sso support (#127)

* support for sso * created master password boolean * resetMasterPassword flows * throw on bad ctor for token request
2025-12-20 18:23:31 +00:00 · 2020-07-16 08:59:29 -04:00
parent f820cb9186
commit fefef546f0
11 changed files with 148 additions and 29 deletions
--- a/src/models/request/tokenRequest.ts
+++ b/src/models/request/tokenRequest.ts
@@ -5,15 +5,24 @@ import { DeviceRequest } from './deviceRequest';
 export class TokenRequest {
    email: string;
    masterPasswordHash: string;
+    code: string;
+    codeVerifier: string;
+    redirectUri: string;
    token: string;
    provider: TwoFactorProviderType;
    remember: boolean;
    device?: DeviceRequest;

-    constructor(email: string, masterPasswordHash: string, provider: TwoFactorProviderType,
+    constructor(credentials: string[], codes: string[], provider: TwoFactorProviderType,
        token: string, remember: boolean, device?: DeviceRequest) {
-        this.email = email;
-        this.masterPasswordHash = masterPasswordHash;
+        if (credentials != null && credentials.length > 1) {
+            this.email = credentials[0];
+            this.masterPasswordHash = credentials[1];
+        } else if (codes != null && codes.length > 2) {
+            this.code = codes[0];
+            this.codeVerifier = codes[1];
+            this.redirectUri = codes[2];
+        }
        this.token = token;
        this.provider = provider;
        this.remember = remember;
@@ -22,13 +31,23 @@ export class TokenRequest {

    toIdentityToken(clientId: string) {
        const obj: any = {
-            grant_type: 'password',
-            username: this.email,
-            password: this.masterPasswordHash,
            scope: 'api offline_access',
            client_id: clientId,
        };

+        if (this.masterPasswordHash != null && this.email != null) {
+            obj.grant_type = 'password';
+            obj.username = this.email;
+            obj.password = this.masterPasswordHash;
+        } else if (this.code != null && this.codeVerifier != null && this.redirectUri != null) {
+            obj.grant_type = 'authorization_code';
+            obj.code = this.code;
+            obj.code_verifier = this.codeVerifier;
+            obj.redirect_uri = this.redirectUri;
+        } else {
+            throw new Error('must provide credentials or codes');
+        }
+
        if (this.device) {
            obj.deviceType = this.device.type;
            obj.deviceIdentifier = this.device.identifier;