insomnia/packages/insomnia-app/app/network/authentication.ts

import * as Hawk from '@hapi/hawk';
import jwtAuthentication from 'jwt-authentication';

import {
  AUTH_ASAP,
  AUTH_BASIC,
  AUTH_BEARER,
  AUTH_HAWK,
  AUTH_OAUTH_1,
  AUTH_OAUTH_2,
} from '../common/constants';
import type { RenderedRequest } from '../common/render';
import { getBasicAuthHeader } from './basic-auth/get-header';
import { getBearerAuthHeader } from './bearer-auth/get-header';
import getOAuth1Token from './o-auth-1/get-token';
import getOAuth2Token from './o-auth-2/get-token';

interface Header {
  name: string;
  value: string;
}

export async function getAuthHeader(renderedRequest: RenderedRequest, url: string) {
  const { method, authentication, body } = renderedRequest;
  const requestId = renderedRequest._id;

  if (authentication.disabled) {
    return null;
  }

  if (authentication.type === AUTH_BASIC) {
    const { username, password, useISO88591 } = authentication;
    const encoding = useISO88591 ? 'latin1' : 'utf8';
    return getBasicAuthHeader(username, password, encoding);
  }

  if (authentication.type === AUTH_BEARER) {
    const { token, prefix } = authentication;
    return getBearerAuthHeader(token, prefix);
  }

  if (authentication.type === AUTH_OAUTH_2) {
    // HACK: GraphQL requests use a child request to fetch the schema with an
    // ID of "{{request_id}}.graphql". Here we are removing the .graphql suffix and
    // pretending we are fetching a token for the original request. This makes sure
    // the same tokens are used for schema fetching. See issue #835 on GitHub.
    const tokenId = requestId.match(/\.graphql$/) ? requestId.replace(/\.graphql$/, '') : requestId;
    const oAuth2Token = await getOAuth2Token(tokenId, authentication);

    if (oAuth2Token) {
      const token = oAuth2Token.accessToken;
      return _buildBearerHeader(token, authentication.tokenPrefix);
    } else {
      return null;
    }
  }

  if (authentication.type === AUTH_OAUTH_1) {
    const oAuth1Token = await getOAuth1Token(url, method, authentication, body);

    if (oAuth1Token) {
      return {
        name: 'Authorization',
        value: oAuth1Token.Authorization,
      };
    } else {
      return null;
    }
  }

  if (authentication.type === AUTH_HAWK) {
    const { id, key, algorithm, ext, validatePayload } = authentication;
    let headerOptions = {
      credentials: {
        id,
        key,
        algorithm,
      },
      ext: ext,
    };

    if (validatePayload) {
      const payloadValidationFields = {
        payload: renderedRequest.body.text,
        contentType: renderedRequest.body.mimeType,
      };
      headerOptions = Object.assign({}, payloadValidationFields, headerOptions);
    }

    const { header } = Hawk.client.header(url, method, headerOptions);
    return {
      name: 'Authorization',
      value: header,
    };
  }

  if (authentication.type === AUTH_ASAP) {
    const { issuer, subject, audience, keyId, additionalClaims, privateKey } = authentication;
    const generator = jwtAuthentication.client.create();
    let claims = {
      iss: issuer,
      sub: subject,
      aud: audience,
    };
    let parsedAdditionalClaims;

    try {
      parsedAdditionalClaims = JSON.parse(additionalClaims || '{}');
    } catch (err) {
      throw new Error(`Unable to parse additional-claims: ${err}`);
    }

    if (parsedAdditionalClaims) {
      if (typeof parsedAdditionalClaims !== 'object') {
        throw new Error(
          `additional-claims must be an object received: '${typeof parsedAdditionalClaims}' instead`,
        );
      }

      claims = Object.assign(parsedAdditionalClaims, claims);
    }

    const options = {
      privateKey,
      kid: keyId,
    };
    return new Promise<Header>((resolve, reject) => {
      generator.generateAuthorizationHeader(claims, options, (error, headerValue) => {
        if (error) {
          reject(error);
        } else {
          resolve({
            name: 'Authorization',
            value: headerValue,
          });
        }
      });
    });
  }

  return null;
}

export function _buildBearerHeader(accessToken: string, prefix: string) {
  if (!accessToken) {
    return null;
  }

  const header = {
    name: 'Authorization',
    value: '',
  };

  if (prefix === 'NO_PREFIX') {
    header.value = accessToken;
  } else {
    header.value = `${prefix || 'Bearer'} ${accessToken}`;
  }

  return header;
}
chore: bump hapi hawk (#4175) * chore: bump hapi hawk * fix type-check 2021-11-03 16:11:21 +00:00			`import * as Hawk from '@hapi/hawk';`
Feat/eslint import order (#3782) 2021-07-22 23:04:56 +00:00			`import jwtAuthentication from 'jwt-authentication';`

