Class: OidcProvider

OidcProvider(connection, options)

The Authentication Provider for OpenID Connect.

See the openid-connect-popup.html and openid-connect-redirect.html files in the /examples/oidc folder for usage examples in the browser.

If you want to implement OIDC in a non-browser environment, you can override the OidcProvider or AuthProvider classes with custom behavior. In this case you must provide a function that creates your new class to the Connection.setOidcProviderFactory() method.

Constructor

new OidcProvider(connection, options)

Creates a new OidcProvider instance to authenticate using OpenID Connect.

Parameters:
Name Type Description
connection Connection

A Connection object representing an established connection to an openEO back-end.
options OidcProviderMeta

OpenID Connect Provider details as returned by the API.
Source:
See:
To Do:
  • Default grant is "implicit" in JS Client 1.0, change to "authorization_code+pkce" in 2.0.

Extends

Members

(protected) connection :Connection

Type:
Overrides:
Source:

Methods

(static) getResponseType(grant) → {string}

Get the response_type based on the grant type.

Parameters:
Name Type Description
grant string

Grant Type
Source:
Throws:
Error
Returns:
Type
string

(static) isSupported() → {boolean}

Checks whether the required OIDC client library openid-client-js is available.

Source:
Returns:
Type
boolean

(static) setSupportedGrants(grants)

Globally sets the supported OpenID Connect grants (flows) to use.

Lists them by priority so that the first grant is the default grant.

Parameters:
Name Type Description
grants Array.<string>

Grants as defined in OpenID Connect Discovery, e.g. implicit and/or authorization_code+pkce
Source:

(static) setUiMethod(method)

Globally sets the UI method (redirect, popup) to use for OIDC authentication.

Parameters:
Name Type Description
method string

Method how to load and show the authentication process. Either popup (opens a popup window) or redirect (HTTP redirects, default).
Source:

(async, static) signinCallback(provider, optionsopt) → {Promise.<Oidc.User>}

Finishes the OpenID Connect sign in (authentication) workflow.

Must be called in the page that OpenID Connect redirects to after logging in.

Parameters:
Name Type Attributes Default Description
provider OidcProvider null

A OIDC provider to assign the user to.
options object.<string, *> <optional>
 {}

Object with additional options.
Source:
See:
Throws:
Error
Returns:

For uiMethod = 'redirect' only: OIDC User (to be assigned to the Connection via setUser if no provider has been specified).

Type
Promise.<Oidc.User>

detectDefaultClient(redirectUrl) → (nullable) {string}

Detects the default OIDC client ID for the given redirect URL.

Sets the grant accordingly.

Parameters:
Name Type Description
redirectUrl string

Redirect URL
Source:
See:
Returns:
Type
string

getDescription() → {string}

Returns the human-readable description for the authentication method / provider.

Overrides:
Source:
Returns:
Type
string

getGrant() → {string}

Returns the grant type (flow) used for OIDC authentication.

Source:
Returns:
Type
string

getId() → {string}

Get an identifier for the auth provider (combination of the type + provider identifier).

Overrides:
Source:
Returns:
Type
string

getIssuer() → {string}

Returns the OpenID Connect / OAuth issuer.

Source:
Returns:
Type
string

getProviderId() → {string}

Returns the provider identifier, may not be available for all authentication methods.

Overrides:
Source:
Returns:
Type
string

getScopes() → {Array.<string>}

Returns the OpenID Connect / OAuth scopes.

Source:
Returns:
Type
Array.<string>

getTitle() → {string}

Returns the human-readable title for the authentication method / provider.

Overrides:
Source:
Returns:
Type
string

getToken() → (nullable) {string}

Returns the access token that is used as Bearer Token in API requests.

Returns null if no access token has been set yet (i.e. not authenticated any longer).

Overrides:
Source:
Returns:
Type
string

getType() → {string}

Returns the type of the authentication procedure as specified by the API, e.g. oidc or basic.

Overrides:
Source:
Returns:
Type
string

getUser() → {Oidc.User}

Returns the OpenID Connect user instance retrieved from the OIDC client library.

Source:
Returns:
Type
Oidc.User

(async) login(clientId, redirectUrl, optionsopt) → {Promise.<void>}

Authenticate with OpenID Connect (OIDC).

Supported only in Browser environments.

Parameters:
Name Type Attributes Default Description
clientId string

Your client application's identifier as registered with the OIDC provider
redirectUrl string

The redirect URI of your client application to receive a response from the OIDC provider.
options object.<string, *> <optional>
 {}

Object with authentication options.
Overrides:
Source:
See:
Throws:
Error
Returns:
Type
Promise.<void>

(async) logout()

Logout from the established session.

Overrides:
Source:

setGrant(grant)

Sets the grant type (flow) used for OIDC authentication.

Parameters:
Name Type Description
grant string

Grant Type
Source:
Throws:
Error

setToken(tokennullable)

Sets the access token that is used as Bearer Token in API requests.

Set to null to remove the access token.

This also manages which auth provider is set for the connection.

Parameters:
Name Type Attributes Description
token string <nullable>
Overrides:
Source:

setUser(user)

Sets the OIDC User.

Parameters:
Name Type Description
user Oidc.User

The OIDC User returned by OidcProvider.signinCallback(). Passing null resets OIDC authentication details.
Source:
See: