entities/oauth.js

  1. import axios from 'axios';
  2. import debug from 'debug';
  3. import {typeValidation} from '../utils/validator';
  5. const ACCESS_TOKEN_GRANT_TYPE = 'authorization_code';
  6. const REFRESH_TOKEN_GRANT_TYPE = 'refresh_token';
  8. const log = debug('starling:oauth-service');
  10. /**
  11.  * Service to interact with a the oauth endpoint
  12.  */
  13. class OAuth {
  15.   /**
  16.    * Create a new oauth service
  17.    * @param {Object} options - configuration parameters
  18.    */
  19.   constructor (options) {
  20.     this.options = options;
  21.   }
  23.   /**
  24.    * Exchanges the authorization code for an access token
  25.    * @param {string} authorizationCode - the authorization code, acquired from the user agent after the
  26.    * user authenticates with starling
  27.    * @return {Promise} - the http request promise
  28.    */
  29.   getAccessToken (authorizationCode) {
  30.     typeValidation(arguments, authorizationCodeParameterDefinition);
  31.     return this.getOAuthToken({
  32.       'code': authorizationCode,
  33.       'grant_type': ACCESS_TOKEN_GRANT_TYPE,
  34.       'client_id': this.options.clientId,
  35.       'client_secret': this.options.clientSecret,
  36.       'redirect_uri': this.options.redirectUri
  37.     });
  38.   }
  40.   /**
  41.    * Exchanges the authorization code for an access token
  42.    * @param {string} refreshToken - the oauth refresh token, used when the access token
  43.    * expires to claim a new access token.
  44.    * @return {Promise} - the http request promise
  45.    */
  46.   refreshAccessToken (refreshToken) {
  47.     typeValidation(arguments, refreshTokenParameterDefinition);
  48.     return this.getOAuthToken({
  49.       'refresh_token': refreshToken,
  50.       'grant_type': REFRESH_TOKEN_GRANT_TYPE,
  51.       'client_id': this.options.clientId,
  52.       'client_secret': this.options.clientSecret
  53.     });
  54.   }
  56.   /**
  57.    * Gets the access token from the starling oauth endpoint
  58.    * @param {object} params - the query params passed to the oauth endpoint as per the oauth spec
  59.    * @return {Promise} - the http request promise
  60.    */
  61.   getOAuthToken (params) {
  62.     if (!this.options.clientId) {
  63.       throw Error('clientId is not configured');
  64.     }
  66.     if (!this.options.clientSecret) {
  67.       throw Error('clientSecret is not configured');
  68.     }
  70.     const url = `${this.options.oauthUrl}/oauth/access-token`;
  71.     log(`GET ${url} queryParams:${JSON.stringify(params)}`);
  73.     return axios({
  74.       url,
  75.       method: 'GET',
  76.       headers: {
  77.         'Content-Type': 'application/x-www-form-urlencoded',
  78.         Accept: 'application/json'
  79.       },
  80.       params: params
  81.     });
  82.   }
  83. }
  85. const refreshTokenParameterDefinition = [
  86.   {name: 'refreshToken', validations: ['required', 'string']}
  87. ];
  89. const authorizationCodeParameterDefinition = [
  90.   {name: 'authorizationCode', validations: ['required', 'string']}
  91. ];
  93. module.exports = OAuth;