insomnia/app/network/authentication.js

// @flow
import {AUTH_ASAP, AUTH_BASIC, AUTH_BEARER, AUTH_HAWK, AUTH_OAUTH_1, AUTH_OAUTH_2} from '../common/constants';
import {getBasicAuthHeader, getBearerAuthHeader} from '../common/misc';
import getOAuth2Token from './o-auth-2/get-token';
import getOAuth1Token from './o-auth-1/get-token';
import * as Hawk from 'hawk';
import jwtAuthentication from 'jwt-authentication';
import type {RequestAuthentication} from '../models/request';

type Header = {
  name: string,
  value: string
};

export async function getAuthHeader (
  requestId: string,
  url: string,
  method: string,
  authentication: RequestAuthentication
): Promise<Header | null> {
  if (authentication.disabled) {
    return null;
  }

  if (authentication.type === AUTH_BASIC) {
    const {username, password} = authentication;
    return getBasicAuthHeader(username, password);
  }

  if (authentication.type === AUTH_BEARER) {
    const {token} = authentication;
    return getBearerAuthHeader(token);
  }

  if (authentication.type === AUTH_OAUTH_2) {
    const oAuth2Token = await getOAuth2Token(requestId, authentication);
    if (oAuth2Token) {
      const token = oAuth2Token.accessToken;
      return _buildBearerHeader(token, authentication.tokenPrefix);
    } else {
      return null;
    }
  }

  if (authentication.type === AUTH_OAUTH_1) {
    const oAuth1Token = await getOAuth1Token(url, method, authentication);
    if (oAuth1Token) {
      return {
        name: 'Authorization',
        value: oAuth1Token.Authorization
      };
    } else {
      return null;
    }
  }

  if (authentication.type === AUTH_HAWK) {
    const {id, key, algorithm} = authentication;

    const header = Hawk.client.header(
      url,
      method,
      {credentials: {id, key, algorithm}}
    );

    return {
      name: 'Authorization',
      value: header.field
    };
  }

  if (authentication.type === AUTH_ASAP) {
    const {issuer, subject, audience, keyId, privateKey} = authentication;

    const generator = jwtAuthentication.client.create();

    const claims = {
      iss: issuer,
      sub: subject,
      aud: audience
    };

    const options = {
      privateKey,
      kid: keyId
    };

    return new Promise((resolve, reject) => {
      generator.generateAuthorizationHeader(claims, options, (error, headerValue) => {
        if (error) {
          reject(error);
        } else {
          resolve({
            name: 'Authorization',
            value: headerValue
          });
        }
      });
    });
  }

  return null;
}

function _buildBearerHeader (accessToken, prefix) {
  if (!accessToken) {
    return null;
  }

  const name = 'Authorization';
  const value = `${prefix || 'Bearer'} ${accessToken}`;

  return {name, value};
}
Added Token to OAuth 1.0 (Rel #197) 2017-11-06 20:44:55 +00:00			`// @flow`
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`import {AUTH_ASAP, AUTH_BASIC, AUTH_BEARER, AUTH_HAWK, AUTH_OAUTH_1, AUTH_OAUTH_2} from '../common/constants';`
Add Bearer Authorization Support (#274) * add bearer authentication support * remove unexpected trailing comma 2017-06-01 13:18:42 +00:00			`import {getBasicAuthHeader, getBearerAuthHeader} from '../common/misc';`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`import getOAuth2Token from './o-auth-2/get-token';`
oAuth 1.0a Support (#571) 2017-11-06 19:26:31 +00:00			`import getOAuth1Token from './o-auth-1/get-token';`
Implement Hawk Authentication (#446) * Implement Hawk Authentication * fix the missing label of inputs * Fix PR reviews 2017-08-21 17:43:12 +00:00			`import * as Hawk from 'hawk';`
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`import jwtAuthentication from 'jwt-authentication';`
Added Token to OAuth 1.0 (Rel #197) 2017-11-06 20:44:55 +00:00			`import type {RequestAuthentication} from '../models/request';`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00
Added Token to OAuth 1.0 (Rel #197) 2017-11-06 20:44:55 +00:00			`type Header = {`
			`name: string,`
			`value: string`
			`};`

