-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathoidc.ts
111 lines (103 loc) · 3.06 KB
/
oidc.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import { generateTestJwt, getEpochTimeframeForTestJWt } from './jwt';
import type {
OIDCTokenEndpointAccessResponseType,
OIDCTokenEndpointRefreshResponseType,
OIDCUserInfoResponseType,
OIDCUserDataType,
OIDCUserProfileType,
} from './types';
/**
* Generate the OIDC User data
* that is stored in the session storage in key
* `oidc.user:${oidcAuthority}:${oidcClientId}`
* (use `getUserStoreKey()` to retrieve the storage key).
* @param user user information
* @returns session storage value for OIDC user manager
*/
export function generateOIDCUserData(
user: OIDCUserProfileType
): OIDCUserDataType {
const authTime = new Date();
const [, expires_at] = getEpochTimeframeForTestJWt(authTime);
const { encodedToken: access_token } = generateTestJwt({
user,
type: 'Bearer',
authTime,
});
const { encodedToken: id_token, payload: profile } = generateTestJwt({
user,
type: 'ID',
authTime,
});
// NOTE: The refresh token might not be needed.
// const { encodedToken: refresh_token } = generateTestJwt({
// user,
// type: 'Refresh',
// authTime,
// });
return {
access_token,
expires_at,
id_token,
profile,
// refresh_token,
scope: 'openid profile email',
session_state: 'session_state should be mocked out', // example: 'f348b261-e00e-4e8f-b0ec-e84eb0541bec'
token_type: 'Bearer',
};
}
/**
* Generate API tokens that are stored in the session storage for OIDC login provider.
* @param user user information
* @returns tokens that can be used to populate session storage api token fields
*/
export function generateApiTokens(userManager: OIDCUserDataType) {
const { encodedToken: apiToken } = generateTestJwt({
user: userManager.profile,
type: 'Bearer',
});
const apiTokenUserReferenceToken = userManager.access_token;
return { apiToken, apiTokenUserReferenceToken };
}
/**
* Generate a response for authorization service's token endpoint.
* @param user user information
* @returns json object of access and refresh tokens with their expiration info
*/
export function generateTokenEndpointResponse(
user: OIDCUserProfileType
): OIDCTokenEndpointAccessResponseType | OIDCTokenEndpointRefreshResponseType {
const { encodedToken: access_token, payload: accessTokenPayload } =
generateTestJwt({
user,
type: 'Bearer',
});
const { encodedToken: refresh_token, payload: refreshTokenPayload } =
generateTestJwt({
user,
type: 'Refresh',
});
return {
upgraded: false,
access_token,
expires_in:
accessTokenPayload.exp - Math.round(new Date().getTime() / 1000),
refresh_expires_in:
refreshTokenPayload.exp - Math.round(new Date().getTime() / 1000),
refresh_token,
token_type: 'Bearer',
'not-before-policy': 0,
};
}
/**
* Generate a response for authorization service's user info endpoint.
* @param user user information
* @returns response object for user info endpoint request
*/
export function generateUserInfoEndpointResponse(
user: OIDCUserProfileType
): OIDCUserInfoResponseType {
return {
...user,
};
}