d4sboot uses dynamic scope or UMA if explicitly requested

boot/d4s-boot.js

@@ -21,6 +21,7 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
   #queue = []
   #interval = null
   #config = null
+  #uma = false
   #rpt = null
 
   constructor() {
@@ -63,8 +64,8 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
       console.log("Keycloak initialized and user authenticated")
       //console.log("Token exp: " + this.expirationDate(this.#keycloak.tokenParsed.exp))
 
-      //if an audience is provided then perform also authorization
+      //if an audience is provided and UMA flow requested then perform also authorization
-      if (this.#audience) {
+      if (this.#audience && this.#uma) {
         return this.loadConfig()
       } else {
         Promise.resolve()
@@ -101,7 +102,11 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
       clientId: this.#clientId
     })
 
-    return this.#keycloak.init({onLoad: 'login-required', checkLoginIframe: false })
+    const properties = {onLoad: 'login-required', checkLoginIframe: false}
+    if(this.#audience && !this.#uma){
+      properties["scope"] = `d4s-context:${this.#audience}`
+    }
+    return this.#keycloak.init(properties)
   }
 
   startStateChecker() {
@@ -113,7 +118,7 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
       } else {
         if (this.#queue.length > 0) {
           this.#keycloak.updateToken(30).then(() => {
-            if (this.#audience) {
+            if (this.#uma && this.#audience) {
               //console.log("Checking entitlement for audience", this.#audience)
               const audience = encodeURIComponent(this.#audience)
               return this.entitlement(audience)
@@ -156,18 +161,19 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
     return d
   }
 
-  checkContext() {
+  // TODO: Candidate for removal
-    const parseJwt = this.parseJwt
+  // checkContext() {
-    const expDt = this.expirationDate
+  //   const parseJwt = this.parseJwt
-    const audience = encodeURIComponent(this.#audience)
+  //   const expDt = this.expirationDate
-    this.entitlement(audience).then(function (rpt) {
+  //   const audience = encodeURIComponent(this.#audience)
-      // onGrant callback function.
+  //   this.entitlement(audience).then(function (rpt) {
-      // If authorization was successful you'll receive an RPT
+  //     // onGrant callback function.
-      // with the necessary permissions to access the resource server
+  //     // If authorization was successful you'll receive an RPT
-      //console.log(rpt)
+  //     // with the necessary permissions to access the resource server
-      //console.log("rpt expires: " + expDt(parseJwt(rpt).exp))
+  //     //console.log(rpt)
-    })
+  //     //console.log("rpt expires: " + expDt(parseJwt(rpt).exp))
-  }
+  //   })
+  // }
 
   secureFetch(url, request) {
     const p = new Promise((resolve, reject) => {
@@ -291,7 +297,7 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
   }
 
   static get observedAttributes() {
-    return ["url", "realm", "gateway", "redirect-url", "context"];
+    return ["url", "realm", "gateway", "redirect-url", "context", "uma"];
   }
 
   attributeChangedCallback(name, oldValue, newValue) {
@@ -312,10 +318,17 @@ window.customElements.define('d4s-boot-2', class extends HTMLElement {
         case "context":
           this.#audience = newValue
           break
+        case "uma":
+          this.#uma = newValue === "true" ? true : false
+          break
       }
     }
   }
 
+  get uma(){
+    return this.#uma
+  }
+
   get authenticated(){
     return this.#authenticated
   }