|
|
@ -16,18 +16,18 @@
|
|
|
|
* under the License.
|
|
|
|
* under the License.
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
var util = function () {
|
|
|
|
var utils = function () {
|
|
|
|
var log = new Log("/app/modules/oauth/util.js");
|
|
|
|
var log = new Log("/app/modules/oauth/token-handler-utils.js");
|
|
|
|
|
|
|
|
|
|
|
|
var privateMethods = {};
|
|
|
|
var deviceMgtProps = require("/app/conf/reader/main.js")["conf"];
|
|
|
|
var publicMethods = {};
|
|
|
|
var constants = require("/app/modules/constants.js");
|
|
|
|
|
|
|
|
var carbon = require("carbon");
|
|
|
|
|
|
|
|
|
|
|
|
var Base64 = Packages.org.apache.commons.codec.binary.Base64;
|
|
|
|
var Base64 = Packages.org.apache.commons.codec.binary.Base64;
|
|
|
|
var String = Packages.java.lang.String;
|
|
|
|
var String = Packages.java.lang.String;
|
|
|
|
|
|
|
|
|
|
|
|
var deviceMgtProps = require("/app/conf/reader/main.js")["conf"];
|
|
|
|
var publicMethods = {};
|
|
|
|
var constants = require("/app/modules/constants.js");
|
|
|
|
var privateMethods = {};
|
|
|
|
var carbon = require("carbon");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.encode = function (payload) {
|
|
|
|
publicMethods.encode = function (payload) {
|
|
|
|
return new String(Base64.encodeBase64(new String(payload).getBytes()));
|
|
|
|
return new String(Base64.encodeBase64(new String(payload).getBytes()));
|
|
|
@ -64,11 +64,11 @@ var util = function () {
|
|
|
|
dynamicClientAppCredentials["clientId"] = responsePayload["client_id"];
|
|
|
|
dynamicClientAppCredentials["clientId"] = responsePayload["client_id"];
|
|
|
|
dynamicClientAppCredentials["clientSecret"] = responsePayload["client_secret"];
|
|
|
|
dynamicClientAppCredentials["clientSecret"] = responsePayload["client_secret"];
|
|
|
|
} else if (xhr["status"] == 400) {
|
|
|
|
} else if (xhr["status"] == 400) {
|
|
|
|
log.error("{/app/modules/oauth/util.js - getDynamicClientAppCredentials()} " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
|
|
|
|
"Bad request. Invalid data provided as dynamic client application properties.");
|
|
|
|
"Bad request. Invalid data provided as dynamic client application properties.");
|
|
|
|
dynamicClientAppCredentials = null;
|
|
|
|
dynamicClientAppCredentials = null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("{/app/modules/oauth/util.js - getDynamicClientAppCredentials()} " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
|
|
|
|
"Error in retrieving dynamic client credentials.");
|
|
|
|
"Error in retrieving dynamic client credentials.");
|
|
|
|
dynamicClientAppCredentials = null;
|
|
|
|
dynamicClientAppCredentials = null;
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -76,11 +76,11 @@ var util = function () {
|
|
|
|
return dynamicClientAppCredentials;
|
|
|
|
return dynamicClientAppCredentials;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.getAccessTokenByPasswordGrantType = function (username, password, encodedClientAppCredentials, scopes) {
|
|
|
|
publicMethods.getTokenPairByPasswordGrantType = function (username, password, encodedClientAppCredentials, scopes) {
|
|
|
|
if (!username || !password || !encodedClientAppCredentials || !scopes) {
|
|
|
|
if (!username || !password || !encodedClientAppCredentials || !scopes) {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving access token by password " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
|
|
|
|
"grant type. No username, password, encoded client app credentials or scopes are " +
|
|
|
|
"grant type. No username, password, encoded client app credentials or scopes are " +
|
|
|
|
"found - getAccessTokenByPasswordGrantType(a, b, c, d)");
|
|
|
|
"found - getTokenPairByPasswordGrantType(a, b, c, d)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
// calling oauth provider token service endpoint
|
|
|
|
// calling oauth provider token service endpoint
|
|
|
@ -101,18 +101,18 @@ var util = function () {
|
|
|
|
tokenPair["refreshToken"] = responsePayload["refresh_token"];
|
|
|
|
tokenPair["refreshToken"] = responsePayload["refresh_token"];
