Pengembang dapat menggunakan fungsi pada auth untuk melakukan berbagai aktivitas otentikasi.
Dokumentasi API server:
Sebelum menggunakan method-method di bawah ini, harap sesuaikan pengaturan di identity provider Anda. Saat ini MBaaS mendukung provider:
#Auth methods
#oauthRedirect(callback, options)
Redirect ke layar persetujuan OAuth.
#Arguments
| name | type | description |
|---|
| callback | string | URL callback setelah selesai persetujuan OAuth |
| options | object | |
| options.code_verifier | string | PKCE code_verifier (min. 43 karakter) |
#Examples
Inisiasi OAuth:
(async function () {
const res = await client.auth.oauthRedirect(
"http://localhost:8081/moco-signin/"
);
})();
Inisiasi OAuth dengan tambahan security code_verifier (wajib untuk Self Client):
(Memanfaatkan package crypto-random-string)
const cryptoRandomString = require("crypto-random-string");
(async function () {
const code_verifier = cryptoRandomString({ type: "url-safe", length: 50 });
sessionStorage.setItem("MyApp.code_verifier", code_verifier);
const res = await client.auth.oauthRedirect(
"http://localhost:8081/moco-signin/",
{ code_verifier }
);
})();
#Return
Client berjalan di browser:
Promise<null> dan otomatis redirect ke layar persetujuan OAuth.
Client berjalan di Node.js:
Promise<object>
{
data: {
type: "IdpOAuthLink",
id: "idp",
url:
"http://localhost:8765/auth/realms/platform/abc/openid-connect/auth?client_id=app1&code_challenge=r2lifxJZKyBBFGxLZ9CnaLGbiBT5nMYvGl9VygwLfC0&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fmoco-signin%2F&response_type=code&scope=openid+offline_access+email+profile+address+phone&state=%7Ba%3Dlogin%2Cts%3D1617592488692746743%7D",
provider_name: "MBaaS ID dev"
}
}
Request gagal:
Promise<object>
{
error: {
id: "1596039494140",
status: "400",
code: "BADREQ",
title: "root param should have required property 'callback'"
}
}
#verifyOauth(callback, code, options, intermediator)
Verifikasi OAuth.
#Arguments
| name | type | description |
|---|
| callback | string | URL callback setelah selesai persetujuan OAuth |
| code | string | authorization code |
| options | object | |
| options.code_verifier | string | PKCE code_verifier (min. 43 karakter) |
| options.include_userinfo_claims | boolean | sertakan klaim-klaim dari akun identity provider di dalam response |
| intermediator | Function | fungsi penengah untuk memutuskan apakah berlanjut ke otomatis simpan token-token yang diterima |
Info tambahan:
- Format fungsi intermediator:
(data: object) => Promise<boolean>
#Examples
Verifikasi OAuth:
(async function () {
const thisUrl = new URL(location.href);
const res = await client.auth.verifyOauth(
"http://localhost:8081/moco-signin/",
thisUrl.searchParams.get("code")
);
})();
Verifikasi OAuth dengan code_verifier dan minta userinfo_claims:
(async function () {
const thisUrl = new URL(location.href);
const res = await client.auth.verifyOauth(
"http://localhost:8081/moco-signin/",
thisUrl.searchParams.get("code"),
{
code_verifier: sessionStorage.getItem("MyApp.code_verifier"),
include_userinfo_claims: true,
}
);
sessionStorage.removeItem("MyApp.code_verifier");
})();
Verifikasi OAuth, lalu memeriksa roles dari pengguna. Melibatkan redirect ke frontend lain:
(async function () {
const thisUrl = new URL(location.href);
const res = await client.auth.verifyOauth(
"http://localhost:8081/moco-signin/",
thisUrl.searchParams.get("code"),
{},
async (data) => {
const { local_profile, tokenset } = data.data.attributes;
const hasAccess = (elem) => ["Administrator", "Manager"].includes(elem);
if (local_profile.created && !local_profile.roles.some(hasAccess)) {
location.href = `//localhost:8082/receive-tokens/?at=${tokenset.access_token}&rt=${tokenset.refresh_token}&exp=${tokenset.expiry}`;
throw new Error("access denied!");
}
return true;
}
);
})();
#Return
Promise<object>
Request sukses:
{
data: {
type: "IdpAccess",
id: "b9230cee-921e-4efa-a4d0-b52d88c2f355",
provider_name: "MBaaS ID dev",
userinfo_claims: {
sub: "b9230cee-921e-4efa-a4d0-b52d88c2f355",
email: "account@somedomain.com",
email_verified: true,
name: "Doctor Grid",
client_roles: ["Member"]
}
},
message: "You have been granted access"
}
Request gagal:
{
error: {
id: "1596041641120",
status: "401",
code: "BADAUTH",
title: "invalid_grant (grant request is invalid)"
}
}
#openAccountPage()
#Return
Client berjalan di browser:
Promise<null> dan otomatis membuka halaman pengelolaan akun identity provider di tab baru.
Client berjalan di Node.js:
Promise<object>
{
data: {
type: "IdpAccountLink",
id: "idp",
url: "http://localhost:8765/auth/realms/abc/account/",
provider_name: "MBaaS ID dev"
}
}