Class: OAuthPropertiesBuilder

OAuthPropertiesBuilder(appName, oAuthAuthorizationGrantType, oAuthTokenEndpoint, oAuthClientID)

This is the builder for OAuth. Using this builder to init an authentication flow will return RemoteAuthenticationFlow in the init promise.

In this type of authentication login can be configured to use an embedded WebView or an external browser. This can be configured.

  • Using Embedded WebView: Plugin brings up a WebView where OAuth login webpage is loaded. User has to provide credentials on this page and login. When login is successful, the WebView will be removed and user will be redirected back to the app. While showing the WebView, plugin provides basic operations such as "Forward", "Back", "Reload" and "Cancel" to deal with any issues the user faces on this page. For example, user may accidentally click a link on the login page. In this case, user can use "Back" button to come back to the login page. For example, if the login page is not loaded correctly, user may want to try reloading the page, before cancelling the login. If user cancels the login, the promise returned by AuthenticationFlow#login will be rejected.
  • Using External Browser: Plugin redirects user to the default browser in the device and loads the OAuth login webpage. User has to provide credentials on this page and login. When login is successful, user will be redirected back to the app.

    For using this feature there are three prerequisites:

    • App needs to configure a custom URL scheme. It has to be noted that once the external browser is launched and login page is loaded, app does not have any control. Custom URL scheme is the way for any redirects back to the app.
    • OAuth server should have the capability to use the same custom URL scheme and redirect the user back to app after successful login or logout. This is typically part of OAuth server configuration. For example, "Redirect URL" should be configured from the admin console to point to app's custom URL scheme in case of IDCS server.
    • Redirect end point in configuration should be provided as the URL scheme.
    The advantage of using external browser is that it makes this login as a single sign on for all the apps in the device. For example, this is advantageous for Google OAuth usecases.

In case of OAuth, typically user does not logout when using external browser as it defeats the purpose. User will be challenged to login only if the OAuth token expires. Still, if the app wants to provide a logout option to the user, it can be done by calling AuthenticationFlow#logout. This step does not have any user interaction. OAuth logout page is loaded either in WebView or external browser as configured and then is dismissed once logout is complete.

Some OAuth servers supports refresh token. Auth tokens generally are short lived and refresh tokens are long lived. When the auth token expires, the refresh token can be used to obtain a new auth token and there is no need to challenge the user. For obtaining the refresh token, some servers requires special scope to be passed. For e.g: IDCS needs "offline_access" scope to be used. App needs to pass the relevant scope, if needed by the server, for this feature to work

Constructor

new OAuthPropertiesBuilder(appName, oAuthAuthorizationGrantType, oAuthTokenEndpoint, oAuthClientID)

Parameters:
Name Type Description
appName string

Application name
oAuthAuthorizationGrantType OAuthPropertiesBuilder.OAuthAuthorizationGrantType

OAuth authorization grant type.
oAuthTokenEndpoint string

OAuth token end point.
oAuthClientID string

OAuth client id.
Source:

Extends

Members

(static, readonly) BrowserMode

Enum values for OAuthPropertiesBuilder#browserMode

Properties:
Name Type Description
External string

Browser mode is external. An external browser will be opened.
Embedded string

Browser mode is embedded. An embedded browser will be opened within the app.
Source:

(static, readonly) OAuthAuthorizationGrantType

Enum values for OAuthPropertiesBuilder#oAuthAuthorizationGrantType

Properties:
Name Type Description
OAuthImplicit string

OAuth grant type is implicit
OAuthAuthorizationCode string

OAuth grant type is authorization code
OAuthResourceOwner string

OAuth grant type is resource owner
OAuthClientCredentials string

OAuth grant type is client credentials
Source:

Methods

appName(appName) → {RemoteAuthPropertiesBuilder}

Parameters:
Name Type Description
appName String

Application name
Inherited From:
Source:
Returns:
Type
RemoteAuthPropertiesBuilder

browserMode(mode) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
mode OAuthPropertiesBuilder.BrowserMode

Browser mode to be used.
Source:
Returns:
Type
OAuthPropertiesBuilder

build() → {Object}

Overrides:
Source:
Returns:

validate and return properties collected.

