This repository was archived by the owner on Dec 12, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 39
Expand file tree
/
Copy pathAuthenticationResult.js
More file actions
154 lines (135 loc) · 5.25 KB
/
AuthenticationResult.js
File metadata and controls
154 lines (135 loc) · 5.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
'use strict';
var nJwt = require('njwt');
var Resource = require('./Resource');
var utils = require('../utils');
/**
* @class AuthenticationResult
*
* @description
* Encapsulates an authentication result, and provides a method for getting the
* account that was authenticated. An Authentication Result is not constructed
* manually, instead it is returned from one of these methods:
*
* - {@link Application#authenticateAccount Application.authenticateAccount()}
* - {@link Application#authenticateApiRequest Application.authenticateApiRequest()}
*
* @param {Object} authenticationResult
* The raw JSON data of the Application resource, as retrieved from the
* Stormpath REST API.
*/
function AuthenticationResult() {
AuthenticationResult.super_.apply(this, arguments);
Object.defineProperty(this, 'application', { enumerable:false, writable:true });
Object.defineProperty(this, 'forApiKey', { enumerable:false, writable:true });
Object.defineProperty(this, 'ttl', { enumerable:false, writable:true, value: 3600 });
}
utils.inherits(AuthenticationResult, Resource);
/**
* Retrieves the account resource of the user that has been authenticated.
*
* @param {ExpansionOptions} [options]
* For retrieving linked resources of the {@link Account} during this request.
*
* @param {Function} Callback
* Callback function, will be called with (err, {@link Account account}).
*/
AuthenticationResult.prototype.getAccount = function getAuthenticationResultAccount(/* [options,] callback */) {
var args = utils.resolveArgs(arguments, ['options', 'callback'], true);
return this.dataStore.getResource(this.account.href, args.options, require('./Account'), args.callback);
};
/**
* Create a signed JWT that can be used to authenticate this account in the
* future with one of these methods:
*
* - {@link JwtAuthenticator#authenticate JwtAuthenticator.authenticate()}
* - {@link Application#authenticateApiRequest Application.authenticateApiRequest()}
*
* The token is tied to the application which generated the authentication
* result, the `iss` field will the the HREF of the application and the `sub`
* field will be the ID of the {@link ApiKey} of the {@link Account} that
* authenticated.
*
* **Warning**: Tokens created through this method are not managed by the
* Stormpath REST API (they are stateless). If you need Stormpath to track
* the tokens, please use the {@link OAuthPasswordGrantRequestAuthenticator}
* to obtain an access token and refresh token for the user.
*
* @example
*
* var jwt = authenticationResult.getJwt();
*
* jwt.setExpiration(new Date('2015-07-01')); // A specific date
* jwt.setExpiration(new Date().getTime() + (60*60*1000)); // One hour from now
*
* // Compact the JWT to a Base64-URL encoded token.
* var accessToken = jwt.compact();
*
* @returns {Jwt}
*/
AuthenticationResult.prototype.getJwt = function getJwt() {
var secret = this.application.dataStore.requestExecutor
.options.client.apiKey.secret;
var jwt = nJwt.create({
iss: this.application.href,
sub: this.forApiKey ? this.forApiKey.id : this.account.href,
jti: utils.uuid()
}, secret);
jwt.setExpiration(new Date().getTime() + (this.ttl * 1000));
return jwt;
};
/**
* This method calls {@link AuthenticationResult#getJwt getJwt()} to create a
* JWT for account, and returns it as a Base64-URL encoded token.
*
* @example <caption>Get a compacted JWT access token for this account</caption>
* var accessToken = authenticationResult.getAccessTokenResponse();
*
* @example <caption>Access token format</caption>
* eyJraWQiOiI2NldURFJVM1paSkNZVFJVVlZTUUw3WEJOIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ.eyJqdGkiOiIzV0llS3N1SmR6YWR5YzN4U1ltc1l6IiwiaWF0IjoxNDY5ODMzNzQ3LCJpc3MiOiJodHRwczovL2FwaS5zdG9ybXBhdGguY29tL3YxL2FwcGxpY2F0aW9ucy8yNGs3SG5ET3o0dFE5QVJzQnRQVU42Iiwic3ViIjoiaHR0cHM6Ly9hcGkuc3Rvcm1wYXRoLmNvbS92MS9hY2NvdW50cy8yRWRHb3htbGpuODBlRHZjM0JzS05EIiwiZXhwIjoxNDY5ODM0MzQ3LCJydGkiOiIzV0llS3BhRWpQSGZMbXk2R0l2Ynd2In0.9J7HvhgJZxvxuE-0PiarTDTFPCVVLR_nvRByULNA01Q
*/
AuthenticationResult.prototype.getAccessToken = function getAccessToken(jwt) {
return (jwt || this.getJwt()).compact();
};
/**
* This method calls {@link AuthenticationResult#getJwt getJwt()} to create a
* JWT for account, and returns as an an OAuth-compatible response body.
*
* @example <caption>Get an access token response body for this account.</caption>
* var responseBody = authenticationResult.getAccessTokenResponse();
*
* @example <caption>Response body format</caption>
* {
* "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc ...",
* "expires_in": 3600,
* "token_type": "bearer",
* "scope": "given-scope"
* }
*/
AuthenticationResult.prototype.getAccessTokenResponse = function getAccessTokenResponse(jwt) {
jwt = jwt || this.getJwt();
var resp = {
'access_token': jwt.compact(),
'token_type': 'Bearer',
'expires_in': this.ttl
};
if(jwt.body.scope){
resp.scope = jwt.body.scope;
}
return resp;
};
/**
* @name AuthenticationResult.grantedScopes
*
* @type {Array}
*
* @description
*
* Exists if the authentication result was created from a previously issued
* OAuth Access Token which has granted scopes, it will be an array of strings
* which are the granted scopes.
*
* @example
*
* ['scope-a', 'scope-b']
*/
module.exports = AuthenticationResult;