| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465 |
- /*
- * @copyright
- * Copyright © Microsoft Open Technologies, Inc.
- *
- * All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http: *www.apache.org/licenses/LICENSE-2.0
- *
- * THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS
- * OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
- * ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A
- * PARTICULAR PURPOSE, MERCHANTABILITY OR NON-INFRINGEMENT.
- *
- * See the Apache License, Version 2.0 for the specific language
- * governing permissions and limitations under the License.
- */
- 'use strict';
- var argument = require('./argument');
- var Authority = require('./authority').Authority;
- var TokenRequest = require('./token-request');
- var CodeRequest = require('./code-request');
- var createLogContext = require('./log').createLogContext;
- var MemoryCache = require('./memory-cache');
- var util = require('./util');
- var constants = require('./constants');
- var globalADALOptions = {};
- var globalCache = new MemoryCache();
- /**
- * This function is used to add or remove entries from a TokenCache
- * @typedef {function} ModifyCacheFunction
- * @param {Array} entries An array of entries to either add or remove from the TokenCache
- * @param {function} callback A callback function to call when the add or remove operation is complete.
- * This function can take a single error argument.
- */
- /**
- * This function is called by a TokenCache when a find operation completes.
- * @callback TokenCacheFindCallback
- * @param {Error} [err] If an error occurred during the find operation then it should be passed here.
- * @param {Array} [entries] If the find operation was succesful then the matched entries should be returned here.
- */
- /**
- * This function is called by ADAL to query a TokenCache. The query parameter is
- * a flat object which must be compared against entries in the cache. An entry
- * matches if it has all of the fields in the query and the values of those fields match
- * the values in the query. A matched object may have more fields than the query object.
- * @typedef {function} FindCacheFunction
- * @param {object} query This object should be compared to cache entries and matches should be returned.
- * @param {TokenCacheFindCallback} callback This callback should be called when the find operation is complete.
- */
- /**
- * This is an interface that can be implemented to provide custom token cache persistence.
- * @public
- * @class TokenCache
- * @property {ModifyCacheFunction} add Called by ADAL when entries should be added to the cache.
- * @property {ModifyCacheFunction} remove Called by ADAL when entries should be removed from the cache.
- * @property {FindCacheFunction} find Called when ADAL needs to find entries in the cache.
- */
- /**
- * Creates a new AuthenticationContext object. By default the authority will be checked against
- * a list of known Azure Active Directory authorities. If the authority is not recognized as
- * one of these well known authorities then token acquisition will fail. This behavior can be
- * turned off via the validateAuthority parameter below.
- * @constructor
- * @param {string} authority A URL that identifies a token authority.
- * @param {bool} [validateAuthority] Turns authority validation on or off. This parameter default to true.
- * @param {TokenCache} [cache] Sets the token cache used by this AuthenticationContext instance. If this parameter is not set
- * then a default, in memory cache is used. The default in memory cache is global to the process and is
- * shared by all AuthenticationContexts that are created with an empty cache parameter. To control the
- * scope and lifetime of a cache you can either create a {@link MemoryCache} instance and pass it when
- * constructing an AuthenticationContext or implement a custom {@link TokenCache} and pass that. Cache
- * instances passed at AuthenticationContext construction time are only used by that instance of
- * the AuthenticationContext and are not shared unless it has been manually passed during the
- * construction of other AuthenticationContexts.
- *
- */
- function AuthenticationContext(authority, validateAuthority, cache) {
- var validate = (validateAuthority === undefined || validateAuthority === null || validateAuthority);
- this._authority = new Authority(authority, validate);
- this._oauth2client = null;
- this._correlationId = null;
- this._callContext = { options : globalADALOptions };
- this._cache = cache || globalCache;
- this._tokenRequestWithUserCode = {};
- }
- /**
- * Gets the authority url this AuthenticationContext was constructed with.
- * @instance
- * @memberOf AuthenticationContext
- * @type {string}
- * @name authority
- */
- Object.defineProperty(AuthenticationContext.prototype, 'authority', {
- get: function () {
- return this._authority.url;
- }
- });
- /**
- * Gets/Sets the correlation id that will be used for the next acquireToken request.
