Generate the loginApi class and export for usage.

Author: wparad

docs/AuthenticationRequest.md

@@ -0,0 +1,7 @@
+# AuthenticationRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**authenticationUrl** | **String** | The recommended next url for the user to navigate to complete the authentication and log in successfully. |

docs/LoginApi.md

@@ -0,0 +1,37 @@
+# Login API
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**updateAuthenticationrequest**](LoginApi.md#updateAuthenticationRequest) | **PATCH** /api/authentication/{authenticationRequestId} | Update authentication request
+
+## updateAuthenticationRequest
+
+> AuthenticationRequest updateAuthenticationRequest(authenticationRequestId, selfHostedLoginApplicationUrl, updateAuthenticationRequestParameters)
+
+Update authentication request
+
+Patch an authentication request and update the properties. Use this to add in a connection ID, tenant ID, or other parameters so the user can complete their authentication and log in. This method should always and only be called from your custom self-hosted login screen: https://authress.io/app/#/settings?focus=branding
+
+### Example
+
+```javascript
+import { AuthressClient, Tenant } from '@authress/sdk';
+
+const authenticationRequestId = request.body.state; // AuthenticationRequestId
+const updateAuthenticationRequestParameters = new UpdateAuthenticationRequestParameters();
+updateAuthenticationRequestParameters.connectionId = 'con_connectionID';
+await new AuthressClient().login.updateAuthenticationRequest(authenticationRequestId, selfHostedLoginApplicationUrl, updateAuthenticationRequestParameters);
+```
+
+### Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **authenticationRequestId** | **String**| The ID of the authentication request. When redirected from the Authress authenticate() call, this value is found in the `state` parameter of the url. | 
+ **selfHostedLoginApplicationUrl** | **String**| The application url for the self hosted login screen specified in the advanced options: https://authress.io/app/#/settings?focus=branding. If you are not using a self hosted login screen then this method should not be called. | 
+ **updateAuthenticationRequestParameters** | [**UpdateAuthenticationRequestParameters**](UpdateAuthenticationRequestParameters.md)|  | The properties of the authentication request to updated.
+
+### Return type
+
+[**AuthenticationRequest**](AuthenticationRequest.md)

docs/UpdateAuthenticationRequestParameters.md

@@ -0,0 +1,11 @@
+# UpdateAuthenticationRequestParameters
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**connectionId** | **String** | Specify which provider connection that user would like to use to log in - see https://authress.io/app/#/manage?focus=connections | [optional]
+**tenantLookupIdentifier** | **String** | Instead of connectionId, specify the tenant lookup identifier to log the user with the mapped tenant - see https://authress.io/app/#/manage?focus=tenants | [optional]
+**hint** | **String** | Instead of connectionId or tenant lookup identifier, specify the user's domain or the full email for the user to dynamically identify and log the user with the mapped tenant. | [optional]
+**inviteId** | **String** | Invite to use to login, only one of the connectionId, tenantLookupIdentifier, or the inviteId is required. | [optional]
+**connectionProperties** | [**ConnectionDefaultConnectionProperties**](ConnectionDefaultConnectionProperties.md) | Overrides the connection specific properties from the Authress Identity Connection to pass to the identity provider | [optional]

index.d.ts

@@ -28,6 +28,8 @@ import { Statement, LinkedGroup, User } from './src/records/dtos';
 export * from './src/invites/api';
 export * from './src/invites/dtos';
 
+import { LoginApi } from './src/login/api';
+
 /**
  * The Authress SDK primary settings object to be used with new AuthressClient.
  * @export
@@ -986,21 +988,6 @@ export interface UsersApi {
   setUserTokenConfiguration(userId: string, tokenConfiguration: UserTokenConfiguration): Promise<Response<void>>;
 }
 
-export interface ExtensionAuthenticationParameters {
-  /** The redirect to your login screen will contain two query parameters `state`. Pass the state into this method. */
-  state: string;
-  /** Specify which provider connection that user would like to use to log in - see https://authress.io/app/#/manage?focus=connections */
-  connectionId?: string;
-  /** Instead of connectionId, specify the tenant lookup identifier to log the user with the mapped tenant - see https://authress.io/app/#/manage?focus=tenants */
-  tenantLookupIdentifier?: string;
-  /** Instead of connectionId or tenant lookup identifier, specify the user's domain or the full email for the user to dynamically identify and log the user with the mapped tenant. */
-  hint?: string;
-  /** Invite to use to login, only one of the connectionId, tenantLookupIdentifier, or the inviteId is required. */
-  inviteId?: string;
-  /** Overrides the connection specific properties from the Authress Identity Connection to pass to the identity provider */
-  connectionProperties?: Record<string, string>;
-}
-
 /**
  * AuthressClient
  * @export
@@ -1089,6 +1076,12 @@ export class AuthressClient {
    */
   tenants: TenantsApi;
 
