Options
All
  • Public
  • Public/Protected
  • All
Menu

Class User

Represents an authenticates User and contains operations to authorise the user.

Please consult the documentation for a detailed explanation.

Hierarchy

  • User

Index

Methods

Methods

attributes

  • attributes(): {}

  • Gets extra attributes of the user. Attributes contain any attributes related to the outcome of authenticating a user (e.g.: issued date, metadata, etc...)

    Returns {}

    • [key: string]: any

authorizations

  • Returns user's authorizations that have been previously loaded by the providers.

    Returns Authorizations

clearCache

  • clearCache(): User

  • The User object will cache any authorities that it knows it has to avoid hitting the underlying auth provider each time. Use this method if you want to clear this cache.

    Returns User

containsKey

  • containsKey(key: string): boolean

  • Checks if a value exists on the user object. This method will perform lookups on several places before returning.

    1. If there is a rootClaim the look up will happen in the attributes[rootClaim]
    2. If exists the value will be returned from the {@link User#attributes}
    3. If exists the value will be returned from the {@link User#principal}
    4. Otherwise it will be null

    Parameters

    • key: string

    Returns boolean

expired

  • expired(): boolean
  • expired(leeway: number): boolean

  • Flags this user object to be expired. A User is considered expired if it contains an expiration time and the current clock time is post the expiration date.

    Returns boolean

  • Flags this user object to be expired. Expiration takes 3 values in account:

    1. exp "expiration" timestamp in seconds.
    2. iat "issued at" in seconds.
    3. nbf "not before" in seconds.
    A User is considered expired if it contains any of the above and the current clock time does not agree with the parameter value. If the {@link User#attributes} do not contain a key then {@link User#principal} properties are checked.

    If all of the properties are not available the user will not expire.

    Implementations of this interface might relax this rule to account for a leeway to safeguard against clock drifting.

    Parameters

    • leeway: number

    Returns boolean

get

  • get<T>(key: string): T | null

  • Get a value from the user object. This method will perform lookups on several places before returning a value.

    1. If there is a rootClaim the look up will happen in the attributes[rootClaim]
    2. If exists the value will be returned from the {@link User#attributes}
    3. If exists the value will be returned from the {@link User#principal}
    4. Otherwise it will be null

    Type parameters

    • T

    Parameters

    • key: string

    Returns T | null

getOrDefault

  • getOrDefault<T>(key: string, defaultValue: T): T | null

  • Get a value from the user object. This method will perform lookups on several places before returning a value.

    1. If there is a rootClaim the look up will happen in the attributes[rootClaim]
    2. If exists the value will be returned from the {@link User#attributes}
    3. If exists the value will be returned from the {@link User#principal}
    4. Otherwise it will be null

    Type parameters

    • T

    Parameters

    • key: string
    • defaultValue: T

    Returns T | null

hasAmr

  • hasAmr(value: string): boolean

  • The "amr" (Authentication Methods References) returns a unique list of claims as defined and registered in the IANA "JSON Web Token Claims" registry. The values in this collection are based on RFC8176. This information can be used to filter authenticated users by their authentication mechanism.

    Parameters

    • value: string

    Returns boolean

isAuthorized

  • isAuthorized(authority: Authorization): PromiseLike<boolean>
  • isAuthorized(authority: Authorization, resultHandler: ((res: AsyncResult<boolean>) => void) | Handler<AsyncResult<boolean>>): User
  • isAuthorized(authority: string): PromiseLike<boolean>
  • isAuthorized(authority: string, resultHandler: ((res: AsyncResult<boolean>) => void) | Handler<AsyncResult<boolean>>): User

  • Is the user authorised to

    Parameters

    Returns PromiseLike<boolean>

  • Is the user authorised to

    Parameters

    • authority: Authorization
    • resultHandler: ((res: AsyncResult<boolean>) => void) | Handler<AsyncResult<boolean>>

    Returns User

  • Is the user authorised to

    Parameters

    • authority: string

    Returns PromiseLike<boolean>

  • Is the user authorised to

    Parameters

    • authority: string
    • resultHandler: ((res: AsyncResult<boolean>) => void) | Handler<AsyncResult<boolean>>

    Returns User

merge

  • Merge the principal and attributes of a second user into this object properties.

    It is important to notice that the principal merges by replacing existing keys with the new values, while the attributes (as they represent decoded data) are accumulated at the root level.

    This means that given:

    userA = {
attributes: {
roles: [ 'read' ]
}

userB = {
  attributes: {
    roles: [ 'write' ]
  }
}
}

    When performing a merge of userA with userB, you will get:

    userA.merge(userB);
// results in
{
attributes: {
roles: [ 'read', 'write' ]
}
}

    Parameters

    Returns User

principal

  • principal(): {}

  • Get the underlying principal for the User. What this actually returns depends on the implementation. For a simple user/password based auth, it's likely to contain a JSON object with the following structure:

      {
    "username", "tim"
  }

    Returns {}

    • [key: string]: any

setAuthProvider

  • Set the auth provider for the User. This is typically used to reattach a detached User with an AuthProvider, e.g. after it has been deserialized.

    Parameters

    Returns void

subject

  • subject(): string | null

  • The user subject. Usually a human representation that identifies this user.

    The lookup for this information will take place in several places in the following order:

    1. principal.username - Usually for username/password or webauthn authentication
    2. principal.userHandle - Optional field for webauthn
    3. attributes.idToken.sub - For OpenID Connect ID Tokens
    4. attributes.[rootClaim?]accessToken.sub - For OpenID Connect/OAuth2 Access Tokens

    Returns string | null

Static create

  • create(principal: {}): User
  • create(principal: {}, attributes: {}): User

  • Factory for user instances that are free form. The credentials will be added to the principal of this instance. As nothing can be said about the credentials no validation will be done.

    Parameters

    • principal: {}
      • [key: string]: any

    Returns User

  • Factory for user instances that are free form. The credentials will be added to the principal of this instance. As nothing can be said about the credentials no validation will be done.

    Parameters

    • principal: {}
      • [key: string]: any
    • attributes: {}
      • [key: string]: any

    Returns User

Static fromName

  • fromName(username: string): User

  • Factory for user instances that are single string. The credentials will be added to the principal of this instance. As nothing can be said about the credentials no validation will be done.

    Will create a principal with a property "username" with the name as value.

    Parameters

    • username: string

    Returns User

Static fromToken

  • fromToken(token: string): User

  • Factory for user instances that are single string. The credentials will be added to the principal of this instance. As nothing can be said about the credentials no validation will be done.

    Will create a principal with a property "access_token" with the name as value.

    Parameters

    • token: string

    Returns User

Generated using TypeDoc