- * @instance
- * @memberOf AuthenticationContext
- * @type {string}
- * @name correlationId
- */
- Object.defineProperty(AuthenticationContext.prototype, 'correlationId', {
- get: function () {
- return this._correlationId;
- },
- set: function (id) {
- this._correlationId = id;
- }
- });
- /**
- * Get/Sets options that are applied to requests generated by this AuthenticationContext instance.
- * @instance
- * @memberOf AuthenticationContext
- * @type {object}
- * @name options
- */
- Object.defineProperty(AuthenticationContext.prototype, 'options', {
- get: function() {
- return this._callContext.options;
- },
- set: function (value) {
- this._callContext.options = value;
- }
- });
- /**
- * Get the token cache used by this AuthenticationContext instance.
- * @instance
- * @memberOf AuthenticationContext
- * @type {object}
- * @name cache
- */
- Object.defineProperty(AuthenticationContext.prototype, 'cache', {
- get: function() {
- return this._cache;
- },
- });
- /**
- * This will be returned in case the OAuth 2 service returns an error.
- * @typedef ErrorResponse
- * @property {string} [error] A server error.
- * @property {string} [errorDescription] A description of the error returned.
- */
- /**
- * Contains tokens and metadata upon successful completion of an acquireToken call.
- * @typedef TokenResponse
- * @property {string} tokenType The type of token returned.
- * @property {string} accessToken The returned access token.
- * @property {string} [refreshToken] A refresh token.
- * @property {Date} [createdOn] The date on which the access token was created.
- * @property {Date} expiresOn The Date on which the access token expires.
- * @property {int} expiresIn The amount of time, in seconds, for which the token is valid.
- * @property {string} [userId] An id for the user. May be a displayable value if is_user_id_displayable is true.
- * @property {bool} [isUserIdDisplayable] Indicates whether the user_id property will be meaningful if displayed to a user.
- * @property {string} [tenantId] The identifier of the tenant under which the access token was issued.
- * @property {string} [givenName] The given name of the principal represented by the access token.
- * @property {string} [familyName] The family name of the principal represented by the access token.
- * @property {string} [identityProvider] Identifies the identity provider that issued the access token.
- */
- /**
- * This is the callback that is passed to all acquireToken variants below.
- * @callback AcquireTokenCallback
- * @param {Error} [error] If the request fails this parameter will contain an Error object.
- * @param {TokenResponse|ErrorResponse} [response] On a succesful request returns a {@link TokenResposne}.
- */
- /**
- * This function implements code that is common to all acquireToken flows.
- * @private
- * @param {AcquireTokenCallback} callback
- * @param {Function} tokenFunction This is the function to call to actually acquire the token after common flow has completed.
- */
- AuthenticationContext.prototype._acquireToken = function(callback, tokenFunction) {
- var self = this;
- this._callContext._logContext = createLogContext(this.correlationId);
- this._authority.validate(this._callContext, function(err) {
- if (err) {
- callback(err);
- return;
- }
- tokenFunction.call(self);
- });
- };
- AuthenticationContext.prototype._acquireUserCode = function (callback, codeFunction) {
- var self = this;
- this._callContext._logContext = createLogContext(this.correlationId);
- this._authority.validate(this._callContext, function (err) {
- if (err) {
- callback(err);
- return;
- }
- codeFunction.call(self);
- });
- };
- /**
- * Gets a token for a given resource.
- * @param {string} resource A URI that identifies the resource for which the token is valid.
- * @param {string} [userId] The username of the user on behalf this application is authenticating.
- * @param {string} [clientId] The OAuth client id of the calling application.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireToken = function(resource, userId, clientId, callback) {
- argument.validateCallbackType(callback);
- try {
- argument.validateStringParameter(resource, 'resource');
- argument.validateStringParameter(clientId, 'clientId');
- } catch(err) {
- callback(err);
- return;
- }
- this._acquireToken(callback, function() {
- var tokenRequest = new TokenRequest(this._callContext, this, clientId, resource);
- tokenRequest.getTokenFromCacheWithRefresh(userId, callback);
- });
- };
- /**
- * Gets a token for a given resource.
- * @param {string} resource A URI that identifies the resource for which the token is valid.
- * @param {string} username The username of the user on behalf this application is authenticating.
