OpenId from Admin connect
- Create admin environment for redirect uri of openID - Add log out redirect when user click on log out button Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
This commit is contained in:
parent
603045bcad
commit
4c028bfcb3
@ -15,6 +15,7 @@ export const FRONT_URL = process.env.FRONT_URL || "http://localhost";
|
|||||||
export const OPID_CLIENT_ID = process.env.OPID_CLIENT_ID || "";
|
export const OPID_CLIENT_ID = process.env.OPID_CLIENT_ID || "";
|
||||||
export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
|
export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
|
||||||
export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
|
export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
|
||||||
|
export const OPID_CLIENT_REDIREC_URL = process.env.OPID_CLIENT_REDIREC_URL || FRONT_URL + "/jwt";
|
||||||
|
|
||||||
export {
|
export {
|
||||||
SECRET_KEY,
|
SECRET_KEY,
|
||||||
|
@ -150,6 +150,10 @@ class AdminApi {
|
|||||||
|
|
||||||
return ADMIN_URL + `/profile?token=${accessToken}`;
|
return ADMIN_URL + `/profile?token=${accessToken}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async logoutOauth(token: string) {
|
||||||
|
await Axios.get(ADMIN_API_URL + `/oauth/logout?token=${token}`);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export const adminApi = new AdminApi();
|
export const adminApi = new AdminApi();
|
||||||
|
@ -1,7 +1,10 @@
|
|||||||
import { Issuer, Client, IntrospectionResponse } from "openid-client";
|
import { Issuer, Client, IntrospectionResponse } from "openid-client";
|
||||||
import { OPID_CLIENT_ID, OPID_CLIENT_SECRET, OPID_CLIENT_ISSUER, FRONT_URL } from "../Enum/EnvironmentVariable";
|
import {
|
||||||
|
OPID_CLIENT_ID,
|
||||||
const opidRedirectUri = FRONT_URL + "/jwt";
|
OPID_CLIENT_SECRET,
|
||||||
|
OPID_CLIENT_ISSUER,
|
||||||
|
OPID_CLIENT_REDIREC_URL,
|
||||||
|
} from "../Enum/EnvironmentVariable";
|
||||||
|
|
||||||
class OpenIDClient {
|
class OpenIDClient {
|
||||||
private issuerPromise: Promise<Client> | null = null;
|
private issuerPromise: Promise<Client> | null = null;
|
||||||
@ -12,7 +15,7 @@ class OpenIDClient {
|
|||||||
return new issuer.Client({
|
return new issuer.Client({
|
||||||
client_id: OPID_CLIENT_ID,
|
client_id: OPID_CLIENT_ID,
|
||||||
client_secret: OPID_CLIENT_SECRET,
|
client_secret: OPID_CLIENT_SECRET,
|
||||||
redirect_uris: [opidRedirectUri],
|
redirect_uris: [OPID_CLIENT_REDIREC_URL],
|
||||||
response_types: ["code"],
|
response_types: ["code"],
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -20,30 +23,26 @@ class OpenIDClient {
|
|||||||
return this.issuerPromise;
|
return this.issuerPromise;
|
||||||
}
|
}
|
||||||
|
|
||||||
public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) {
|
public authorizationUrl(playUri?: string, redirect?: string) {
|
||||||
return this.initClient().then((client) => {
|
return this.initClient().then((client) => {
|
||||||
return client.authorizationUrl({
|
return client.authorizationUrl({
|
||||||
scope: "openid email",
|
scope: "openid email",
|
||||||
prompt: "login",
|
prompt: "login",
|
||||||
state: state,
|
|
||||||
nonce: nonce,
|
|
||||||
playUri: playUri,
|
playUri: playUri,
|
||||||
redirect: redirect,
|
redirect: redirect,
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string }> {
|
public getUserInfo(accessToken: string): Promise<{ email: string; sub: string; access_token: string }> {
|
||||||
return this.initClient().then((client) => {
|
return this.initClient().then((client) => {
|
||||||
return client.callback(opidRedirectUri, { code }, { nonce }).then((tokenSet) => {
|
return client.userinfo(accessToken).then((res) => {
|
||||||
return client.userinfo(tokenSet).then((res) => {
|
return {
|
||||||
return {
|
...res,
|
||||||
...res,
|
email: res.email as string,
|
||||||
email: res.email as string,
|
sub: res.sub,
|
||||||
sub: res.sub,
|
access_token: accessToken as string,
|
||||||
access_token: tokenSet.access_token as string,
|
};
|
||||||
};
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user