|
|
|
|
return tokenPair;
|
|
|
|
return tokenPair;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving access token by password " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
|
|
|
|
"grant type - getAccessTokenByPasswordGrantType(a, b, c, d)");
|
|
|
|
"by password grant type - getTokenPairByPasswordGrantType(a, b, c, d)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.getAccessTokenBySAMLGrantType = function (assertion, encodedClientAppCredentials, scopes) {
|
|
|
|
publicMethods.getTokenPairBySAMLGrantType = function (assertion, encodedClientAppCredentials, scopes) {
|
|
|
|
if (!assertion || !encodedClientAppCredentials || !scopes) {
|
|
|
|
if (!assertion || !encodedClientAppCredentials || !scopes) {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving access token by saml " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
|
|
|
|
"grant type. No assertion, encoded client app credentials or scopes are " +
|
|
|
|
"grant type. No assertion, encoded client app credentials or scopes are " +
|
|
|
|
"found - getAccessTokenBySAMLGrantType(x, y, z)");
|
|
|
|
"found - getTokenPairBySAMLGrantType(x, y, z)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
var assertionXML = publicMethods.decode(assertion);
|
|
|
|
var assertionXML = publicMethods.decode(assertion);
|
|
|
@ -127,8 +127,8 @@ var util = function () {
|
|
|
|
|
|
|
|
|
|
|
|
var extractedAssertion;
|
|
|
|
var extractedAssertion;
|
|
|
|
if (assertionStartIndex == -1 || assertionEndIndex == -1) {
|
|
|
|
if (assertionStartIndex == -1 || assertionEndIndex == -1) {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving access token by saml grant type. " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access " +
|
|
|
|
"Issue in assertion format - getAccessTokenBySAMLGrantType(x, y, z)");
|
|
|
|
"token by saml grant type. Issue in assertion format - getTokenPairBySAMLGrantType(x, y, z)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
extractedAssertion = assertionXML.
|
|
|
|
extractedAssertion = assertionXML.
|
|
|
@ -153,19 +153,19 @@ var util = function () {
|
|
|
|
tokenPair["refreshToken"] = responsePayload["refresh_token"];
|
|
|
|
tokenPair["refreshToken"] = responsePayload["refresh_token"];
|
|
|
|
return tokenPair;
|
|
|
|
return tokenPair;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving access token by password " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
|
|
|
|
"grant type - getAccessTokenBySAMLGrantType(x, y, z)");
|
|
|
|
"by password grant type - getTokenPairBySAMLGrantType(x, y, z)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.getNewAccessTokenByRefreshToken = function (refreshToken, encodedClientAppCredentials, scopes) {
|
|
|
|
publicMethods.getNewTokenPairByRefreshToken = function (refreshToken, encodedClientAppCredentials, scopes) {
|
|
|
|
if (!refreshToken || !encodedClientAppCredentials) {
|
|
|
|
if (!refreshToken || !encodedClientAppCredentials) {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving new access token by current " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
|
|
|
|
"refresh token. No refresh token or encoded client app credentials are " +
|
|
|
|
"by current refresh token. No refresh token or encoded client app credentials are " +
|
|
|
|
"found - getNewAccessTokenByRefreshToken(x, y, z)");
|
|
|
|
"found - getNewTokenPairByRefreshToken(x, y, z)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
var requestURL = deviceMgtProps["oauthProvider"]["tokenServiceURL"];
|
|
|
|
var requestURL = deviceMgtProps["oauthProvider"]["tokenServiceURL"];
|
|
|
@ -187,8 +187,8 @@ var util = function () {
|
|
|
|
tokenPair["refreshToken"] = responsePayload["refresh_token"];
|
|
|
|
tokenPair["refreshToken"] = responsePayload["refresh_token"];
|
|
|
|
return tokenPair;
|
|
|
|
return tokenPair;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving new access token by " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving new access token by " +
|
|
|
|
"current refresh token - getNewAccessTokenByRefreshToken(x, y, z)");