- * @param {string} password The password of the user named in the username parameter.
- * @param {string} clientId The OAuth client id of the calling application.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireTokenWithUsernamePassword = function(resource, username, password, clientId, callback) {
- argument.validateCallbackType(callback);
- try {
- argument.validateStringParameter(resource, 'resource');
- argument.validateStringParameter(username, 'username');
- argument.validateStringParameter(password, 'password');
- argument.validateStringParameter(clientId, 'clientId');
- } catch(err) {
- callback(err);
- return;
- }
- this._acquireToken(callback, function() {
- var tokenRequest = new TokenRequest(this._callContext, this, clientId, resource);
- tokenRequest.getTokenWithUsernamePassword(username, password, callback);
- });
- };
- /**
- * Gets a token for a given resource.
- * @param {string} resource A URI that identifies the resource for which the token is valid.
- * @param {string} clientId The OAuth client id of the calling application.
- * @param {string} clientSecret The OAuth client secret of the calling application.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireTokenWithClientCredentials = function(resource, clientId, clientSecret, callback) {
- argument.validateCallbackType(callback);
- try {
- argument.validateStringParameter(resource, 'resource');
- argument.validateStringParameter(clientId, 'clientId');
- argument.validateStringParameter(clientSecret, 'clientSecret');
- } catch (err) {
- callback(err);
- return;
- }
- this._acquireToken(callback, function() {
- var tokenRequest = new TokenRequest(this._callContext, this, clientId, resource);
- tokenRequest.getTokenWithClientCredentials(clientSecret, callback);
- });
- };
- /**
- * Gets a token for a given resource.
- * @param {string} authorizationCode An authorization code returned from a client.
- * @param {string} redirectUri The redirect uri that was used in the authorize call.
- * @param {string} resource A URI that identifies the resource for which the token is valid.
- * @param {string} clientId The OAuth client id of the calling application.
- * @param {string} clientSecret The OAuth client secret of the calling application.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireTokenWithAuthorizationCode = function(authorizationCode, redirectUri, resource, clientId, clientSecret, callback) {
- argument.validateCallbackType(callback);
- try {
- argument.validateStringParameter(resource, 'resource');
- argument.validateStringParameter(authorizationCode, 'authorizationCode');
- argument.validateStringParameter(redirectUri, 'redirectUri');
- argument.validateStringParameter(clientId, 'clientId');
- } catch(err) {
- callback(err);
- return;
- }
- this._acquireToken(callback, function() {
- var tokenRequest = new TokenRequest(this._callContext, this, clientId, resource, redirectUri);
- tokenRequest.getTokenWithAuthorizationCode(authorizationCode, clientSecret, callback);
- });
- };
- /**
- * Gets a new access token via a previously issued refresh token.
- * @param {string} refreshToken A refresh token returned in a tokne response from a previous invocation of acquireToken.
- * @param {string} clientId The OAuth client id of the calling application.
- * @param {string} [clientSecret] The OAuth client secret of the calling application. (Note: this parameter is a late addition.
- * This parameter may be ommitted entirely so that applications built before this change will continue
- * to work unchanged.)
- * @param {string} resource The OAuth resource for which a token is being request. This parameter is optional and can be set to null.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireTokenWithRefreshToken = function(refreshToken, clientId, clientSecret, resource, callback) {
- // Fix up the arguments. Older clients may pass fewer arguments as the clientSecret paramter did not always exist.
- // The code needs to make adjustments for those clients.
- var clientSecretPresent = (5 === arguments.length);
- var actualClientSecret = clientSecretPresent ? clientSecret : null;
- var actualCallback = clientSecretPresent ? arguments[4] : arguments[3];
- var actualResource = clientSecretPresent ? arguments[3] : arguments[2];
- argument.validateCallbackType(actualCallback);
- try {
- argument.validateStringParameter(refreshToken, 'refreshToken');
- argument.validateStringParameter(clientId, 'clientId');
- } catch(err) {
- callback(err);
- return;
- }
- this._acquireToken(callback, function() {
- var tokenRequest = new TokenRequest(this._callContext, this, clientId, actualResource);
- tokenRequest.getTokenWithRefreshToken(refreshToken, actualClientSecret, actualCallback);
- });
- };
- /**
- * Gets a new access token using via a certificate credential.