+  /**
+   * @summary The Login api
+   * @type {LoginApi}
+   */
+  login: LoginApi;
+
   /**
    * @summary Verify an incoming Authress JWT request access token here.
    * @type {Function<Promise<Record<string, unknown>>>}
@@ -1097,13 +1090,6 @@ export class AuthressClient {
    * @throws {TokenVerificationError}
    */
   verifyToken(jwtToken: string): Promise<Record<string, unknown>>;
-
-  /**
-   * @description When a platform extension attempts to log a user in, the Authress Login page will redirect to your Platform defaultAuthenticationUrl. At this point, show the user the login screen, and then pass the results of the login to this method.
-   * @param {ExtensionAuthenticationParameters} settings Parameters for controlling how and when users should be authenticated for the app.
-   * @return {Promise<AuthenticateResponse>} Automatically redirects the user to the appropriate location, unless the connectionId matches a legacy authentication flow.
-   */
-  updateExtensionAuthenticationRequest(settings: ExtensionAuthenticationParameters): Promise<AuthenticateResponse>;
 }
 
 /**

index.js

@@ -12,7 +12,7 @@ const ExtensionsApi = require('./src/extensionsApi');
 const TenantsApi = require('./src/tenantsApi');
 const ServiceClientTokenProvider = require('./src/serviceClientTokenProvider');
 const TokenVerifier = require('./src/tokenVerifier');
-const jwtManager = require('./src/jwtManager');
+const LoginApi = require('./src/loginApi');
 
 class AuthressClient {
   constructor(settings, tokenProvider) {
@@ -31,6 +31,7 @@ class AuthressClient {
     this.connections = new ConnectionsApi(this.httpClient);
     this.extensions = new ExtensionsApi(this.httpClient);
     this.tenants = new TenantsApi(this.httpClient);
+    this.login = new LoginApi(this.httpClient);
   }
 
   /**
@@ -43,50 +44,6 @@ class AuthressClient {
   verifyToken(token) {
     return TokenVerifier(this.httpClient, token);
   }
-
-  /**
-   * @description When a platform extension attempts to log a user in, the Authress Login page will redirect to your Platform defaultAuthenticationUrl. At this point, show the user the login screen, and then pass the results of the login to this method.
-   * @param {String} [state] The redirect to your login screen will contain two query parameters `state` and `flow`. Pass the state into this method.
-   * @param {String} [connectionId] Specify which provider connection that user would like to use to log in - see https://authress.io/app/#/manage?focus=connections
-   * @param {String} [tenantLookupIdentifier] Instead of connectionId, specify the tenant lookup identifier to log the user with the mapped tenant - see https://authress.io/app/#/manage?focus=tenants
-   * @param {String} [hint] Instead of connectionId or tenant lookup identifier, specify the user's domain or the full email for the user to dynamically identify and log the user with the mapped tenant.
-   * @param {Object} [connectionProperties] Connection specific properties to pass to the identity provider. Can be used to override default scopes for example.
-   * @return {Promise<AuthenticateResponse>} The authentication response.
-   */
-  async updateExtensionAuthenticationRequest({ state, connectionId, tenantLookupIdentifier, connectionProperties, hint }) {
-    if (!connectionId && !tenantLookupIdentifier && !hint) {
-      const e = Error('connectionId or tenantLookupIdentifier must be specified');
-      e.code = 'InvalidConnection';
-      throw e;
-    }
-
-    const authenticationRequestId = state;
-    if (!authenticationRequestId) {
-      const e = Error('The `state` parameters must be specified to update this authentication request');
-      e.code = 'InvalidAuthenticationRequest';
-      throw e;
-    }
-
-    try {
-      const resolvedTenantLookupIdentifier = hint || tenantLookupIdentifier;
-      const antiAbuseHash = await jwtManager.calculateAntiAbuseHash({ connectionId, tenantLookupIdentifier: resolvedTenantLookupIdentifier, authenticationRequestId });
-      const requestOptions = await this.httpClient.patch(`/api/authentication/${authenticationRequestId}`, {
-        antiAbuseHash,
-        connectionId,
-        tenantLookupIdentifier: resolvedTenantLookupIdentifier,
-        connectionProperties
-      });
-
-      return requestOptions.data;
-    } catch (error) {
-      if (error.status && error.status >= 400 && error.status < 500) {
-        const e = Error(error.data && (error.data.title || error.data.errorCode) || error.data || 'Unknown Error');
-        e.code = error.data && error.data.errorCode;
-        throw e;
-      }
-      throw (error.data || error);
-    }
-  }
 }
 
 const UnauthorizedError = require('./src/unauthorizedError');

src/connections/api.ts

@@ -11,15 +11,15 @@ export interface ConnectionsApi {
    * Specify identity connection details for Authress identity aggregation.
    * @summary Create SSO connection
    * @param {Connection} body
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   createConnection(body: Connection): Promise<Response<Connection>>;
 
