@leapdev/auth-agent

$3

- [init][1]
- [Parameters][2]
- [login][3]
- [logout][4]
- [changePassword][5]
- [Parameters][6]
- [registerHook][7]
- [Parameters][8]
- [getAccessToken][9]
- [Parameters][10]
- [getDecodedAccessToken][11]
- [userInfo][12]
- [getCloudProviderToken][13]
- [Parameters][14]
- [cloudProviderUserInfo][15]
- [getAdminConsent][16]
- [Parameters][17]
- [revokeAdminConsent][18]
- [statusAdminConsent][19]
- [getLinkMap][20]
- [setLinkMap][21]
- [Parameters][22]
- [linkUser][23]
- [Parameters][24]
- [unlinkUser][25]
- [Parameters][26]
- [cloudProviderReauthenticate][27]
- [Parameters][28]
- [cloudProviderUpdate][29]
- [Parameters][30]
- [registerEventListener][31]
- [Parameters][32]
- [authoriseSupport][33]
- [Parameters][34]
- [passthrough][41]
- [Parameters][42]

init

Initialize the Auth Agent. This function needs to be called at the very beginning of the loading of the app.
If the query contains parameters "code" and "state", the Auth Agent will exchange the auth code for an access_token and store the access_token in memory for later use.

$3

- authHost [string][36] : LEAP Auth url (required)
- clientId [string][36] : LEAP Auth client id (required)
- scopes [Array][36] : a list of scopes for the access_token (required)
- autoLogin [boolean][37] : If true, the login function is called once the Auth Agent is initialized (optional, default true)
- autoLogout [boolean][37] : If true, the user will be automatically logged out after a configurable time interval if no activity detected (optional, default true)
- idleTimeoutInMinutes [number][37] : In minutes, the time interval after which the user is automatically logged out if no activity detected (optional, default 30)
- uniqueSession [boolean][37] : If true, the same user can't have more than one active session for the same app, based on authHost and clientId (optional, default true)
- userPresence [boolean][37] : If true, the same user can't have more than one active session between web applications and LEAP Desktop (optional, default false)
- autoRefreshToken [boolean][37] : If true, AuthAgent would run a background task to refresh access token before they expire(optional, default false)
- rememberMe [boolean][37] : If true, AuthAgent would have query remember_me=true, and this would have "Keep me signed in" checkbox checked by default in the login page. (optional, default false)
- hooks [object][38] : callback functions(optional, default: no hooks)
* afterLogin: Callback function that take the access_token, executed after login.
* beforeLogout: Callback function executed before logout.
* uniqueSessionTrigger: Callback function executed when unique session triggered.
* userPresenceTrigger: Callback function executed when user presence triggered.
* afterRefreshToken: Callback function executed after an access token refreshed.
- initToken [string][37] : If provided, AuthAgent would use the jti from the initToken and call "passthrough" to create an auth session(optional, default "")


Returns [Promise][39] Nothing if autoLogin is turned off, the access_token if autoLogin is turned on

login

Login function using PKCE flow.
Executes hook afterLogin if any.

$3

- force_2fa [boolean][37] Force user to do a 2fa challenge (optional, default false)

Returns [Promise][39] The access_token

logout

Executes hook beforeLogout if any.

changePassword

Change Password function.

$3

- redirectUrl [string][36] Url to redirect the browser to after password changed when newWindow = false (current URL by default) (optional, default currentUrl)
- newWindow [boolean][37] If newWindow = false, changingPassword process will be executed in the same window. Once this done, user would be force to logout and the browser will be redirected to the redirectUrl (current url by default).
If newWindow = true, changingPassword process will be executed in a new window. Once this done, user would be force to logout by pubnub presence message
1) if there is callback fn, the dedicated window will be closed and the callback will be executed.
2) if there is no callback fn, the dedicated window will stay open and user would be navigated to a changePasswordSuccess confirm page (optional, default false)
- callback [function][38] The callback function to be executed after changingPassword is done when newWindow = true

registerHook

Allows to register hook on the fly.

$3

- name [string][36] The name of the hook : afterLogin or beforeLogout
- callback [function][38] The callback

getAccessToken

Allows to retrieve the encoded access_token.
If refresh is true, make a request to Leap Auth to get a new access token, and return a promise.
Otherwise, get the access token stored by JSO and return a string

Returns [String][36] The access_token

getRefreshedAccessToken

$3

- force [boolean][36] Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired

Allows to retrieve the encoded refreshed access_token.
This function is similar to "getAccessToken", except it is an async and it would firstly check if the current access token expires. It the access token does expire and it has a refreshToken, it would refresh the access token and return a new access token

Returns [Promise][39] The access_token

getDecodedAccessToken

Allows to retrieve the decoded access_token

Returns [object][35] The decoded access_token

getDecodedRefreshedAccessToken

$3

- force [boolean][36] Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired

Allows to retrieve the decoded refreshed access_token

Returns [Promise][39] The decoded access_token

userInfo

Returns user info, including external user info if the user is linked to a cloud provider account.