- * @param {string} resource A URI that identifies the resource for which the token is valid.
- * @param {string} clientId The OAuth client id of the calling application.
- * @param {string} certificate A PEM encoded certificate private key.
- * @param {string} thumbprint A hex encoded thumbprint of the certificate.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireTokenWithClientCertificate = function(resource, clientId, certificate, thumbprint, callback) {
- argument.validateCallbackType(callback);
- try {
- argument.validateStringParameter(resource, 'resource');
- argument.validateStringParameter(certificate, 'certificate');
- argument.validateStringParameter(thumbprint, 'thumbprint');
- } catch(err) {
- callback(err);
- return;
- }
- this._acquireToken(callback, function() {
- var tokenRequest = new TokenRequest(this._callContext, this, clientId, resource);
- tokenRequest.getTokenWithCertificate(certificate, thumbprint, callback);
- });
- };
- /**
- * Gets the userCodeInfo which contains user_code, device_code for authenticating user on device.
- * @param {string} resource A URI that identifies the resource for which the device_code and user_code is valid for.
- * @param {string} clientId The OAuth client id of the calling application.
- * @param {string} language The language code specifying how the message should be localized to.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireUserCode = function(resource, clientId, language, callback) {
- argument.validateCallbackType(callback);
-
- try {
- argument.validateStringParameter(resource, 'resource');
- argument.validateStringParameter(clientId, 'clientId');
- } catch (err) {
- callback(err);
- return;
- }
- this._acquireUserCode(callback, function () {
- var codeRequest = new CodeRequest(this._callContext, this, clientId, resource);
- codeRequest.getUserCodeInfo(language, callback);
- });
- };
- /**
- * Gets a new access token using via a device code.
- * @note This method doesn't look up the cache, it only stores the returned token into cache. To look up cache before making a new request,
- * please use acquireToken.
- * @param {string} clientId The OAuth client id of the calling application.
- * @param {object} userCodeInfo Contains device_code, retry interval, and expire time for the request for get the token.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.acquireTokenWithDeviceCode = function(resource, clientId, userCodeInfo, callback){
- argument.validateCallbackType(callback);
- try{
- argument.validateUserCodeInfo(userCodeInfo);
- } catch (err) {
- callback(err);
- return;
- }
- var self = this;
- this._acquireToken(callback, function() {
- var tokenRequest = new TokenRequest(this._callContext, this, clientId, resource, null);
- self._tokenRequestWithUserCode[userCodeInfo[constants.UserCodeResponseFields.DEVICE_CODE]] = tokenRequest;
- tokenRequest.getTokenWithDeviceCode(userCodeInfo, callback);
- })
- };
- /**
- * Cancels the polling request to get token with device code.
- * @param {object} userCodeInfo Contains device_code, retry interval, and expire time for the request for get the token.
- * @param {AcquireTokenCallback} callback The callback function.
- */
- AuthenticationContext.prototype.cancelRequestToGetTokenWithDeviceCode = function (userCodeInfo, callback) {
- argument.validateCallbackType(callback);
- try {
- argument.validateUserCodeInfo(userCodeInfo);
- } catch (err) {
- callback(err);
- return;
- }
- if (!this._tokenRequestWithUserCode || !this._tokenRequestWithUserCode[userCodeInfo[constants.UserCodeResponseFields.DEVICE_CODE]]) {
- callback(new Error('No acquireTokenWithDeviceCodeRequest existed to be cancelled'));
- return;
- }
- var tokenRequestToBeCancelled = this._tokenRequestWithUserCode[userCodeInfo[constants.UserCodeResponseFields.DEVICE_CODE]];
- tokenRequestToBeCancelled.cancelTokenRequestWithDeviceCode();
- delete this._tokenRequestWithUserCode[constants.UserCodeResponseFields.DEVICE_CODE];
- };
- var exports = {
- AuthenticationContext : AuthenticationContext,
- setGlobalADALOptions : function(options) {
- globalADALOptions = options;
- },
- getGlobalADALOptions : function() {
- return globalADALOptions;
- }
- };
- util.adalInit();
- module.exports = exports;
|