@leapdev/auth-agent

Table of Contents

• init
  • Parameters
• login
• logout
• changePassword
  • Parameters
• registerHook
  • Parameters
• getAccessToken
  • Parameters
• getDecodedAccessToken
• userInfo
• getCloudProviderToken
  • Parameters
• cloudProviderUserInfo
• getAdminConsent
  • Parameters
• revokeAdminConsent
• statusAdminConsent
• getLinkMap
• setLinkMap
  • Parameters
• linkUser
  • Parameters
• unlinkUser
  • Parameters
• cloudProviderReauthenticate
  • Parameters
• cloudProviderUpdate
  • Parameters
• registerEventListener
  • Parameters
• authoriseSupport
  • Parameters
• passthrough
  • Parameters

init

Initialize the Auth Agent. This function needs to be called at the very beginning of the loading of the app. If the query contains parameters "code" and "state", the Auth Agent will exchange the auth code for an access_token and store the access_token in memory for later use.

Parameters

• authHost string : LEAP Auth url (required)
• clientId string : LEAP Auth client id (required)
• scopes Array : a list of scopes for the access_token (required)
• autoLogin boolean : If true, the login function is called once the Auth Agent is initialized (optional, default true)
• autoLogout boolean : If true, the user will be automatically logged out after a configurable time interval if no activity detected (optional, default true)
• idleTimeoutInMinutes number : In minutes, the time interval after which the user is automatically logged out if no activity detected (optional, default 30)
• uniqueSession boolean : If true, the same user can't have more than one active session for the same app, based on authHost and clientId (optional, default true)
• autoRefreshToken boolean : If true, AuthAgent would run a background task to refresh access token before they expire(optional, default false)
• rememberMe boolean : If true, AuthAgent would have query remember_me=true, and this would have "Keep me signed in" checkbox checked by default in the login page. (optional, default false)
• hooks object : callback functions(optional, default: no hooks)
  • afterLogin: Callback function that take the access_token, executed after login.
  • beforeLogout: Callback function executed before logout.
  • uniqueSessionTrigger: Callback function executed when unique session triggered.
  • afterRefreshToken: Callback function executed after an access token refreshed.
• initToken string : If provided, AuthAgent would use the jti from the initToken and call "passthrough" to create an auth session(optional, default "")

Returns Promise Nothing if autoLogin is turned off, the access_token if autoLogin is turned on

login

Login function using PKCE flow. Executes hook afterLogin if any.

Returns Promise The access_token

logout

Executes hook beforeLogout if any.

changePassword

Change Password function.

Parameters

• redirectUrl string Url to redirect the browser to after password changed when newWindow = false (current URL by default) (optional, default currentUrl)
• newWindow boolean If newWindow = false, changingPassword process will be executed in the same window. Once this done, user would be force to logout and the browser will be redirected to the redirectUrl (current url by default). If newWindow = true, changingPassword process will be executed in a new window. Once this done, user would be force to logout by pubnub presence message 1) if there is callback fn, the dedicated window will be closed and the callback will be executed. 2) if there is no callback fn, the dedicated window will stay open and user would be navigated to a changePasswordSuccess confirm page (optional, default false)
• callback function The callback function to be executed after changingPassword is done when newWindow = true

registerHook

Allows to register hook on the fly.

Parameters

• name string The name of the hook : afterLogin or beforeLogout
• callback function The callback

getAccessToken

Allows to retrieve the encoded access_token. If refresh is true, make a request to Leap Auth to get a new access token, and return a promise. Otherwise, get the access token stored by JSO and return a string

Returns String The access_token

getRefreshedAccessToken

Parameters

• force boolean Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired

Allows to retrieve the encoded refreshed access_token. This function is similar to "getAccessToken", except it is an async and it would firstly check if the current access token expires. It the access token does expire and it has a refreshToken, it would refresh the access token and return a new access token

Returns Promise The access_token

getDecodedAccessToken

Allows to retrieve the decoded access_token

Returns object The decoded access_token

getDecodedRefreshedAccessToken

Parameters

• force boolean Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired

Allows to retrieve the decoded refreshed access_token

Returns Promise The decoded access_token

userInfo

Returns user info, including external user info if the user is linked to a cloud provider account.

Returns object user info

getCloudProviderToken

Get a cloud proiver token for the current user. Get the token by jti if the paramter exists.

Parameters

• jti string The token id (optional)

Returns Promise The token

cloudProviderUserInfo

Returns the cloud provider info related to the current user.

Returns Promise The info

getAdminConsent

Redirects the browser to the admin consent page of the current user's cloud provider. Then, the browser is redirected to the redirectUrl.

Parameters

• domain string The cloud provider domain of the firm (optional)
• redirectUrl string Url to redirect the browser to after getting the admin consent when newWindow is not true (current URL by default) (optional, default currentUrl)
• newWindow boolean If true, admin consent process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, admin consent process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
• callback function The callback to execute after admin consent is given when newWindow = true

revokeAdminConsent

Revoke admin consent.

Returns Promise

statusAdminConsent

Returns the status of admin consent for the firm

Returns Promise true if admin consent have been given, otherwise false

getLinkMap

Returns the list of all the users of the tenant, each one mapped with it's internal linked user if any.

Returns Promise The map

setLinkMap

Allows to save the mapping between users of the tenant and internal linked users.

Parameters

• linkmap array The map

Returns Promise

linkUser

Link current user to a cloud provider account.

Parameters

• redirectUrl string Url to redirect the browser to after linking the user when newWindow is not true (current URL by default) (optional, default currentUrl)
• newWindow boolean If true, linking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, linking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
• callback function The callback to execute after linking is done when newWindow = true

Returns Promise

unlinkUser

Unlink current user from cloud provider account.

Parameters

• redirectUrl string Url to redirect the browser to after unlinking the user when newWindow is not true (current URL by default) (optional, default currentUrl)
• newWindow boolean If true, unlinking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, unlinking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
• callback function The callback to execute after unlinking is done when newWindow = true

Returns Promise

cloudProviderReauthenticate

Allows to reauthenticate the user against it's cloud provider to renew the access token

Parameters

• nonce string A nonce generated by Leap Auth, required but can be null (required)
• redirectUrl string Url to redirect the browser to after reauthentication when newWindow is not true (current URL by default) (optional, default currentUrl)
• newWindow boolean If true, re-authentication process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, re-authentication process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
• callback function The callback to execute after re-authentication is done when newWindow = true

cloudProviderUpdate

Updates the firm's cloud provider

Parameters

• cloudProviderId string "microsoft", "google" (required)

registerEventListener

Allows to register a callback to execute when receiving a user event for the topic and message type passed as paramters.

Parameters

• topic string The topic (required)
• messageType string The type of message (required)
• callback function The callback to execute when receiving the message (required)

authoriseSupport

Allows to authorise a support request from a support agent.

Parameters

• code string The code of the support request received (required)
• duration string The duration of the support request can be modified by the user. It has to be in momentjs format (optional)

passthrough

Create an auth session and open a new app

Parameters

• url string Url of the app (requried)
• newWindow boolean If true, the new app will be open in the new browser tab. If false, app will be open in the current browser tab. (optional, default false)
• authHost string The authHost that the new app is using. (optional, default value is the same authHost as current app)