Constructor
new OAuthUtil()
Methods
(static) init(oauthConfig)
This function creates a new instance of OauthUtil and populates the relevant fields
Parameters:
| Name | Type | Description |
|---|---|---|
oauthConfig |
Returns:
o an instance of the OAuthUtil
(async) getAccessTokenByAuthCode(authCode)
This function gets the access token from the authorization code
Parameters:
| Name | Type | Description |
|---|---|---|
authCode |
String |
Returns:
AccessTokenResponse
(async) getAccessTokenByClientSecret(clientId, clientSecret, scope)
This function gets the access token using the client secret
Parameters:
| Name | Type | Description |
|---|---|---|
clientId |
String | |
clientSecret |
String | |
scope |
String |
Returns:
AccessTokenResponse
(async) getAccessTokenByResourceOwnerCredential(username, password, scope)
This function gets the access token using a resource owner credential
Parameters:
| Name | Type | Description |
|---|---|---|
username |
String | |
password |
String | |
scope |
String |
Returns:
AccessTokenResponse
getCookieNameAccessToken()
Get the name of the cookie storing access token
getCookieNameAccessTokenExpiry()
Get the name of the cookie storing access token expire date
getCookieNameRefreshToken()
Get the name of the cookie storing refresh token
getLogOutUrl()
This function constructs a logout url for oauth
getOpenIdConfig()
This function calls openIdConfigUrl to get openIdConfig and it also fetches any public keys that maybe used to sign tokens
getSigninURL(state)
This function gets the sign in url for oauth
Parameters:
| Name | Type | Description |
|---|---|---|
state |
String |
Returns:
AuthorizationUri
isTokenExpired(accessToken, cookieExpiry) → {Boolean}
This functions validates token expiry without validating signature
Parameters:
| Name | Type | Description |
|---|---|---|
accessToken |
String | |
cookieExpiry |
Number |
Returns:
- Type
- Boolean
isTokenValid(accessToken) → {Boolean}
Verify JWT signature - to verify the requests to middleware that are not forwarded to STRATO to be verified on it's side
Parameters:
| Name | Type | Description |
|---|---|---|
accessToken |
String |
- To Do:
-
- To be fixed to work with all OpenID providers JWKs verification mechanisms. Currently only supports Azure, does not work with Keycloak (RS256 key can't be verified against the JWK cert provided in discovery)
Returns:
- Type
- Boolean
(async) refreshToken(tokenObject)
Refresh an access token, given a token object
Parameters:
| Name | Type | Description |
|---|---|---|
tokenObject |
Returns:
Token response with updated token
(async) validateAndGetNewToken(req, res) → {Promise.<*>}
Validate the express.js API request against the tokens validity, refresh access token seamlessly for user if needed
Parameters:
| Name | Type | Description |
|---|---|---|
req |
||
res |
Returns:
- Type
- Promise.<*>