d4sboot uses dynamic scope or UMA if explicitly requested

2024-10-18 11:42:51 +02:00 · 2024-10-18 11:42:51 +02:00 · 3b6899ef1f
parent 224206adf7
commit 3b6899ef1f
1 changed files with 30 additions and 17 deletions
--- a/boot/d4s-boot.js
+++ b/boot/d4s-boot.js
@ -21,6 +21,7 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
  #queue = []
  #interval = null
  #config = null
+  #uma = false
  #rpt = null

  constructor() {
@ -63,8 +64,8 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
      console.log("Keycloak initialized and user authenticated")
      //console.log("Token exp: " + this.expirationDate(this.#keycloak.tokenParsed.exp))

-      //if an audience is provided then perform also authorization
-      if (this.#audience) {
+      //if an audience is provided and UMA flow requested then perform also authorization
+      if (this.#audience && this.#uma) {
        return this.loadConfig()
      } else {
        Promise.resolve()
@ -101,7 +102,11 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
      clientId: this.#clientId
    })

-    return this.#keycloak.init({onLoad: 'login-required', checkLoginIframe: false })
+    const properties = {onLoad: 'login-required', checkLoginIframe: false}
+    if(this.#audience && !this.#uma){
+      properties["scope"] = `d4s-context:${this.#audience}`
+    }
+    return this.#keycloak.init(properties)
  }

  startStateChecker() {
@ -113,7 +118,7 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
      } else {
        if (this.#queue.length > 0) {
          this.#keycloak.updateToken(30).then(() => {
-            if (this.#audience) {
+            if (this.#uma && this.#audience) {
              //console.log("Checking entitlement for audience", this.#audience)
              const audience = encodeURIComponent(this.#audience)
              return this.entitlement(audience)
@ -156,18 +161,19 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
    return d
  }

-  checkContext() {
-    const parseJwt = this.parseJwt
-    const expDt = this.expirationDate
-    const audience = encodeURIComponent(this.#audience)
-    this.entitlement(audience).then(function (rpt) {
-      // onGrant callback function.
-      // If authorization was successful you'll receive an RPT
-      // with the necessary permissions to access the resource server
-      //console.log(rpt)
-      //console.log("rpt expires: " + expDt(parseJwt(rpt).exp))
-    })
-  }
+  // TODO: Candidate for removal
+  // checkContext() {
+  //   const parseJwt = this.parseJwt
+  //   const expDt = this.expirationDate
+  //   const audience = encodeURIComponent(this.#audience)
+  //   this.entitlement(audience).then(function (rpt) {
+  //     // onGrant callback function.
+  //     // If authorization was successful you'll receive an RPT
+  //     // with the necessary permissions to access the resource server
+  //     //console.log(rpt)
+  //     //console.log("rpt expires: " + expDt(parseJwt(rpt).exp))
+  //   })
+  // }

  secureFetch(url, request) {
    const p = new Promise((resolve, reject) => {
@ -291,7 +297,7 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
  }

  static get observedAttributes() {
-    return ["url", "realm", "gateway", "redirect-url", "context"];
+    return ["url", "realm", "gateway", "redirect-url", "context", "uma"];
  }

  attributeChangedCallback(name, oldValue, newValue) {
@ -312,10 +318,17 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
        case "context":
          this.#audience = newValue
          break
+        case "uma":
+          this.#uma = newValue === "true" ? true : false
+          break
      }
    }
  }

+  get uma(){
+    return this.#uma
+  }
+
  get authenticated(){
    return this.#authenticated
  }