feat(core): add oidc auth code flow [release] (#587)

* chore: move files around * fix: explicitly save which flow is used * fix: relocate locale storage prefix string * feat: add oidc authentication code flow * chore: add build watch * chore: add oidc auth flow example * feat!: allow AAD errors to bubble BREAKING CHANGE: stop silencing errors from aad * feat!: change loginWithOAuth API signature BREAKING CHANGE!: stop guessing which flow to use based on content of options. * feat: proforma changes to trigger major version bump Co-authored-by: Vegard Økland <vegard.okland@cognite.com>
cognitedata · Jul 15, 2021 · 0cc44aa · 0cc44aa
1 parent 390a363
commit 0cc44aa
Show file tree

Hide file tree

Showing 29 changed files with 12,492 additions and 250 deletions.
diff --git a/guides/authentication.md b/guides/authentication.md
@@ -79,12 +79,12 @@ After signing in, the browser window will be redirected back to your application
 ```js
 import { CogniteClient, REDIRECT } from '@cognite/sdk';
 const client = new CogniteClient({ ... });
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   // default is redirect
   // but can be explicitly specified:
   onAuthenticate: REDIRECT,
-});
+}});
 
 // then use the SDK:
 const assets = await client.assets.retrieve({ id: 23232789217132 });
@@ -101,15 +101,15 @@ If you want a different redirect url back to your app after a successful / unsuc
 ```js
 import { CogniteClient, REDIRECT } from '@cognite/sdk';
 const client = new CogniteClient({ ... });
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   onAuthenticate: login => {
     login.redirect({
       redirectUrl: 'https://my-app.com/successful-login',
       errorRedirectUrl: 'https://my-app.com/unsuccessful-login', // We encourage you to use this property as well. If not specified it will default to redirectUrl
     });
   },
-});
+}});
 ```
 
 ### Authentication with pop-up
@@ -130,10 +130,10 @@ if (isLoginPopupWindow()) {
   return;
 }
 const client = new CogniteClient({ ... });
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   onAuthenticate: POPUP,
-});
+}});
 
 // then use the SDK:
 const assets = await client.assets.retrieve({ id: 23232789217132 });
@@ -154,15 +154,15 @@ If you want a different redirect url back to your application after a successful
 ```js
 import { CogniteClient, POPUP } from '@cognite/sdk';
 const client = new CogniteClient({ ... });
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   onAuthenticate: login => {
     login.popup({
       redirectUrl: 'https://my-app.com/popup-handler',
       errorRedirectUrl: 'https://my-app.com/unsuccessful-login', // We encourage you to use this property as well. If not specified it will default to redirectUrl
     });
   },
-});
+}});
 ```
 
 This only affect the pop-up window.
@@ -173,33 +173,33 @@ This only affect the pop-up window.
 
 To avoid waiting for the first `401`-response to occur you can trigger the authentication flow manually like this:
 ```js
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
-});
+}});
 await client.authenticate(); // this will also return a boolean based on if the user successfully authenticated or not.
 ```
 
 #### Cache access tokens
 
 If you already have a access token you can use it to skip the authentication flow (see this [section](#tokens) on how to get hold of the token). If the token is invalid or timed out the SDK will trigger a standard auth-flow on the first 401-response from CDF.
 ```js
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   accessToken: 'ACCESS TOKEN FOR THE PROJECT HERE',
-});
+}});
 ```
 > `client.authenticate()` will still override this and trigger a new authentication flow.
 
 #### Skip authentication
 
 It is possible to skip the authentication like this:
 ```js
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   onAuthenticate: login => {
     login.skip();
   },
-});
+}});
 ```
 
 #### Combine different authentication methods
@@ -208,7 +208,7 @@ If you want to use redirect method in the initialization of your app and use the
 you can implement something like this:
 
 ```js
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   onAuthenticate: login => {
     // some check:
@@ -218,20 +218,20 @@ client.loginWithOAuth({
       login.popup({ ... });
     }
   },
-});
+}});
 ```
 
 #### Tokens
 
 If you need access to the tokens (access token, id token) from the login flow you can add a callback like this:
 