Add Prettier 2018-06-25 17:42:50 +00:00			`import {`
			`AUTH_ASAP,`
			`AUTH_BASIC,`
			`AUTH_BEARER,`
			`AUTH_HAWK,`
			`AUTH_OAUTH_1,`
Add trailing commas to ESLint + Prettier 2018-12-12 17:36:11 +00:00			`AUTH_OAUTH_2,`
Add Prettier 2018-06-25 17:42:50 +00:00			`} from '../common/constants';`
Add ability to optionally use Hawk payload validation. (#1339) * Add ability to optionally use Hawk payload validation. * Simplify signature of 'getAuthHeader' 2019-03-11 21:52:48 +00:00			`import type { RenderedRequest } from '../common/render';`
Add Prettier 2018-06-25 17:42:50 +00:00			`import { getBasicAuthHeader } from './basic-auth/get-header';`
			`import { getBearerAuthHeader } from './bearer-auth/get-header';`
Feat/eslint import order (#3782) 2021-07-22 23:04:56 +00:00			`import getOAuth1Token from './o-auth-1/get-token';`
			`import getOAuth2Token from './o-auth-2/get-token';`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`interface Header {`
			`name: string;`
			`value: string;`
			`}`
Added Token to OAuth 1.0 (Rel #197) 2017-11-06 20:44:55 +00:00
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`export async function getAuthHeader(renderedRequest: RenderedRequest, url: string) {`
Add option to include OAuth 1.0 body hash (Closes #1854) 2019-12-18 21:49:39 +00:00			`const { method, authentication, body } = renderedRequest;`
Add ability to optionally use Hawk payload validation. (#1339) * Add ability to optionally use Hawk payload validation. * Simplify signature of 'getAuthHeader' 2019-03-11 21:52:48 +00:00			`const requestId = renderedRequest._id;`

First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`if (authentication.disabled) {`
			`return null;`
			`}`

			`if (authentication.type === AUTH_BASIC) {`
Introduce a checkbox in Basic Auth form to choose ISO-8859-1 encoding for credentials. (#2642) Co-authored-by: Opender Singh <opender94@gmail.com> 2020-09-24 20:58:28 +00:00			`const { username, password, useISO88591 } = authentication;`
			`const encoding = useISO88591 ? 'latin1' : 'utf8';`
			`return getBasicAuthHeader(username, password, encoding);`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`}`

Add Bearer Authorization Support (#274) * add bearer authentication support * remove unexpected trailing comma 2017-06-01 13:18:42 +00:00			`if (authentication.type === AUTH_BEARER) {`
Add Prettier 2018-06-25 17:42:50 +00:00			`const { token, prefix } = authentication;`
Ability to change Bearer prefix (Closes #817) 2018-03-30 12:52:02 +00:00			`return getBearerAuthHeader(token, prefix);`
Add Bearer Authorization Support (#274) * add bearer authentication support * remove unexpected trailing comma 2017-06-01 13:18:42 +00:00			`}`

First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`if (authentication.type === AUTH_OAUTH_2) {`
Introspection queries use same OAuth2 tokens (Closes #835) 2018-03-29 02:32:09 +00:00			`// HACK: GraphQL requests use a child request to fetch the schema with an`
			`// ID of "{{request_id}}.graphql". Here we are removing the .graphql suffix and`
			`// pretending we are fetching a token for the original request. This makes sure`
			`// the same tokens are used for schema fetching. See issue #835 on GitHub.`
prettier entire project 2018-10-17 16:42:33 +00:00			`const tokenId = requestId.match(/\.graphql$/) ? requestId.replace(/\.graphql$/, '') : requestId;`
Introspection queries use same OAuth2 tokens (Closes #835) 2018-03-29 02:32:09 +00:00			`const oAuth2Token = await getOAuth2Token(tokenId, authentication);`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`if (oAuth2Token) {`
More 5.0 Fixes and Stuff (#134) * Fix OAuth token, new request content-type, and more * better error messaging around invalid Curl opts * Make XFERINFOFUNCTION an optional option * Fix content-type change prompt and double quotes in prettify * Don't send Expect header on file upload * Remove dead code * Base64 tag * Fix HTML entities in URL clicks * Fix curl paste 2017-04-07 18:10:15 +00:00			`const token = oAuth2Token.accessToken;`
Add token prefex oauth option and foldable advanced options (#420) 2017-08-10 19:34:33 +00:00			`return _buildBearerHeader(token, authentication.tokenPrefix);`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`} else {`
			`return null;`
			`}`
			`}`

oAuth 1.0a Support (#571) 2017-11-06 19:26:31 +00:00			`if (authentication.type === AUTH_OAUTH_1) {`
Add option to include OAuth 1.0 body hash (Closes #1854) 2019-12-18 21:49:39 +00:00			`const oAuth1Token = await getOAuth1Token(url, method, authentication, body);`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00
oAuth 1.0a Support (#571) 2017-11-06 19:26:31 +00:00			`if (oAuth1Token) {`
			`return {`
			`name: 'Authorization',`
Add trailing commas to ESLint + Prettier 2018-12-12 17:36:11 +00:00			`value: oAuth1Token.Authorization,`
oAuth 1.0a Support (#571) 2017-11-06 19:26:31 +00:00			`};`
			`} else {`
			`return null;`
			`}`
			`}`