			`export async function getAuthHeader (`
			`requestId: string,`
			`url: string,`
			`method: string,`
			`authentication: RequestAuthentication`
			`): Promise<Header \| null> {`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`if (authentication.disabled) {`
			`return null;`
			`}`

			`if (authentication.type === AUTH_BASIC) {`
			`const {username, password} = authentication;`
			`return getBasicAuthHeader(username, password);`
			`}`

Add Bearer Authorization Support (#274) * add bearer authentication support * remove unexpected trailing comma 2017-06-01 13:18:42 +00:00			`if (authentication.type === AUTH_BEARER) {`
			`const {token} = authentication;`
			`return getBearerAuthHeader(token);`
			`}`

First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`if (authentication.type === AUTH_OAUTH_2) {`
			`const oAuth2Token = await getOAuth2Token(requestId, authentication);`
			`if (oAuth2Token) {`
More 5.0 Fixes and Stuff (#134) * Fix OAuth token, new request content-type, and more * better error messaging around invalid Curl opts * Make XFERINFOFUNCTION an optional option * Fix content-type change prompt and double quotes in prettify * Don't send Expect header on file upload * Remove dead code * Base64 tag * Fix HTML entities in URL clicks * Fix curl paste 2017-04-07 18:10:15 +00:00			`const token = oAuth2Token.accessToken;`
Add token prefex oauth option and foldable advanced options (#420) 2017-08-10 19:34:33 +00:00			`return _buildBearerHeader(token, authentication.tokenPrefix);`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`} else {`
			`return null;`
			`}`
			`}`

oAuth 1.0a Support (#571) 2017-11-06 19:26:31 +00:00			`if (authentication.type === AUTH_OAUTH_1) {`
			`const oAuth1Token = await getOAuth1Token(url, method, authentication);`
			`if (oAuth1Token) {`
			`return {`
			`name: 'Authorization',`
			`value: oAuth1Token.Authorization`
			`};`
			`} else {`
			`return null;`
			`}`
			`}`

Implement Hawk Authentication (#446) * Implement Hawk Authentication * fix the missing label of inputs * Fix PR reviews 2017-08-21 17:43:12 +00:00			`if (authentication.type === AUTH_HAWK) {`
			`const {id, key, algorithm} = authentication;`

			`const header = Hawk.client.header(`
			`url,`
			`method,`
			`{credentials: {id, key, algorithm}}`
			`);`

			`return {`
			`name: 'Authorization',`
			`value: header.field`
			`};`
			`}`

Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`if (authentication.type === AUTH_ASAP) {`
			`const {issuer, subject, audience, keyId, privateKey} = authentication;`
Fix ASAP build errors 2017-11-07 18:19:16 +00:00
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`const generator = jwtAuthentication.client.create();`
Fix ASAP build errors 2017-11-07 18:19:16 +00:00
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`const claims = {`
			`iss: issuer,`
			`sub: subject,`
			`aud: audience`
			`};`
Fix ASAP build errors 2017-11-07 18:19:16 +00:00
Atlassian ASAP authentication support (https://s2sauth.bitbucket.io/) (#565) (#566) 2017-11-07 18:14:08 +00:00			`const options = {`
			`privateKey,`
			`kid: keyId`
			`};`

			`return new Promise((resolve, reject) => {`
			`generator.generateAuthorizationHeader(claims, options, (error, headerValue) => {`
			`if (error) {`
			`reject(error);`
			`} else {`
			`resolve({`
			`name: 'Authorization',`
			`value: headerValue`
			`});`
			`}`
			`});`
			`});`
			`}`

First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`return null;`
			`}`

Add token prefex oauth option and foldable advanced options (#420) 2017-08-10 19:34:33 +00:00			`function _buildBearerHeader (accessToken, prefix) {`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`if (!accessToken) {`
			`return null;`
			`}`

			`const name = 'Authorization';`
Add token prefex oauth option and foldable advanced options (#420) 2017-08-10 19:34:33 +00:00			const value = `${prefix \|\| 'Bearer'} ${accessToken}`;
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00
			`return {name, value};`
			`}`