Class: OidcProvider

OidcProvider(connection, options)

The Authentication Provider for OpenID Connect.

See the openid-connect-popup.html and openid-connect-redirect.html files in the /examples/oidc folder for usage examples in the browser.

If you want to implement OIDC in a non-browser environment, you can override the OidcProvider or AuthProvider classes with custom behavior. In this case you must provide a function that creates your new class to the Connection.setOidcProviderFactory() method.

Constructor

new OidcProvider(connection, options)

Creates a new OidcProvider instance to authenticate using OpenID Connect.

Parameters:
Name Type Description
connection Connection

A Connection object representing an established connection to an openEO back-end.

options OidcProviderMeta

OpenID Connect Provider details as returned by the API.

Source:
See:

Extends

Members

clientId :string|null

The client ID to use for authentication.

Type:
  • string | null
Source:

(protected) connection :Connection

Type:
Overrides:
Source:

defaultClient :OidcClient

The detected default Client.

Type:
Source:

defaultClients :Array.<OidcClient>

The default clients made available by the back-end.

Type:
Source:

grant :string

The grant type (flow) to use for this provider.

Either "authorization_code+pkce" (default) or "implicit"

Type:
  • string
Source:

issuer :string

The issuer, i.e. the link to the identity provider.

Type:
  • string
Source:

Any additional links.

Type:
Source:

refreshTokenScope :string

The scope that is used to request a refresh token.

Type:
  • string
Source:

scopes :Array.<string>

The scopes to be requested.

Type:
  • Array.<string>
Source:

user :Oidc.User

The authenticated OIDC user.

Type:
  • Oidc.User
Source:

(static) grants :Array.<string>

The supported OpenID Connect grants (flows).

The grants are given as defined in openEO API, e.g. implicit and/or authorization_code+pkce If not defined there, consult the OpenID Connect Discovery documentation.

Lists the grants by priority so that the first grant is the default grant. The default grant type since client version 2.0.0 is 'authorization_code+pkce'.

Type:
  • Array.<string>
Source:

(static) redirectUrl :string

The global redirect URL to use.

By default uses the location of the browser, but removes fragment, query and trailing slash. The fragment conflicts with the fragment appended by the Implicit Flow and the query conflicts with the query appended by the Authorization Code Flow. The trailing slash is removed for consistency.

Type:
  • string
Source:

(static) uiMethod :string

The global "UI" method to use to open the login URL, either "redirect" (default) or "popup".

Type:
  • string
Source:

Methods

addListener(event, callback, scopeopt)

Adds a listener to one of the following events:

  • AccessTokenExpiring: Raised prior to the access token expiring.
  • AccessTokenExpired: Raised after the access token has expired.
  • SilentRenewError: Raised when the automatic silent renew has failed.
Parameters:
Name Type Attributes Default Description
event string
callback function
scope string <optional>
"default"
Source:

detectDefaultClient() → {OidcClient|null}

Detects the default OIDC client ID for the given redirect URL.

Sets the grant and client ID accordingly.

Source:
See:
Returns:
Type
OidcClient | null

getDescription() → {string}

Returns the human-readable description for the authentication method / provider.

Overrides:
Source:
Returns:
Type
string

getDisplayName() → (nullable) {string}

Returns a display name for the authenticated user.

Overrides:
Source:
Returns:

Name of the user or null

Type
string

getId() → {string}

Get an identifier for the auth provider (combination of the type + provider identifier).

Overrides:
Source:
Returns:
Type
string

(protected) getOptions(options, requestRefreshTokenopt) → {object.<string, *>}

Returns the options for the OIDC client library.

Options can be overridden by custom options via the options parameter.

Parameters:
Name Type Attributes Default Description
options object.<string, *>
requestRefreshToken boolean <optional>
false

If set to true, adds a scope to request a refresh token.

Source:
See:
Returns:
Type
object.<string, *>

getProviderId() → {string}

Returns the provider identifier, may not be available for all authentication methods.

Overrides:
Source:
Returns:
Type
string

(protected) getResponseType() → {string}

Get the response_type based on the grant type.

Source:
Throws:
Error
Returns:
Type
string

getTitle() → {string}

Returns the human-readable title for the authentication method / provider.

Overrides:
Source:
Returns:
Type
string

getToken() → {string|null}

Returns the access token that is used as Bearer Token in API requests.

Returns null if no access token has been set yet (i.e. not authenticated any longer).

Overrides:
Source:
Returns:
Type
string | null

getType() → {string}

Returns the type of the authentication procedure as specified by the API, e.g. oidc or basic.

Overrides:
Source:
Returns:
Type
string

(async) login(optionsopt, requestRefreshTokenopt) → {Promise.<void>}

Authenticate with OpenID Connect (OIDC).

Supported only in Browser environments.

Parameters:
Name Type Attributes Default Description
options object.<string, *> <optional>
{}

Object with authentication options.

requestRefreshToken boolean <optional>
false

If set to true, adds a scope to request a refresh token.

Overrides:
Source:
See:
Throws:
Error
Returns:
Type
Promise.<void>

(async) logout()

Logout from the established session.

Overrides:
Source:

removeListener(event, scopeopt)

Removes the listener for the given event that has been set with addListener.

Parameters:
Name Type Attributes Default Description
event string
scope string <optional>
"default"
Source:
See:

setClientId(clientId)

Sets the Client ID for OIDC authentication.

This may override a detected default client ID.

Parameters:
Name Type Description
clientId string | null
Source:

setGrant(grant)

Sets the grant type (flow) used for OIDC authentication.

Parameters:
Name Type Description
grant string

Grant Type

Source:
Throws:
Error

setToken(tokennullable)

Sets the access token that is used as Bearer Token in API requests.

Set to null to remove the access token.

This also manages which auth provider is set for the connection.

Parameters:
Name Type Attributes Description
token string <nullable>
Overrides:
Source:

setUser(user)

Sets the OIDC User.

Parameters:
Name Type Description
user Oidc.User | null

The OIDC User. Passing null resets OIDC authentication details.

Source:
See:

(static) isSupported() → {boolean}

Checks whether the required OIDC client library openid-client-js is available.

Source:
Returns:
Type
boolean

(async, static) signinCallback(provider, optionsopt) → {Promise.<?Oidc.User>}

Finishes the OpenID Connect sign in (authentication) workflow.

Must be called in the page that OpenID Connect redirects to after logging in.

Supported only in Browser environments.

Parameters:
Name Type Attributes Default Description
provider OidcProvider null

A OIDC provider to assign the user to.

options object.<string, *> <optional>
{}

Object with additional options.

Source:
See:
Throws:
Error
Returns:

For uiMethod = 'redirect' only: OIDC User

Type
Promise.<?Oidc.User>