ibm-cloud-security
diff --git a/‎.travis.yml‎
Lines changed: 3 additions & 0 deletions b/‎.travis.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 13 additions & 3 deletions b/‎README.md‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎lib/appid-sdk.js‎
Lines changed: 6 additions & 5 deletions b/‎lib/appid-sdk.js‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎lib/attribute-manager/unauthorized-exception.js‎
Lines changed: 3 additions & 0 deletions b/‎lib/attribute-manager/unauthorized-exception.js‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎lib/attribute-manager/user-attribute-manager.js‎
Lines changed: 4 additions & 1 deletion b/‎lib/attribute-manager/user-attribute-manager.js‎
Lines changed: 4 additions & 1 deletion
@@ -1,5 +1,8 @@
 language: node_js
 
+node_js:
+  - "6"
+
 notifications:
   email:
     on_success: always
 
@@ -32,7 +32,7 @@ Read the [official documentation](https://console.ng.bluemix.net/docs/services/a
 
 ## Requirements
 * npm 4.+
-* node 4.+
+* node 6.+
 
 ## Installation
 ```
@@ -92,6 +92,7 @@ app.get("/api/protected",
 		appIdAuthContext.accessTokenPayload; // Decoded access_token JSON
 		appIdAuthContext.identityToken; // Raw identity_token
 		appIdAuthContext.identityTokenPayload; // Decoded identity_token JSON
+		appIdAuthContext.refreshToken // Raw refresh_token
 
 		// Or use user object provided by passport.js
 		var username = req.user.name || "Anonymous";
@@ -108,7 +109,7 @@ app.listen(port, function(){
 ```
 
 #### Protecting web applications using WebAppStrategy
-WebAppStrategy is based on the OAuth2 authorization_code grant flow and should be used for web applications that use browsers. The strategy provides tools to easily implement authentication and authorization flows. When WebAppStrategy provides mechanisms to detect unauthenticated attempts to access protected resources. The WebAppStrategy will automatically redirect user's browser to the authentication page. After successful authentication user will be taken back to the web application's callback URL (redirectUri), which will once again use WebAppStrategy to obtain access and identity tokens from App ID service. After obtaining these tokens the WebAppStrategy will store them in HTTP session under WebAppStrategy.AUTH_CONTEXT key. In a scalable cloud environment it is recommended to persist HTTP sessions in a scalable storage like Redis to ensure they're available across server app instances.
+WebAppStrategy is based on the OAuth2 authorization_code grant flow and should be used for web applications that use browsers. The strategy provides tools to easily implement authentication and authorization flows. When WebAppStrategy provides mechanisms to detect unauthenticated attempts to access protected resources. The WebAppStrategy will automatically redirect user's browser to the authentication page. After successful authentication user will be taken back to the web application's callback URL (redirectUri), which will once again use WebAppStrategy to obtain access, identity and refresh tokens from App ID service. After obtaining these tokens the WebAppStrategy will store them in HTTP session under WebAppStrategy.AUTH_CONTEXT key. In a scalable cloud environment it is recommended to persist HTTP sessions in a scalable storage like Redis to ensure they're available across server app instances.
 
 ```JavaScript
 const express = require('express');
@@ -223,7 +224,16 @@ app.get(LOGIN_ANON_URL, passport.authenticate(WebAppStrategy.STRATEGY_NAME, {
 }));
 ```
 
-As mentioned previously the anonymous access_token and identity_token will be automatically persisted in HTTP session by App ID SDK. You can retrieve them from HTTP session via same mechanisms as regular tokens. Access and identity tokens will be kept in HTTP session and will be used until either them or HTTP session expires.
+As mentioned previously the anonymous access_token, identity_token and refresh_token (optional) will be automatically persisted in HTTP session by App ID SDK. You can retrieve them from HTTP session via same mechanisms as regular tokens. Access and identity tokens will be kept in HTTP session and will be used until either them or HTTP session expires.
+
+### Refresh Token
+Refresh Token may be used to acquire new access and identity tokens without the need to re-authenticate. Refresh Token is usually configured to have longer expiration than access token. Refresh Token is optional and can be configured in your AppID Dashboard.
+
+After a successful login, in addition to access_token and identity_token, a refresh_token will be persisted in the HTTP session as well.
+
+You may persist the refresh_token in any method you'd like. By doing so, you can avoid your users login after the HTTP session has expired as long as the refresh_token is valid. `web-app-sample-server.js` contains an example of storing a refresh-token in a cookie and how to use it.
+
+In order to use the persisted refresh_token, you need to call `webAppStrategy.refreshTokens(request, refreshToken)`. `refreshTokens()` returns a Promise. After the Promise has resolved, the user will be authenticated and new tokens will be generated and persistent in the HTTP session like in a classic login. If the Promise is rejected, the user won't be authenticated.
 
 ### User profile attributes
 Use the user UserAttributeManager to store and retrieve attribute of the user.
 
@@ -15,15 +15,16 @@ const Log4js = require("log4js");
 const APIStrategy = require("./strategies/api-strategy");
 const WebAppStrategy = require("./strategies/webapp-strategy");
 const UserAttributeManager = require("./attribute-manager/user-attribute-manager");
+const SelfServiceManager = require("./self-service/self-service-manager");
+const UnauthorizedException = require("./attribute-manager/unauthorized-exception");
 
 const logger = Log4js.getLogger("appid-sdk");
 logger.info("Initialized");
 
 module.exports = {
 	APIStrategy: APIStrategy,
 	WebAppStrategy: WebAppStrategy,
-	UserAttributeManager: UserAttributeManager
-};
-
-
-
+	SelfServiceManager: SelfServiceManager,
+	UserAttributeManager: UserAttributeManager,
+	UnauthorizedException: UnauthorizedException
+};
@@ -0,0 +1,3 @@
+module.exports = function UnauthorizedException() {
+
+};
@@ -15,6 +15,8 @@ const log4js = require("log4js");
 const request = require("request");
 const Q = require("q");
 const _ = require("underscore");
+const UnauthorizedException = require("./unauthorized-exception");
+
 const logger = log4js.getLogger("appid-user-attribute-manager");
 
 const VCAP_SERVICES = "VCAP_SERVICES";
@@ -24,6 +26,7 @@ const VCAP_SERVICES_SERVICE_NAME2 = "AppID";
 
 const USER_PROFILE_SERVER_URL = "profilesUrl";
 const ATTRIBUTES_ENDPOINT = "/api/v1/attributes";
+
 function UserAttributeManager() {
 }
 
@@ -114,7 +117,7 @@ function handleRequest(accessToken, attributeValue, method, url, action, deferre
 			logger.error(err);
 			return deferred.reject(new Error("Failed to " + action));
 		} else if (response.statusCode === 401 || response.statusCode === 403) {
-			return deferred.reject(new Error("Unauthorized"));
+			return deferred.reject(new UnauthorizedException());
 		} else if (response.statusCode === 404) {
 			return deferred.reject(new Error("Not found"));
 		} else if (response.statusCode >= 200 && response.statusCode < 300) {
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+module.exports = function UnauthorizedException() {`
	`2`	`+`
	`3`	`+};`