IdentityModule
The Identity Module (Id Module) is the component responsible for handling the user identity and the association of this identity with the Hyperty instances, in order to make Hyperty instances identifiable. The identity in the reTHINK project is not fixed to a unique Identity Service Provider, but obtained through several different Identity sources. With this approach, the Id Module provides to the user the option to choose the preferred method for authentication. This module will thus able to support multiple Identity acquisition methods, such as OpenID connect 1.0, Kerberos System, or authentication through smart cards. For example, a user with a Google account can use the Google as an Identity Provider to provide Identity Tokens, which can be used by the Identity Module to associate it with a Hyperty instance.
The Identity Module uses a node package, the HelloJS, which is a client-side JavaScript API for authentication that facilitates the requests for the OpenID connect protocol. This method allows for some abstraction when making requests for different Identity Providers, such as OpenID connect used by Google, Facebook, Microsoft, for example.
When a request for a user identity is made using the method loginWithRP(identifier, scope), this method will analyse the Identity Provider chosen to obtain an identity and will use the HelloJS node package with the selected Identity Provider and identity scope. After the HelloJS request for an Access Token to the Identity Providers, the user will be prompted to authenticate towards the Identity Provider. Upon receiving the Access Token, this token is validated with a RESTful web service request to an endpoint on the Identity Provider Authorization Server, and after the validation is done, an ID token is obtained with the information according to the scope required. This ID token is then preserved in this module that can obtained through the getIdentities() and is passed as return value of the loginWithRP function. The methods generateAssertion and validateAssertion have not yet been developed.
Constructor Summary
Public Constructor | ||
public |
constructor(runtimeURL: *, runtimeCapabilities: *, storageManager: *, dataObjectsStorage: *) This is the constructor to initialise the Identity Module it does not require any input. |
Member Summary
Public Members | ||
public get |
messageBus(messageBus: MessageBus): * return the messageBus in this Registry |
|
public set |
messageBus(messageBus: MessageBus): * Set the messageBus in this Registry |
|
public get |
return the registry in this idModule |
|
public set |
Set the registry in this idModule |
Method Summary
Public Methods | ||
public |
|
|
public |
callGenerateMethods(idp: *, origin: *): * |
|
public |
callIdentityModuleFunc(methodName: *, parameters: *): * |
|
public |
decryptDataObject(dataObject: *, sender: *): * |
|
public |
decryptMessage(message: *): * |
|
public |
deleteIdentity(userURL: String) Function to remove an identity from the Identities array |
|
public |
|
|
public |
doMutualAuthentication(sender: *, receiver: *): * |
|
public |
encryptDataObject(dataObject: *, sender: *): * |
|
public |
encryptMessage(message: *): * |
|
public |
generateAssertion(contents: DOMString, origin: DOMString, usernameHint: DOMString, keyPair: JSON): IdAssertion Requests the IdpProxy from a given Domain for an identityAssertion |
|
public |
generateSelectedIdentity(publicKey: *, origin: *, idp: *, keyPair: *): * |
|
public |
getAccessToken(legacyURL: String): JSON get an Access Token for a legacyURL |
|
public |
Function to return the selected Identity within a session |
|
public |
getIdToken(hypertyURL: String): JSON get an Id Token for a HypertyURL |
|
public |
getIdentities(): Array<Identities> Function to return all the identities registered within a session by a user. |
|
public |
getIdentitiesToChoose(): {"identities": *, "idps": *} |
|
public |
getIdentity(userURL: String): JSON gets all the information from a given userURL |
|
public |
getIdentityAssertion(identityBundle: *): IdAssertion Function that fetch an identityAssertion from a user. |
|
public |
get a Token to be added to a message |
|
public |
getUsersIDs(emailFormat: Boolean): Array<String> Function to return all the users URLs registered within a session These users URLs are returned in an array of strings. |
|
public |
loginSelectedIdentity(publicKey: *, origin: *, idp: *, keyPair: *, loginUrl: *): * |
|
public |
requestIdentityToGUI(identities: Array<identity>, idps: Array<String>): Promise Function that sends a request to the GUI using messages. |
|
public |
selectIdentityForHyperty(origin: *, idp: *, idHint: *): * |
|
public |
selectIdentityFromGUI(origin: *): * |
|
public |
sendGenerateMessage(contents: *, origin: *, usernameHint: *, idpDomain: *): * |
|
public |
setCurrentIdentity(identity: Identity) Function to set the current Identity with a given Identity |
|
public |
storeIdentity(result: *, keyPair: *): * |
|
public |
unregisterIdentity(email: String) Function to unregister an identity from the emailsList array and not show in to the GUI |
|
public |
validateAssertion(assertion: DOMString, origin: DOMString): Promise Requests the IdpProxy from a given Domain to validate an IdentityAssertion Returns a promise with the result from the validation. |
Public Constructors
public constructor(runtimeURL: *, runtimeCapabilities: *, storageManager: *, dataObjectsStorage: *) source
This is the constructor to initialise the Identity Module it does not require any input.
