Class: AuthClient
model/postgres/AuthClient.entity.AuthClient
Entity representing a client application that requires access to Gropius and that can ask for authentication.
A client is identified by its client id and CAN optionally be secured by secrets to restrict usage
Constructors
constructor
• new AuthClient()
Properties
clientSecrets
• clientSecrets: string
[]
The list of hashed client secrets.
Every entry is structured like [CENSORED];[BCRYPT_HASH]
with:
- [CENSORED] is a n letter prefix of the actual secret to display to the user for easier association
- [BCRYPT_HASH] is the salted hash of the full secret for use to compare with a later given secret
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:63
id
• id: string
The unique ID of this client
Example
12345678-90ab-cdef-fedc-ab0987654321
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:34
isValid
• isValid: boolean
If this is false
the client is not valid and no authorization, token, ... requests from it should be answered.
Example
true
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:71
loginsOfThisClient
• loginsOfThisClient: Promise
<ActiveLogin
[]>
A list of all login events that this client caused.
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:88
name
• name: string
The (human readable) name of the auth client to be able to keep track ofit.
Doesn't need to be unique, can be null
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:42
redirectUrls
• redirectUrls: string
[]
The list of valid enpoints to redirect the user back to after authentication has finished.
The actual url to use is given in the authorize request and must be included in this list. If none is given, the first one from this list will be used
Example
["https://example.com/oauth/callback?query=value"]
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:53
requiresSecret
• requiresSecret: boolean
If true
requesting a token as this client requires the use
of a client secret accoring to the oauth specification.
If false
client secrets can be present and given but are not required
Example
false
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:81
Methods
addSecret
▸ addSecret(): Promise
<{ censored
: string
; fingerprint
: string
; secretText
: string
}>
Generates a new secret and adds it to the list of this client. Does NOT save the entitiy!
Note: The secret text is only returned here and will not be saved as plain text. There is no way to retrieve it later. Only a hashed version and a n letter prefix (for easier identification) will be saved
The generated secret will be hex encoded random bytes of length GROPIUS_CLIENT_SECRET_LENGTH
Returns
Promise
<{ censored
: string
; fingerprint
: string
; secretText
: string
}>
The generated secret text, the fingerprint of the hash of the secret and the censored version
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:112
fingerprint
▸ Private
fingerprint(hash
): string
Calculated the sha256 hash of the input.
Can be used as fingerprint for the secret hashes.
Parameters
Name | Type | Description |
---|---|---|
hash | string | The hash or other data to calculate the fingerprint for |
Returns
string
The hex string of the sha256 hash
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:97
getFullHashesPlusCensoredAndFingerprint
▸ getFullHashesPlusCensoredAndFingerprint(): { censored
: string
; fingerprint
: string
; secret
: string
}[]
Returns a list containing not only the string stored in the database, but also the n letter censored prefix and the fingerprint of the hash.
The result of this should NOT be exposed as it contains the full hash.
Returns
{ censored
: string
; fingerprint
: string
; secret
: string
}[]
A list of the full stored hash, censore version and the fingerprint of the hash for every secret
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:140
getSecretsShortedAndFingerprint
▸ getSecretsShortedAndFingerprint(): { censored
: string
; fingerprint
: string
}[]
Removes the full hash from the result of AuthClient.getFullHashesPlusCensoredAndFingerprint
May be published on the API
Returns
{ censored
: string
; fingerprint
: string
}[]
A list of censored secret and hash-fingerprint for every secret of this client
Defined in
login-service/src/model/postgres/AuthClient.entity.ts:164
toJSON
▸ toJSON(): Object
Returns
Object
Name | Type |
---|---|
id | string |
isValid | boolean |
redirectUrls | string [] |
requiresSecret | boolean |