Type
Object

challengeCallback(callback) → {OAuthPropertiesBuilder}

Applicable for 2 legged OAuth flows when user is challenge to collect user credentials.

Parameters:
Name Type Description
callback RemoteAuthPropertiesBuilder~remoteAuthChallengeCallback

Callback to handle credential challenge.
Source:
Returns:
Type
OAuthPropertiesBuilder

customAuthHeaders(headers) → {RemoteAuthPropertiesBuilder}

Parameters:
Name Type Description
headers Object.<string, string>

any custom headers. These are returned along with other authentication headers in RemoteAuthenticationFlow#getHeaders()
Inherited From:
Source:
Returns:
Type
RemoteAuthPropertiesBuilder

enablePKCE(enable) → {OAuthPropertiesBuilder}

This method can be used to enable PKCE for OAuth. PKCE is more secured way of using OAUTH for mobile apps. See this blog

Parameters:
Name Type Description
enable boolean

whether to enable PKCE or not.
Source:
Returns:
Type
OAuthPropertiesBuilder

idleTimeOutInSeconds(timeout) → {RemoteAuthPropertiesBuilder}

Deprecated: This is not applicable for all remote authentications. Use method available in builder subclasses where applicable.

Parameters:
Name Type Description
timeout number

seconds after which which idle timeout should kick in when user is idle.
Inherited From:
Deprecated:
  • This is not applicable for all remote authentications. Use method available in builder subclasses where applicable.
Source:
Returns:
Type
RemoteAuthPropertiesBuilder

logoutTimeOutInSeconds(timeout) → {RemoteAuthPropertiesBuilder}

Parameters:
Name Type Description
timeout number

specifiy timeout before which ongoing logout attempt will be aborted.
Inherited From:
Source:
Returns:
Type
RemoteAuthPropertiesBuilder

logoutURL(url) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
url string

OAuth logout URL.
Source:
Returns:
Type
OAuthPropertiesBuilder

oAuthAuthorizationEndpoint(url) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
url string

authorization end point.
Source:
Returns:
Type
OAuthPropertiesBuilder

oAuthAuthorizationGrantType(grantType) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
grantType OAuthPropertiesBuilder.OAuthAuthorizationGrantType

authorization end point.
Source:
Returns:
Type
OAuthPropertiesBuilder

oAuthClientID(clientId) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
clientId string

OAuth client id.
Source:
Returns:
Type
OAuthPropertiesBuilder

oAuthClientSecret(secret) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
secret string

client secret.
Source:
Returns:
Type
OAuthPropertiesBuilder

oAuthRedirectEndpoint(url) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
url string

End point to redirect after successful authentication. Typically this is app's URL scheme.
Source:
Returns:
Type
OAuthPropertiesBuilder

oAuthScope(scopes) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
scopes Array.<string>

OAuth scopes.
Source:
Returns:
Type
OAuthPropertiesBuilder

oAuthTokenEndpoint(url) → {OAuthPropertiesBuilder}

Parameters:
Name Type Description
url string

OAuth token end point.
Source:
Returns:
Type
OAuthPropertiesBuilder

percentageToIdleTimeout(percentage) → {RemoteAuthPropertiesBuilder}

Deprecated: This is not applicable for all remote authentications. Use method available in builder subclasses where applicable.

Parameters:
Name Type Description
percentage number

percentage of idle timeout before which timeout callback should be invoked.
Inherited From:
Deprecated:
  • This is not applicable for all remote authentications. Use method available in builder subclasses where applicable.
Source:
Returns:
Type
RemoteAuthPropertiesBuilder

put(key, value) → {Builder}

Convenience method to add key value pairs of auth settings to properties.

Parameters:
Name Type Description
key string

Authentication property key
value string

Authentication property value
Inherited From:
Source:
Returns:
Type
Builder

sessionTimeOutInSeconds(timeout) → {RemoteAuthPropertiesBuilder}

Deprecated: This is not applicable for all remote authentications. Use method available in builder subclasses where applicable.

Parameters:
Name Type Description
timeout number

seconds after which which session timeout should kick in.
Inherited From:
Deprecated:
  • This is not applicable for all remote authentications. Use method available in builder subclasses where applicable.
Source:
Returns:
Type
RemoteAuthPropertiesBuilder