Implement Hawk Authentication (#446) * Implement Hawk Authentication * fix the missing label of inputs * Fix PR reviews 2017-08-21 17:43:12 +00:00			`if (authentication.type === AUTH_HAWK) {`
Add ability to optionally use Hawk payload validation. (#1339) * Add ability to optionally use Hawk payload validation. * Simplify signature of 'getAuthHeader' 2019-03-11 21:52:48 +00:00			`const { id, key, algorithm, ext, validatePayload } = authentication;`
			`let headerOptions = {`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`credentials: {`
			`id,`
			`key,`
			`algorithm,`
			`},`
Add trailing commas to ESLint + Prettier 2018-12-12 17:36:11 +00:00			`ext: ext,`
Add ability to optionally use Hawk payload validation. (#1339) * Add ability to optionally use Hawk payload validation. * Simplify signature of 'getAuthHeader' 2019-03-11 21:52:48 +00:00			`};`

			`if (validatePayload) {`
			`const payloadValidationFields = {`
			`payload: renderedRequest.body.text,`
			`contentType: renderedRequest.body.mimeType,`
			`};`
			`headerOptions = Object.assign({}, payloadValidationFields, headerOptions);`
			`}`

chore: bump hapi hawk (#4175) * chore: bump hapi hawk * fix type-check 2021-11-03 16:11:21 +00:00			`const { header } = Hawk.client.header(url, method, headerOptions);`
Implement Hawk Authentication (#446) * Implement Hawk Authentication * fix the missing label of inputs * Fix PR reviews 2017-08-21 17:43:12 +00:00			`return {`
			`name: 'Authorization',`
chore: bump hapi hawk (#4175) * chore: bump hapi hawk * fix type-check 2021-11-03 16:11:21 +00:00			`value: header,`
Implement Hawk Authentication (#446) * Implement Hawk Authentication * fix the missing label of inputs * Fix PR reviews 2017-08-21 17:43:12 +00:00			`};`
			`}`

Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`if (authentication.type === AUTH_ASAP) {`
prettier entire project 2018-10-17 16:42:33 +00:00			`const { issuer, subject, audience, keyId, additionalClaims, privateKey } = authentication;`
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`const generator = jwtAuthentication.client.create();`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`let claims = {`
			`iss: issuer,`
			`sub: subject,`
			`aud: audience,`
			`};`
Add support for additional claims in ASAP Auth (#822) 2018-03-28 23:27:21 +00:00			`let parsedAdditionalClaims;`

			`try {`
Atlassian ASAP auth: default additionalClaims to empty object if not provided. Closes #952. (#953) 2018-06-06 20:29:07 +00:00			`parsedAdditionalClaims = JSON.parse(additionalClaims \|\| '{}');`
Add support for additional claims in ASAP Auth (#822) 2018-03-28 23:27:21 +00:00			`} catch (err) {`
			throw new Error(`Unable to parse additional-claims: ${err}`);
			`}`

			`if (parsedAdditionalClaims) {`
			`if (typeof parsedAdditionalClaims !== 'object') {`
Add Prettier 2018-06-25 17:42:50 +00:00			`throw new Error(`
Add trailing commas to ESLint + Prettier 2018-12-12 17:36:11 +00:00			`additional-claims must be an object received: '${typeof parsedAdditionalClaims}' instead`,
Add Prettier 2018-06-25 17:42:50 +00:00			`);`
Add support for additional claims in ASAP Auth (#822) 2018-03-28 23:27:21 +00:00			`}`

			`claims = Object.assign(parsedAdditionalClaims, claims);`
			`}`

Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`const options = {`
			`privateKey,`
Add trailing commas to ESLint + Prettier 2018-12-12 17:36:11 +00:00			`kid: keyId,`
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`};`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`return new Promise<Header>((resolve, reject) => {`
prettier entire project 2018-10-17 16:42:33 +00:00			`generator.generateAuthorizationHeader(claims, options, (error, headerValue) => {`
			`if (error) {`
			`reject(error);`
			`} else {`
			`resolve({`
			`name: 'Authorization',`
Add trailing commas to ESLint + Prettier 2018-12-12 17:36:11 +00:00			`value: headerValue,`
prettier entire project 2018-10-17 16:42:33 +00:00			`});`
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`}`
prettier entire project 2018-10-17 16:42:33 +00:00			`});`
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`});`
			`}`

First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`return null;`
			`}`

Fix Flow error 2019-12-12 21:06:21 +00:00			`export function _buildBearerHeader(accessToken: string, prefix: string) {`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`if (!accessToken) {`
			`return null;`
			`}`

Add ability for no OAuth 2 Authorization prefix (Closes #1087) 2019-12-12 20:57:39 +00:00			`const header = {`
			`name: 'Authorization',`
			`value: '',`
			`};`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00
Add ability for no OAuth 2 Authorization prefix (Closes #1087) 2019-12-12 20:57:39 +00:00			`if (prefix === 'NO_PREFIX') {`
			`header.value = accessToken;`
			`} else {`
			header.value = `${prefix \|\| 'Bearer'} ${accessToken}`;
			`}`

			`return header;`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`}`