components.Protocol || components.Protocol.toLowerCase() !== "https:") {
124 throw ClientConfigurationError_1.ClientConfigurationErrorMessage.authorityUriInsecure;
125 }
126 if (!components.PathSegments || components.PathSegments.length < 1) {
127 throw ClientConfigurationError_1.ClientConfigurationErrorMessage.authorityUriInvalidPath;
128 }
129 };
130 /**
131 * Calls the OIDC endpoint and returns the response
132 */
133 Authority.prototype.DiscoverEndpoints = function (openIdConfigurationEndpoint, telemetryManager, correlationId) {
134 var client = new XHRClient_1.XhrClient();
135 var httpMethod = Constants_1.NetworkRequestType.GET;
136 var httpEvent = telemetryManager.createAndStartHttpEvent(correlationId, httpMethod, openIdConfigurationEndpoint, "openIdConfigurationEndpoint");
137 return client.sendRequestAsync(openIdConfigurationEndpoint, httpMethod, /* enableCaching: */ true)
138 .then(function (response) {
139 httpEvent.httpResponseStatus = response.statusCode;
140 telemetryManager.stopEvent(httpEvent);
141 return {
142 AuthorizationEndpoint: response.body["authorization_endpoint"],
143 EndSessionEndpoint: response.body["end_session_endpoint"],
144 Issuer: response.body["issuer"]
145 };
146 })
147 .catch(function (err) {
148 httpEvent.serverErrorCode = err;
149 telemetryManager.stopEvent(httpEvent);
150 throw err;
151 });
152 };
153 /**
154 * Returns a promise.
155 * Checks to see if the authority is in the cache
156 * Discover endpoints via openid-configuration
157 * If successful, caches the endpoint for later use in OIDC
158 */
159 Authority.prototype.resolveEndpointsAsync = function (telemetryManager, correlationId) {
160 return tslib_1.__awaiter(this, void 0, void 0, function () {
161 var host, openIdConfigurationEndpointResponse, _a;
162 return tslib_1.__generator(this, function (_b) {
163 switch (_b.label) {
164 case 0:
165 if (!this.IsValidationEnabled) return [3 /*break*/, 3];
166 host = this.canonicalAuthorityUrlComponents.HostNameAndPort;
167 if (!(TrustedAuthority_1.TrustedAuthority.getTrustedHostList().length === 0)) return [3 /*break*/, 2];
168 return [4 /*yield*/, TrustedAuthority_1.TrustedAuthority.setTrustedAuthoritiesFromNetwork(this.canonicalAuthority, telemetryManager, correlationId)];
169 case 1:
170 _b.sent();
171 _b.label = 2;
172 case 2:
173 if (!TrustedAuthority_1.TrustedAuthority.IsInTrustedHostList(host)) {
174 throw ClientConfigurationError_1.ClientConfigurationError.createUntrustedAuthorityError(host);
175 }
176 _b.label = 3;
177 case 3:
178 openIdConfigurationEndpointResponse = this.GetOpenIdConfigurationEndpoint();
179 _a = this;
180 return [4 /*yield*/, this.DiscoverEndpoints(openIdConfigurationEndpointResponse, telemetryManager, correlationId)];
181 case 4:
182 _a.tenantDiscoveryResponse = _b.sent();
183 return [2 /*return*/, this.tenantDiscoveryResponse];
184 }
185 });
186 });
187 };
188 /**
189 * Checks if there is a cached tenant discovery response with required fields.
190 */
191 Authority.prototype.hasCachedMetadata = function () {
192 return !!(this.tenantDiscoveryResponse &&
193 this.tenantDiscoveryResponse.AuthorizationEndpoint &&
194 this.tenantDiscoveryResponse.EndSessionEndpoint &&
195 this.tenantDiscoveryResponse.Issuer);
196 };
197 /**
198 * Returns a promise which resolves to the OIDC endpoint
199 * Only responds with the endpoint
200 */
201 Authority.prototype.GetOpenIdConfigurationEndpoint = function () {
202 return this.DefaultOpenIdConfigurationEndpoint;
203 };
204 return Authority;
205}());
206exports.Authority = Authority;
207//# sourceMappingURL=Authority.js.map
\No newline at end of file