@leapdev/auth-agent
v2.3.0
Published
LEAP Auth Agent
Downloads
36,527
Maintainers
Keywords
Readme
Table of Contents
- init
- login
- logout
- changePassword
- registerHook
- getAccessToken
- getDecodedAccessToken
- userInfo
- getCloudProviderToken
- cloudProviderUserInfo
- getAdminConsent
- revokeAdminConsent
- statusAdminConsent
- getLinkMap
- setLinkMap
- linkUser
- unlinkUser
- cloudProviderReauthenticate
- cloudProviderUpdate
- registerEventListener
- authoriseSupport
- passthrough
init
Initialize the Auth Agent. This function needs to be called at the very beginning of the loading of the app. If the query contains parameters "code" and "state", the Auth Agent will exchange the auth code for an access_token and store the access_token in memory for later use.
Parameters
authHost
string : LEAP Auth url (required)clientId
string : LEAP Auth client id (required)scopes
Array : a list of scopes for the access_token (required)autoLogin
boolean : If true, the login function is called once the Auth Agent is initialized (optional, defaulttrue
)autoLogout
boolean : If true, the user will be automatically logged out after a configurable time interval if no activity detected (optional, defaulttrue
)idleTimeoutInMinutes
number : In minutes, the time interval after which the user is automatically logged out if no activity detected (optional, default30
)uniqueSession
boolean : If true, the same user can't have more than one active session for the same app, based on authHost and clientId (optional, defaulttrue
)userPresence
boolean : If true, the same user can't have more than one active session between web applications and LEAP Desktop (optional, defaultfalse
)autoRefreshToken
boolean : If true, AuthAgent would run a background task to refresh access token before they expire(optional, defaultfalse
)rememberMe
boolean : If true, AuthAgent would have queryremember_me=true
, and this would have "Keep me signed in" checkbox checked by default in the login page. (optional, defaultfalse
)hooks
object : callback functions(optional, default: no hooks)- afterLogin: Callback function that take the access_token, executed after login.
- beforeLogout: Callback function executed before logout.
- uniqueSessionTrigger: Callback function executed when unique session triggered.
- userPresenceTrigger: Callback function executed when user presence triggered.
- afterRefreshToken: Callback function executed after an access token refreshed.
initToken
string : If provided, AuthAgent would use the jti from the initToken and call "passthrough" to create an auth session(optional, default""
)
Returns Promise Nothing if autoLogin is turned off, the access_token if autoLogin is turned on
login
Login function using PKCE flow. Executes hook afterLogin if any.
Parameters
force_2fa
boolean Force user to do a 2fa challenge (optional, defaultfalse
)
Returns Promise The access_token
logout
Executes hook beforeLogout if any.
changePassword
Change Password function.
Parameters
redirectUrl
string Url to redirect the browser to after password changed when newWindow = false (current URL by default) (optional, defaultcurrentUrl
)newWindow
boolean If newWindow = false, changingPassword process will be executed in the same window. Once this done, user would be force to logout and the browser will be redirected to the redirectUrl (current url by default). If newWindow = true, changingPassword process will be executed in a new window. Once this done, user would be force to logout by pubnub presence message 1) if there is callback fn, the dedicated window will be closed and the callback will be executed. 2) if there is no callback fn, the dedicated window will stay open and user would be navigated to a changePasswordSuccess confirm page (optional, defaultfalse
)callback
function The callback function to be executed after changingPassword is done when newWindow = true
registerHook
Allows to register hook on the fly.
Parameters
getAccessToken
Allows to retrieve the encoded access_token. If refresh is true, make a request to Leap Auth to get a new access token, and return a promise. Otherwise, get the access token stored by JSO and return a string
Returns String The access_token
getRefreshedAccessToken
Parameters
force
boolean Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired
Allows to retrieve the encoded refreshed access_token. This function is similar to "getAccessToken", except it is an async and it would firstly check if the current access token expires. It the access token does expire and it has a refreshToken, it would refresh the access token and return a new access token
Returns Promise The access_token
getDecodedAccessToken
Allows to retrieve the decoded access_token
Returns object The decoded access_token
getDecodedRefreshedAccessToken
Parameters
force
boolean Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired
Allows to retrieve the decoded refreshed access_token
Returns Promise The decoded access_token
userInfo
Returns user info, including external user info if the user is linked to a cloud provider account.
Returns object user info
getCloudProviderToken
Get a cloud proiver token for the current user. Get the token by jti if the paramter exists.
Parameters
jti
string The token id (optional)
Returns Promise The token
cloudProviderUserInfo
Returns the cloud provider info related to the current user.
Returns Promise The info
getAdminConsent
Redirects the browser to the admin consent page of the current user's cloud provider. Then, the browser is redirected to the redirectUrl.
Parameters
domain
string The cloud provider domain of the firm (optional)redirectUrl
string Url to redirect the browser to after getting the admin consent when newWindow is not true (current URL by default) (optional, defaultcurrentUrl
)newWindow
boolean If true, admin consent process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, admin consent process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, defaultfalse
)callback
function The callback to execute after admin consent is given when newWindow = true
revokeAdminConsent
Revoke admin consent.
Returns Promise
statusAdminConsent
Returns the status of admin consent for the firm
Returns Promise true if admin consent have been given, otherwise false
getLinkMap
Returns the list of all the users of the tenant, each one mapped with it's internal linked user if any.
Returns Promise The map
setLinkMap
Allows to save the mapping between users of the tenant and internal linked users.
Parameters
linkmap
array The map
Returns Promise
linkUser
Link current user to a cloud provider account.
Parameters
redirectUrl
string Url to redirect the browser to after linking the user when newWindow is not true (current URL by default) (optional, defaultcurrentUrl
)newWindow
boolean If true, linking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, linking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, defaultfalse
)callback
function The callback to execute after linking is done when newWindow = true
Returns Promise
unlinkUser
Unlink current user from cloud provider account.
Parameters
redirectUrl
string Url to redirect the browser to after unlinking the user when newWindow is not true (current URL by default) (optional, defaultcurrentUrl
)newWindow
boolean If true, unlinking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, unlinking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, defaultfalse
)callback
function The callback to execute after unlinking is done when newWindow = true
Returns Promise
cloudProviderReauthenticate
Allows to reauthenticate the user against it's cloud provider to renew the access token
Parameters
nonce
string A nonce generated by Leap Auth, required but can be null (required)redirectUrl
string Url to redirect the browser to after reauthentication when newWindow is not true (current URL by default) (optional, defaultcurrentUrl
)newWindow
boolean If true, re-authentication process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, re-authentication process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, defaultfalse
)callback
function The callback to execute after re-authentication is done when newWindow = true
cloudProviderUpdate
Updates the firm's cloud provider
Parameters
cloudProviderId
string "microsoft", "google" (required)
registerEventListener
Allows to register a callback to execute when receiving a user event for the topic and message type passed as paramters.
Parameters
topic
string The topic (required)messageType
string The type of message (required)callback
function The callback to execute when receiving the message (required)
authoriseSupport
Allows to authorise a support request from a support agent.
Parameters
code
string The code of the support request received (required)duration
string The duration of the support request can be modified by the user. It has to be in momentjs format (optional)
passthrough
Create an auth session and open a new app
Parameters
url
string Url of the app (requried)newWindow
boolean If true, the new app will be open in the new browser tab. If false, app will be open in the current browser tab. (optional, defaultfalse
)authHost
string The authHost that the new app is using. (optional, default value is the same authHost as current app)