You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* add state validation for authorization
* fix codacy errors
* update state parameter storage
* fix codacy errors
* remove random number test
* encode state param to base64
* token manager for custom identity
* Added mock tests for token manager
* Added tests for token manager config
* Added sample node app for custom identity
* Added custom identity to README file
* minor fix
* Made changes to config tests
* Minor change
* Made changes from Code Review
* Fixed state parameter validation and bug in token validation
* Fixed bug in validate token
* Fixed spelling in README
* Fixed spacing
* Minor fix
* Refactoring
* Made change from code review
* Bug fix
* update return of error from callback
* update callback error
* Bypass State validation for cloud directory update req (#121)
* bypass state validation for cloud directory update req
* update flow
* update encoding for state param to base64URL encode
* Removed tenant Id from API strategy and WebAppStrategy (#120)
* Removed tenant Id validation for API strategy
* Removed tenantId as requirement for initializing APIStrategy
* Updated README file
* Fixed spacing issue from code review
* Removed tenant Id validation from WebAPIStrategy
* Removed tenant Id validation from Custom Identity
* Updated code samples with changes for tenant Id validation
* Bump up to 4.1.1 (#123)
* Application identity (#125)
* Adds support for application identity (app to app flow)
* Adds test cases for application identity
* Adds documentation on how to use App to App flow
* fixes spacing
* Changes from PR
* Bump up version number to 4.2
* Correct version to be correct format
* Renaming to application Identity and authorization (#127)
* Update README.md
* Update package.json
* call logging api from node SDK (#130)
* call logging api from node SDK
* call logging api from node SDK
* refactor
* do not log the legacy sample logout
* do not log the legacy sample logout
* add debug message
* a more generic error message
* fix error message
* Updated the versions of dependencies
* Add initialization examples for TokenManager (#133)
https://github.ibm.com/security-services/appid-project-management/issues/2043
* Adding support for the new service endpoint, this endpoint supposed to work in parallel with the existing oauth server endpoints
Add eslint to our code that should validate coding conventions
* fix version parameter (#138)
* fix version
* Update tests
* Update tests
* Multi tenants (#143)
* add multi-tenant support through adding a publicKeysJson object
* update test error message
* remove get and set public key endpoint, add clarity to code, change var to let
* update and fix tests
* change isUpdateRequestPending to unique array
* move getPublicKeyByKid up
* remove unnecessary publicKey
* accept both oauthServerUrl and oAuthServerUrl (#147)
* accept both oauthServerUrl and oAuthServerUrl
* Issue 2287 -- Validation Changes Only (#145)
Validation changes -- ISS, AZP, AUD
* Issue 2439 (#148)
Renamed azp validation function and accommodates v3 and v4 tokens
* Issue 2439-2 (#149)
minor token change
* fixing Application Identity code snippet (#150)
* Bump up version to 6.0.0
* fixes tests (#152)
* check for LOG4JS_CONFIG variable set and if not present use log4js.json as default config (#154)
* Updates default log level to info from debug (#155)
* Log4js update (#156)
* update to use Log4js.configure instead of global variable
* added slack link
* Rani access control (#160)
* added hasScope method to token-manager
* moved hasScope method to token-utils
* field renames
* added prefix to required scopes in token-util
added scope validation to api-strategy when providing scope and audience
* added tests for api-strategy's scope validation
* added unit testing
* changed the hasScope method: it now ignores scope prefixes (takes the part that is after the last slash)
* added an optional appUri argument for loadConfig which is used by webapp-strategy and api-strategy's constructors.
* moved hasScope method to WebAppStrategy as a static method.
cleaning, renaming, added validation for user input.
* added tests
* added tests
* added documentation on using access control in readme
* fixed typo in readme
* fixed typo in readme
* Add better documentation for audience (#164)
* fix the token audience claim test (#165)
* Update package.json (#167)
* update readme
* Cleaning app uri (#168)
* removed appUri
* commented out parts about access control in readme
* update to 6.0.2
The audience parameter is optional and should be set to the application clientId
128
+
to guarantee the scopes are for the requested application.
129
+
-->
113
130
#### Protecting web applications using WebAppStrategy
114
131
WebAppStrategy is based on the OAuth2 authorization_code grant flow and should be used for web applications that use browsers. The strategy provides tools to easily implement authentication and authorization flows. When WebAppStrategy provides mechanisms to detect unauthenticated attempts to access protected resources. The WebAppStrategy will automatically redirect user's browser to the authentication page. After successful authentication user will be taken back to the web application's callback URL (redirectUri), which will once again use WebAppStrategy to obtain access, identity and refresh tokens from App ID service. After obtaining these tokens the WebAppStrategy will store them in HTTP session under WebAppStrategy.AUTH_CONTEXT key. In a scalable cloud environment it is recommended to persist HTTP sessions in a scalable storage like Redis to ensure they're available across server app instances.
Use WebAppStrategy's hasScope method to check if a given request has some specific scopes.
241
+
-->
211
242
#### Anonymous login
212
243
WebAppStrategy allows users to login to your web application anonymously, meaning without requiring any credentials. After successful login the anonymous user access token will be persisted in HTTP session, making it available as long as HTTP session is kept alive. Once HTTP session is destroyed or expired the anonymous user access token will be destroyed as well.
This SDK uses the log4js package for logging. By default the logging level is set to `info`. To create your own logging configuration for your application, add a log4js.json file and set the `process.env.LOG4JS_CONFIG` environment variable to your json file.
590
+
591
+
To learn more about log4js, visit the documentation here (https://log4js-node.github.io/log4js-node/).
592
+
593
+
## Got Questions?
594
+
Join us on [Slack](https://www.ibm.com/cloud/blog/announcements/get-help-with-ibm-cloud-app-id-related-questions-on-slack) and chat with our dev team.
595
+
557
596
558
597
### Logging
559
598
This SDK uses the log4js package for logging. By default the logging level is set to `info`. To create your own logging configuration for your application, add a log4js.json file and set the `process.env.LOG4JS_CONFIG` environment variable to your json file.
0 commit comments