Returns [object][35] user info

getCloudProviderToken

Get a cloud proiver token for the current user.
Get the token by jti if the paramter exists.

$3

- jti [string][36] The token id (optional)

Returns [Promise][39] The token

cloudProviderUserInfo

Returns the cloud provider info related to the current user.

Returns [Promise][39] The info

getAdminConsent

Redirects the browser to the admin consent page of the current user's cloud provider.
Then, the browser is redirected to the redirectUrl.

$3

- domain [string][36] The cloud provider domain of the firm (optional)
- redirectUrl [string][36] Url to redirect the browser to after getting the admin consent when newWindow is not true (current URL by default) (optional, default currentUrl)
- newWindow [boolean][37] If true, admin consent process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, admin consent process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
- callback [function][38] The callback to execute after admin consent is given when newWindow = true

revokeAdminConsent

Revoke admin consent.

Returns [Promise][39]

statusAdminConsent

Returns the status of admin consent for the firm

Returns [Promise][39] true if admin consent have been given, otherwise false

getLinkMap

Returns the list of all the users of the tenant, each one mapped with it's internal linked user if any.

Returns [Promise][39] The map

setLinkMap

Allows to save the mapping between users of the tenant and internal linked users.

$3

- linkmap [array][40] The map

Returns [Promise][39]

linkUser

Link current user to a cloud provider account.

$3

- redirectUrl [string][36] Url to redirect the browser to after linking the user when newWindow is not true (current URL by default) (optional, default currentUrl)
- newWindow [boolean][37] If true, linking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, linking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
- callback [function][38] The callback to execute after linking is done when newWindow = true

Returns [Promise][39]

unlinkUser

Unlink current user from cloud provider account.

$3

- redirectUrl [string][36] Url to redirect the browser to after unlinking the user when newWindow is not true (current URL by default) (optional, default currentUrl)
- newWindow [boolean][37] If true, unlinking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, unlinking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
- callback [function][38] The callback to execute after unlinking is done when newWindow = true

Returns [Promise][39]

cloudProviderReauthenticate

Allows to reauthenticate the user against it's cloud provider to renew the access token

$3

- nonce [string][36] A nonce generated by Leap Auth, required but can be null (required)
- redirectUrl [string][36] Url to redirect the browser to after reauthentication when newWindow is not true (current URL by default) (optional, default currentUrl)
- newWindow [boolean][37] If true, re-authentication process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, re-authentication process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default false)
- callback [function][38] The callback to execute after re-authentication is done when newWindow = true

cloudProviderUpdate

Updates the firm's cloud provider

$3

- cloudProviderId [string][36] "microsoft", "google" (required)

registerEventListener

Allows to register a callback to execute when receiving a user event for the topic and message type passed as paramters.

$3

- topic [string][36] The topic (required)
- messageType [string][36] The type of message (required)
- callback [function][38] The callback to execute when receiving the message (required)

authoriseSupport

Allows to authorise a support request from a support agent.

$3

- code [string][36] The code of the support request received (required)
- duration [string][36] The duration of the support request can be modified by the user. It has to be in momentjs format (optional)

passthrough

Create an auth session and open a new app

$3

- url [string][36] Url of the app (requried)
- newWindow [boolean][37] If true, the new app will be open in the new browser tab. If false, app will be open in the current browser tab. (optional, default false)
- authHost [string][36] The authHost that the new app is using. (optional, default value is the same authHost as current app)

[1]: #init

[2]: #parameters

[3]: #login

[4]: #logout

[5]: #changepassword

[6]: #parameters-1

[7]: #registerhook

[8]: #parameters-2

[9]: #getaccesstoken

[10]: #parameters-3

[11]: #getdecodedaccesstoken

[12]: #userinfo

[13]: #getcloudprovidertoken

[14]: #parameters-4

[15]: #cloudprovideruserinfo

[16]: #getadminconsent

[17]: #parameters-5

[18]: #revokeadminconsent

[19]: #statusadminconsent

[20]: #getlinkmap

[21]: #setlinkmap

[22]: #parameters-6

[23]: #linkuser

[24]: #parameters-7

[25]: #unlinkuser

[26]: #parameters-8

[27]: #cloudproviderreauthenticate

[28]: #parameters-9

[29]: #cloudproviderupdate

[30]: #parameters-10

[31]: #registereventlistener

[32]: #parameters-11

[33]: #authorisesupport

[34]: #parameters-12

[35]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object

[36]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String

[37]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Boolean

[38]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Statements/function

[39]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise

[40]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Array

[41]: #passthrough

[42]: #parameters-14