forked from markgardner/passport-identityserver3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclient.js
115 lines (92 loc) · 3.19 KB
/
client.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
var common = require('./common'),
extend = require('json-extend');
function Client(config) {
this.config = config;
}
Client.prototype.scope = function() {
return (['openid']).concat(this.config.scopes || []).join(' ');
};
Client.prototype.getTokens = function(req, callback) {
var config = this.config,
params = {
grant_type: 'authorization_code',
code: req.query.code,
redirect_uri: this.callbackUrl(req)
};
getAccessToken(req.session, config, params, callback);
};
Client.prototype.getProfile = function(req, scopes, claims, callback) {
var config = this.config,
params = {
scope: (scopes || []).concat(['openid']).join(' ')
};
if(claims) {
params.claims = JSON.stringify(claims);
}
this.ensureActiveToken(req, function(err, bearerToken) {
if(err) { return callback(err); }
common.json('GET', common.addQuery(config.userinfo_endpoint, params), null, {
Authorization: bearerToken
}, callback);
});
}
Client.prototype.ensureActiveToken = function(req, callback) {
var tokens = req.session.tokens,
config = this.config,
params;
function tokenHandle(err, tokens) {
if(err) {
callback(err);
} else {
callback(null, 'Bearer ' + tokens.access_token);
}
}
if(tokens && Date.now() < tokens.expires_at) {
tokenHandle(null, tokens);
} else if(!tokens.refresh_token) {
tokenHandle(new Error('No refresh token is present'));
} else {
params = {
grant_type: 'refresh_token',
refresh_token: tokens.refresh_token,
scope: this.scope()
};
getAccessToken(req.session, config, params, tokenHandle);
}
};
Client.prototype.callbackUrl = function(req) {
return common.resolveUrl(req, this.config.callback_url);
};
Client.prototype.authorizationUrl = function(req, state) {
var config = this.config,
params = extend({}, {
state: state,
response_type: 'code',
client_id: config.client_id,
redirect_uri: this.callbackUrl(req),
scope: this.scope()
}, config.authorize_params);
return common.addQuery(config.authorization_endpoint, params);
};
Client.prototype.getEndSessionUrl = function(req) {
var session = req.session,
params = {
id_token_hint: session.tokens.id_token,
post_logout_redirect_uri: this.config.post_logout_redirect_uri || common.resolveUrl(req, '/')
};
return common.addQuery(this.config.end_session_endpoint, params);
};
function getAccessToken(session, config, params, callback) {
extend(params, {
client_id: config.client_id,
client_secret: config.client_secret
});
common.form('POST', config.token_endpoint, params, null, function(err, data) {
if(err) { return callback(err) }
data = JSON.parse(data);
data.expires_at = Date.now() + (data.expires_in * 1000) - common.timeout; // Take off a buffer so token won't expire mid call
session.tokens = data;
callback(null, data);
});
}
module.exports = Client;