|
|
|
|
"current refresh token - getNewTokenPairByRefreshToken(x, y, z)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -196,8 +196,9 @@ var util = function () {
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.getAccessTokenByJWTGrantType = function (clientAppCredentials) {
|
|
|
|
publicMethods.getAccessTokenByJWTGrantType = function (clientAppCredentials) {
|
|
|
|
if (!clientAppCredentials) {
|
|
|
|
if (!clientAppCredentials) {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving new access token by current refresh token. " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
|
|
|
|
"No client app credentials are found as input - getAccessTokenByJWTGrantType(x)");
|
|
|
|
"by current refresh token. No client app credentials are found " +
|
|
|
|
|
|
|
|
"as input - getAccessTokenByJWTGrantType(x)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
var JWTClientManagerServicePackagePath =
|
|
|
|
var JWTClientManagerServicePackagePath =
|
|
|
@ -212,15 +213,16 @@ var util = function () {
|
|
|
|
|
|
|
|
|
|
|
|
publicMethods.getTenantBasedClientAppCredentials = function (username, jwtToken) {
|
|
|
|
publicMethods.getTenantBasedClientAppCredentials = function (username, jwtToken) {
|
|
|
|
if (!username || !jwtToken) {
|
|
|
|
if (!username || !jwtToken) {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving tenant based client app " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
|
|
|
|
"credentials. No username or jwt token is found as input - getTenantBasedClientAppCredentials(x, y)");
|
|
|
|
"based client app credentials. No username or jwt token is found " +
|
|
|
|
|
|
|
|
"as input - getTenantBasedClientAppCredentials(x, y)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
var tenantDomain = carbon.server.tenantDomain({username: username});
|
|
|
|
var tenantDomain = carbon.server.tenantDomain({username: username});
|
|
|
|
if (!tenantDomain) {
|
|
|
|
if (!tenantDomain) {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving tenant based client application " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
|
|
|
|
"credentials. Unable to obtain a valid tenant domain for provided " +
|
|
|
|
"based client application credentials. Unable to obtain a valid tenant domain for provided " +
|
|
|
|
"username - getTenantBasedClientAppCredentials(x, y)");
|
|
|
|
"username - getTenantBasedClientAppCredentials(x, y)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
var cachedTenantBasedClientAppCredentials = privateMethods.
|
|
|
|
var cachedTenantBasedClientAppCredentials = privateMethods.
|
|
|
@ -232,7 +234,7 @@ var util = function () {
|
|
|
|
var applicationName = "webapp_" + tenantDomain;
|
|
|
|
var applicationName = "webapp_" + tenantDomain;
|
|
|
|
var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"]
|
|
|
|
var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"]
|
|
|
|
["apiManagerClientAppRegistrationServiceURL"] +
|
|
|
|
["apiManagerClientAppRegistrationServiceURL"] +
|
|
|
|
"?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
|
|
|
|
"?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
|
|
|
|
|
|
|
|
|
|
|
|
var xhr = new XMLHttpRequest();
|
|
|
|
var xhr = new XMLHttpRequest();
|
|
|
|
xhr.open("POST", requestURL, false);
|
|
|
|
xhr.open("POST", requestURL, false);
|
|
|
@ -249,8 +251,9 @@ var util = function () {
|
|
|
|
setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
|
|
|
|
setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
|
|
|
|
return tenantBasedClientAppCredentials;
|
|
|
|
return tenantBasedClientAppCredentials;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("{/app/modules/oauth/util.js} Error in retrieving tenant based client " +
|
|
|
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
|
|
|
|
"application credentials from API Manager - getTenantBasedClientAppCredentials(x, y)");
|
|
|
|
"based client application credentials from API " +
|
|
|
|
|
|
|
|
"Manager - getTenantBasedClientAppCredentials(x, y)");
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|