This repository has been archived by the owner on Oct 18, 2023. It is now read-only.
forked from FelipeBuiles/react-native-app-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
139 lines (123 loc) · 4.05 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
import invariant from 'invariant';
import { NativeModules, Platform } from 'react-native';
const { RNAppAuth } = NativeModules;
const validateIssuerOrServiceConfigurationEndpoints = (issuer, serviceConfiguration) =>
invariant(
typeof issuer === 'string' ||
(serviceConfiguration &&
typeof serviceConfiguration.authorizationEndpoint === 'string' &&
typeof serviceConfiguration.tokenEndpoint === 'string'),
'Config error: you must provide either an issuer or a service endpoints'
);
const validateIssuerOrServiceConfigurationRevocationEndpoint = (issuer, serviceConfiguration) =>
invariant(
typeof issuer === 'string' ||
(serviceConfiguration && typeof serviceConfiguration.revocationEndpoint === 'string'),
'Config error: you must provide either an issuer or a revocation endpoint'
);
const validateClientId = clientId =>
invariant(typeof clientId === 'string', 'Config error: clientId must be a string');
const validateRedirectUrl = redirectUrl =>
invariant(typeof redirectUrl === 'string', 'Config error: redirectUrl must be a string');
export const authorize = ({
issuer,
redirectUrl,
clientId,
clientSecret,
scopes,
useNonce = true,
usePKCE = true,
additionalParameters,
serviceConfiguration,
dangerouslyAllowInsecureHttpRequests = false,
}) => {
validateIssuerOrServiceConfigurationEndpoints(issuer, serviceConfiguration);
validateClientId(clientId);
validateRedirectUrl(redirectUrl);
// TODO: validateAdditionalParameters
const nativeMethodArguments = [
issuer,
redirectUrl,
clientId,
clientSecret,
scopes,
additionalParameters,
serviceConfiguration,
];
if (Platform.OS === 'android') {
nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
}
if (Platform.OS === 'ios') {
nativeMethodArguments.push(useNonce);
nativeMethodArguments.push(usePKCE);
}
return RNAppAuth.authorize(...nativeMethodArguments);
};
export const refresh = (
{
issuer,
redirectUrl,
clientId,
clientSecret,
scopes,
additionalParameters,
serviceConfiguration,
dangerouslyAllowInsecureHttpRequests = false,
},
{ refreshToken }
) => {
validateIssuerOrServiceConfigurationEndpoints(issuer, serviceConfiguration);
validateClientId(clientId);
validateRedirectUrl(redirectUrl);
invariant(refreshToken, 'Please pass in a refresh token');
// TODO: validateAdditionalParameters
const nativeMethodArguments = [
issuer,
redirectUrl,
clientId,
clientSecret,
refreshToken,
scopes,
additionalParameters,
serviceConfiguration,
];
if (Platform.OS === 'android') {
nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
}
return RNAppAuth.refresh(...nativeMethodArguments);
};
export const revoke = async (
{ clientId, issuer, serviceConfiguration },
{ tokenToRevoke, sendClientId = false }
) => {
invariant(tokenToRevoke, 'Please include the token to revoke');
validateClientId(clientId);
validateIssuerOrServiceConfigurationRevocationEndpoint(issuer, serviceConfiguration);
let revocationEndpoint;
if (serviceConfiguration && serviceConfiguration.revocationEndpoint) {
revocationEndpoint = serviceConfiguration.revocationEndpoint;
} else {
const response = await fetch(`${issuer}/.well-known/openid-configuration`);
const openidConfig = await response.json();
invariant(
openidConfig.revocation_endpoint,
'The openid config does not specify a revocation endpoint'
);
revocationEndpoint = openidConfig.revocation_endpoint;
}
/**
Identity Server insists on client_id being passed in the body,
but Google does not. According to the spec, Google is right
so defaulting to no client_id
https://tools.ietf.org/html/rfc7009#section-2.1
**/
return await fetch(revocationEndpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `token=${tokenToRevoke}${sendClientId ? `&client_id=${clientId}` : ''}`,
}).catch(error => {
throw new Error('Failed to revoke token', error);
});
};