Class: HttpBasicAuthenticationFlow

HttpBasicAuthenticationFlow

This class represents HTTP Basic authentication flow object. This class is not directly instantiated. Instance of this class can be obtained when the promise returned from init resolves, when using properties from HttpBasicAuthPropertiesBuilder. Setting up and using HTTP basic authentication flow is explained in the builder documentation.

Source:

Extends

Methods

getHeaders(options) → {Promise.<Object.<string, string>>}

This method is used to get Authorization headers and any custom headers to be set for making XHR requests to secured end points. Headers are returned as an object in a format that can be directly added to the XHR request headers.

authFlow.getHeaders().then(function(headers){
  var request; // Represents an XHR request
  ...
  for (var key in headers) {
    if (headers.hasOwnProperty(key)) {
      request.setRequestHeader(key, headers[key]);
    }
  }
  ...
}
Parameters:
Name Type Description
options RemoteAuthenticationFlow~GetHeadersOptions

options to be used
Inherited From:
Source:
Returns:
  • headers needed to be used for accessing secured resource.
Type of Auth What headers are returned Comments
HttpBasicAuthentication Basic auth header Generated from stored credentials. HttpBasicAuthPropertiesBuilder#offlineAuthAllowed should be true for SDK to store the credentials.
FederatedAuthentication Relevant cookies as header options.fedAuthSecuredUrl has to be set
FederatedAuthentication with FedAuthPropertiesBuilder#parseTokenRelayResponse turned ON Bearer token Can specify options.oauthScopes to get token for scope or a set of scopes.
OAuth, OpenID Bearer token Can specify options.oauthScopes to get token for scope or a set of scopes.

If the promise is rejected, the callback will receive and object of type AuthError

Type
Promise.<Object.<string, string>>

isAuthenticated(options) → {Promise.<boolean>}

This method is used to find out if the user is authenticated.

Parameters:
Name Type Description
options AuthenticationFlow~IsAuthenticatedOptions

options to be used
Inherited From:
Source:
Returns:

If the promise is rejected, the callback will receive and object of type AuthError

Type
Promise.<boolean>

login() → {Promise.<AuthenticationFlow>}

This method is used to login.

The promise is resolved when login succeeds. Once login is successful, if this authentication is for accessing the app, user can be allowed to do so. If it is to access data secured resources this operation can now be performed. It may also be required to obtain certain headers for accessing the secured resource. In this case RemoteAuthenticationFlow#getHeaders can be used.

The promise gets rejected with an AuthError object which contains information on the reason of failure. This information can be used to shown the reason why login did not succeed. App can keep track of these failures and implement specific policies related to maximum attempts and steps to do after multiple failures here.

Sample usage:

cordova.plugins.IdmAuthFlows.init(authProps).then(
  function(authenticationFlow) {
    var loginPromise = authenticationFlow.login();
    loginPromise.then(...);
    loginPromise.catch(...);
  }
);
Inherited From:
Source:
Returns:

If the promise is rejected, the callback will receive and object of type AuthError

Type
Promise.<AuthenticationFlow>

logout(purgeSettings) → {Promise.<AuthenticationFlow>}

This method is used to logout.

Once the promise is resolved, the user can be shown the login page to re-login or a way to attempt for the same. AuthenticationFlow#login can be invoked on the same AuthenticationFlow object. There is no need to create a new one, unless there is some change in the authentication properties such as server details.

User is essentially logged out even if logout promise is rejected. App can decide not to show the logout error to the end user as there is no action associated with it. There is one special case when device is offline. In this case, logout will throw an error because logout URL loading will fail. But device local logout will be successful. Application should handle this error, check for the device status (offline / online) and then decide to show the error message to the user.

The following table describes what is cleared on logout with different values for purgeSettings:
purgeSettings false true
HttpBasicAuthentication Clear remembered credentials Clears offline, remembered credentials, user preferences
FederatedAuthentication Clear Cookies by loading logout URL
OAuth, OpenID Clear access token Invalidate session maintained by the browser by loading logout URL.
Parameters:
Name Type Description
purgeSettings boolean

pass true to reset all saved information for this auth. Falls back to 'false' if non boolean is passed.
Inherited From:
Source:
Returns:

If the promise is rejected, the callback will receive and object of type AuthError

Type
Promise.<AuthenticationFlow>

resetIdleTimeout() → {Promise.<HttpBasicAuthenticationFlow>}

This method resets the idle timeout. This can be used in timeout callback to reset timeout when idle timeout occurs.

Source:
Returns:

If the promise is rejected, the callback will receive and object of type AuthError

Type
Promise.<HttpBasicAuthenticationFlow>