   /**
    * Delete an identity connection details for Authress identity aggregation.
    * @summary Delete SSO connection
    * @param {string} connectionId The connection identifier.
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   deleteConnection(connectionId: string): Promise<Response<void>>;
 
@@ -28,22 +28,22 @@ export interface ConnectionsApi {
   * @summary Update SSO connection
   * @param {Connection} body
   * @param {string} connectionId The connection identifier.
-  * @throws {RequiredError}
+  * @throws {ArgumentRequiredError}
   */
   updateConnection(connectionId: string, body: Connection): Promise<Response<Connection>>;
 
   /**
    * Get the identity connection details for Authress identity aggregation.
    * @summary Retrieve SSO connection
    * @param {string} connectionId The connection identifier.
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   getConnection(connectionId: string): Promise<Response<Connection>>;
 
   /**
    * Returns a paginated connection list for the account. Only connections the user has access to are returned.
    * @summary List SSO connections
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   getConnections(): Promise<Response<ConnectionCollection>>;
 

src/extensions/api.ts

@@ -11,15 +11,15 @@ export interface ExtensionsApi {
    * Specify identity extension details for Authress identity aggregation.
    * @summary Create SSO extension
    * @param {Extension} body
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   createExtension(body: Extension): Promise<Response<Extension>>;
 
   /**
    * Delete an identity extension details for Authress identity aggregation.
    * @summary Delete SSO extension
    * @param {string} extensionId The extension identifier.
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   deleteExtension(extensionId: string): Promise<Response<void>>;
 
@@ -28,22 +28,22 @@ export interface ExtensionsApi {
   * @summary Update SSO extension
   * @param {Extension} body
   * @param {string} extensionId The extension identifier.
-  * @throws {RequiredError}
+  * @throws {ArgumentRequiredError}
   */
   updateExtension(extensionId: string, body: Extension): Promise<Response<Extension>>;
 
   /**
    * Get the identity extension details for Authress identity aggregation.
    * @summary Retrieve SSO extension
    * @param {string} extensionId The extension identifier.
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   getExtension(extensionId: string): Promise<Response<Extension>>;
 
   /**
    * Returns a paginated extension list for the account. Only extensions the user has access to are returned.
    * @summary List SSO extensions
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   getExtensions(): Promise<Response<ExtensionCollection>>;
 }

src/invites/api.ts

@@ -26,7 +26,7 @@ export interface InvitesApi {
    * Accepts an invite by claiming this invite by this user. The user access token used for this request will gain the permissions associated with the invite.
    * @summary Accept invite
    * @param {string} inviteId The identifier of the invite.
-   * @throws {RequiredError}
+   * @throws {ArgumentRequiredError}
    */
   respondToInvite(inviteId: string): Promise<Response<void>>;
   /**

src/jwtManager.js

@@ -10,20 +10,21 @@ class JwtManager {
     }
   }
 
-  async calculateAntiAbuseHash(props) {
+  calculateAntiAbuseHash(props) {
     const timestamp = Date.now();
     const valueString = Object.values(props).filter(v => v).join('|');
 
     let fineTuner = 0;
     let hash = null;
     while (++fineTuner) {
-      hash = base64url.encode(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(`${timestamp};${fineTuner};${valueString}`)));
+      const verifier = `${timestamp};${fineTuner};${valueString}`;
+      hash = base64url.encode(crypto.createHash('sha256').update(verifier).digest());
       if (hash.match(/^00/)) {
-        break;
+        return `v2;${verifier}`;
       }
     }
 
-    return `v2;${timestamp};${fineTuner};${hash}`;
+    throw Error('Could not calculate a valid anti abuse hash.');
   }
 }
 

src/login/api.ts

@@ -0,0 +1,20 @@
+/* eslint-disable node/no-missing-import */
+import { Response } from '../response';
+import { UpdateAuthenticationRequestParameters, AuthenticationRequest } from './dtos';
+
+/**
+ * LoginApi
+ * @export
+ */
+export interface LoginApi {
+  /**
+  * Patch an authentication request and update the properties. Use this to add in a connection ID, tenant ID, or other parameters so the user can complete their authentication and log in. This method should always and only be called from your custom self-hosted login screen: https://authress.io/app/#/settings?focus=branding
+  * @summary Update Authentication Request
+  * @param {string} authenticationRequestId The ID of the authentication request. When redirected from the Authress authenticate() call, this value is found in the `state` parameter of the url.
+  * @param {string} selfHostedLoginApplicationUrl The application url for the self hosted login screen specified in the advanced options: https://authress.io/app/#/settings?focus=branding. If you are not using a self hosted login screen then this method should not be called.
+  * @param {UpdateAuthenticationRequestParameters} authenticationRequest The properties of the authentication request to updated.
+  * @throws {ArgumentRequiredError}
+  */
+  updateAuthenticationRequest(authenticationRequestId: string, selfHostedLoginApplicationUrl: string, authenticationRequest: UpdateAuthenticationRequestParameters):
+    Promise<Response<AuthenticationRequest>>;
+}