Constructor
new OidcProvider(connection, options)
Creates a new OidcProvider instance to authenticate using OpenID Connect.
Parameters:
Name | Type | Description |
---|---|---|
connection |
Connection | A Connection object representing an established connection to an openEO back-end. |
options |
OidcProviderMeta | OpenID Connect Provider details as returned by the API. |
- Source:
- See:
Extends
Members
clientId :string|null
The client ID to use for authentication.
Type:
- string | null
- Source:
(protected) connection :Connection
Type:
- Overrides:
- Source:
defaultClient :OidcClient
The detected default Client.
Type:
- Source:
defaultClients :Array.<OidcClient>
The default clients made available by the back-end.
Type:
- Array.<OidcClient>
- Source:
grant :string
The grant type (flow) to use for this provider.
Either "authorization_code+pkce" (default) or "implicit"
Type:
- string
- Source:
issuer :string
The issuer, i.e. the link to the identity provider.
Type:
- string
- Source:
links :Array.<Link>
Any additional links.
Type:
- Array.<Link>
- Source:
refreshTokenScope :string
The scope that is used to request a refresh token.
Type:
- string
- Source:
scopes :Array.<string>
The scopes to be requested.
Type:
- Array.<string>
- Source:
user :Oidc.User
The authenticated OIDC user.
Type:
- Oidc.User
- Source:
(static) grants :Array.<string>
The supported OpenID Connect grants (flows).
The grants are given as defined in openEO API, e.g. implicit
and/or authorization_code+pkce
If not defined there, consult the OpenID Connect Discovery documentation.
Lists the grants by priority so that the first grant is the default grant. The default grant type since client version 2.0.0 is 'authorization_code+pkce'.
Type:
- Array.<string>
- Source:
(static) redirectUrl :string
The global redirect URL to use.
By default uses the location of the browser, but removes fragment, query and trailing slash. The fragment conflicts with the fragment appended by the Implicit Flow and the query conflicts with the query appended by the Authorization Code Flow. The trailing slash is removed for consistency.
Type:
- string
- Source:
(static) uiMethod :string
The global "UI" method to use to open the login URL, either "redirect" (default) or "popup".
Type:
- string
- Source:
Methods
addListener(event, callback, scopeopt)
Adds a listener to one of the following events:
- AccessTokenExpiring: Raised prior to the access token expiring.
- AccessTokenExpired: Raised after the access token has expired.
- SilentRenewError: Raised when the automatic silent renew has failed.
Parameters:
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
event |
string | |||
callback |
function | |||
scope |
string |
<optional> |
"default" |
- Source:
detectDefaultClient() → {OidcClient|null}
Detects the default OIDC client ID for the given redirect URL.
Sets the grant and client ID accordingly.
- Source:
- See:
Returns:
- Type
- OidcClient | null
getDescription() → {string}
Returns the human-readable description for the authentication method / provider.
- Overrides:
- Source:
Returns:
- Type
- string
getDisplayName() → (nullable) {string}
Returns a display name for the authenticated user.
- Overrides:
- Source:
Returns:
Name of the user or null
- Type
- string
getId() → {string}
Get an identifier for the auth provider (combination of the type + provider identifier).
- Overrides:
- Source:
Returns:
- Type
- string
(protected) getOptions(options, requestRefreshTokenopt) → {object.<string, *>}
Returns the options for the OIDC client library.
Options can be overridden by custom options via the options parameter.
Parameters:
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
options |
object.<string, *> | |||
requestRefreshToken |
boolean |
<optional> |
false | If set to |
- Source:
- See:
Returns:
- Type
- object.<string, *>
getProviderId() → {string}
Returns the provider identifier, may not be available for all authentication methods.
- Overrides:
- Source:
Returns:
- Type
- string
(protected) getResponseType() → {string}
Get the response_type based on the grant type.
- Source:
Throws:
Returns:
- Type
- string
getTitle() → {string}
Returns the human-readable title for the authentication method / provider.
- Overrides:
- Source:
Returns:
- Type
- string
getToken() → {string|null}
Returns the access token that is used as Bearer Token in API requests.
Returns null
if no access token has been set yet (i.e. not authenticated any longer).
- Overrides:
- Source:
Returns:
- Type
- string | null
getType() → {string}
Returns the type of the authentication procedure as specified by the API, e.g. oidc
or basic
.
- Overrides:
- Source:
Returns:
- Type
- string
(async) login(optionsopt, requestRefreshTokenopt) → {Promise.<void>}
Authenticate with OpenID Connect (OIDC).
Supported only in Browser environments.
Parameters:
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
options |
object.<string, *> |
<optional> |
{} | Object with authentication options. |
requestRefreshToken |
boolean |
<optional> |
false | If set to |
- Overrides:
- Source:
- See:
Throws:
Returns:
- Type
- Promise.<void>
(async) logout()
Logout from the established session.
- Overrides:
- Source:
removeListener(event, scopeopt)
Removes the listener for the given event that has been set with addListener.
Parameters:
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
event |
string | |||
scope |
string |
<optional> |
"default" |
- Source:
- See:
setClientId(clientId)
Sets the Client ID for OIDC authentication.
This may override a detected default client ID.
Parameters:
Name | Type | Description |
---|---|---|
clientId |
string | null |
- Source:
setGrant(grant)
Sets the grant type (flow) used for OIDC authentication.
Parameters:
Name | Type | Description |
---|---|---|
grant |
string | Grant Type |
- Source:
Throws:
setToken(tokennullable)
Sets the access token that is used as Bearer Token in API requests.
Set to null
to remove the access token.
This also manages which auth provider is set for the connection.
Parameters:
Name | Type | Attributes | Description |
---|---|---|---|
token |
string |
<nullable> |
- Overrides:
- Source:
setUser(user)
Sets the OIDC User.
Parameters:
Name | Type | Description |
---|---|---|
user |
Oidc.User | null | The OIDC User. Passing |
(static) isSupported() → {boolean}
Checks whether the required OIDC client library openid-client-js
is available.
- Source:
Returns:
- Type
- boolean
(async, static) signinCallback(provider, optionsopt) → {Promise.<?Oidc.User>}
Finishes the OpenID Connect sign in (authentication) workflow.
Must be called in the page that OpenID Connect redirects to after logging in.
Supported only in Browser environments.
Parameters:
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
provider |
OidcProvider | null | A OIDC provider to assign the user to. |
|
options |
object.<string, *> |
<optional> |
{} | Object with additional options. |
- Source:
- See:
Throws:
Returns:
For uiMethod = 'redirect' only: OIDC User
- Type
- Promise.<?Oidc.User>