 ```js
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'CDF_OAUTH', options: {
   project: 'YOUR PROJECT NAME HERE',
   onTokens: ({accessToken, idToken}) => {
     // your logic here
   },
-});
+}});
 ```
 
 ### More
@@ -269,7 +269,7 @@ After signing in, the browser window will be redirected back to your application
 
 > You might find useful example application using redirect Azure AD auth flow [here](../samples/react/authentication-aad/src/App.js).
 > Remember to provide the required environment variables in the `.env` file.
- 
+
 #### Redirect sign in type example
 
 ```js
@@ -278,11 +278,11 @@ const client = new CogniteClient({ ... });
 
 // tenantId parameter can be skipped in order to use,
 // https://login.microsoftonline.com/common endpoint to authenticate user
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'AAD_OAUTH', options: {
   cluster: 'cdf-cluster-name',
   clientId: 'azure-application-client-id',
   tenantId: 'azure-tenant-id'
-});
+}});
 
 // authenticate to the provided cluster
 await client.authenticate();
@@ -297,7 +297,7 @@ const assets = await client.assets.retrieve({ id: 23232789217132 });
 With the call `await client.authenticate()` you'll be redirected to the IdP to sign in.
 After you have signed in, you'll be redirected back and `await client.authenticate()` call
 will return you `true` as a result of the successful login. It is important
-to set project for the `CogniteClient` instance via `client.setProject('project-name')` 
+to set project for the `CogniteClient` instance via `client.setProject('project-name')`
 
 ### Authentication via pop-up
 
@@ -313,12 +313,12 @@ const client = new CogniteClient({ ... });
 
 // tenantId parameter can be skipped in order to use,
 // https://login.microsoftonline.com/common endpoint to authenticate user
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'AAD_OAUTH', options: {
   cluster: 'cdf-cluster-name',
   clientId: 'azure-application-client-id',
   tenantId: 'azure-tenant-id',
   signInType: AZURE_AUTH_POPUP,
-});
+}});
 
 // authenticate to the provided cluster
 await client.authenticate();
@@ -343,11 +343,11 @@ This method works only for Azure AD authentication flow. You can also check whic
 import { CogniteClient, AZURE_AUTH_POPUP, AAD_OAUTH } from '@cognite/sdk';
 const client = new CogniteClient({ ... });
 
-client.loginWithOAuth({
+client.loginWithOAuth({ type: 'AAD_OAUTH', options: {
   cluster: 'cdf-cluster-name',
   clientId: 'azure-application-client-id',
   signInType: AZURE_AUTH_POPUP,
-});
+}});
 
 // authenticate to the provided cluster
 await client.authenticate();

diff --git a/packages/beta/typedoc.js b/packages/beta/typedoc.js
@@ -1,6 +1,5 @@
 module.exports = {
   name: 'Cognite JavaScript SDK (beta)',
-
   // Stable and core use 'file' mode, which makes reference pages based on the names of classes and types.
   // Derived SDKs usually re-definine classes using the same name, which breaks in file mode.
   // 'modules' mode makes the file path part of the url, which allows classes with overlapping

diff --git a/packages/core/package.json b/packages/core/package.json
@@ -10,10 +10,12 @@
   "scripts": {
     "clean": "rm -rf dist/ docs/",
     "test": "jest --config=../../jest.config.js --testPathPattern=/core/",
+    "test:debug": "node --inspect-brk ../../node_modules/.bin/jest --config=../../jest.config.js --testPathPattern=/core/ --runInBand" ,
     "lint": "eslint 'src/**/*.{js,ts}'",
     "lint:fix": "yarn lint --fix",
     "prepublishOnly": "yarn build",
     "build": "yarn clean && yarn rollup -c && yarn esCheck",
+    "build:watch": "yarn rollup -w -c",
     "watch": "rollup -cw",
     "esCheck": "es-check es5 './dist/index.js'",
     "docs": "typedoc --options typedoc.js --tsconfig tsconfig.json src/index.ts",
@@ -24,6 +26,7 @@
     "cross-fetch": "^3.0.4",
     "is-buffer": "^2.0.5",
     "lodash": "^4.17.11",
+    "oidc-client": "^1.11.5",
     "query-string": "^5.1.1",
     "url": "^0.11.0"
   },