Params:
Name | Type | Attribute | Description |
runtimeURL | * | ||
runtimeCapabilities | * | ||
storageManager | * | ||
dataObjectsStorage | * |
Public Members
Public Methods
public addGUIListeners() source
public callGenerateMethods(idp: *, origin: *): * source
Params:
Name | Type | Attribute | Description |
idp | * | ||
origin | * |
Return:
* |
public callIdentityModuleFunc(methodName: *, parameters: *): * source
Params:
Name | Type | Attribute | Description |
methodName | * | ||
parameters | * |
Return:
* |
public decryptDataObject(dataObject: *, sender: *): * source
Params:
Name | Type | Attribute | Description |
dataObject | * | ||
sender | * |
Return:
* |
public decryptMessage(message: *): * source
Params:
Name | Type | Attribute | Description |
message | * |
Return:
* |
public deleteIdentity(userURL: String) source
Function to remove an identity from the Identities array
Params:
Name | Type | Attribute | Description |
userURL | String | userURL |
public deployGUI() source
public doMutualAuthentication(sender: *, receiver: *): * source
Params:
Name | Type | Attribute | Description |
sender | * | ||
receiver | * |
Return:
* |
public encryptDataObject(dataObject: *, sender: *): * source
Params:
Name | Type | Attribute | Description |
dataObject | * | ||
sender | * |
Return:
* |
public encryptMessage(message: *): * source
Params:
Name | Type | Attribute | Description |
message | * |
Return:
* |
public generateAssertion(contents: DOMString, origin: DOMString, usernameHint: DOMString, keyPair: JSON): IdAssertion source
Requests the IdpProxy from a given Domain for an identityAssertion
Params:
Name | Type | Attribute | Description |
contents | DOMString | contents |
|
origin | DOMString | origin |
|
usernameHint | DOMString | usernameHint |
|
keyPair | JSON | user keyPair |
Return:
IdAssertion | IdAssertion |
public generateSelectedIdentity(publicKey: *, origin: *, idp: *, keyPair: *): * source
Params:
Name | Type | Attribute | Description |
publicKey | * | ||
origin | * | ||
idp | * | ||
keyPair | * |
Return:
* |
public getAccessToken(legacyURL: String): JSON source
get an Access Token for a legacyURL
Params:
Name | Type | Attribute | Description |
legacyURL | String | the legacy address |
public getCurrentIdentity(): Identity source
Function to return the selected Identity within a session
public getIdToken(hypertyURL: String): JSON source
get an Id Token for a HypertyURL
Params:
Name | Type | Attribute | Description |
hypertyURL | String | the Hyperty address |
public getIdentities(): Array<Identities> source
Function to return all the identities registered within a session by a user. These identities are returned in an array containing a JSON package for each user identity.
public getIdentitiesToChoose(): {"identities": *, "idps": *} source
Return:
{"identities": *, "idps": *} |
public getIdentity(userURL: String): JSON source
gets all the information from a given userURL
Params:
Name | Type | Attribute | Description |
userURL | String | user url |
public getIdentityAssertion(identityBundle: *): IdAssertion source
Function that fetch an identityAssertion from a user.
Params:
Name | Type | Attribute | Description |
identityBundle | * |
Return:
IdAssertion | IdAssertion |
public getUsersIDs(emailFormat: Boolean): Array<String> source
Function to return all the users URLs registered within a session These users URLs are returned in an array of strings.
Params:
Name | Type | Attribute | Description |
emailFormat | Boolean | (Optional) boolean to indicate to return in email format |
public loginSelectedIdentity(publicKey: *, origin: *, idp: *, keyPair: *, loginUrl: *): * source
Params:
Name | Type | Attribute | Description |
publicKey | * | ||
origin | * | ||
idp | * | ||
keyPair | * | ||
loginUrl | * |
Return:
* |
public requestIdentityToGUI(identities: Array<identity>, idps: Array<String>): Promise source
Function that sends a request to the GUI using messages. Sends all identities registered and the Idps supported, and return the identity/idp received by the GUI
public selectIdentityForHyperty(origin: *, idp: *, idHint: *): * source
Params:
Name | Type | Attribute | Description |
origin | * | ||
idp | * | ||
idHint | * |
Return:
* |
public selectIdentityFromGUI(origin: *): * source
Params:
Name | Type | Attribute | Description |
origin | * |
Return:
* |
public sendGenerateMessage(contents: *, origin: *, usernameHint: *, idpDomain: *): * source
Params:
Name | Type | Attribute | Description |
contents | * | ||
origin | * | ||
usernameHint | * | ||
idpDomain | * |
Return:
* |
public setCurrentIdentity(identity: Identity) source
Function to set the current Identity with a given Identity
Params:
Name | Type | Attribute | Description |
identity | Identity | identity |
public storeIdentity(result: *, keyPair: *): * source
Params:
Name | Type | Attribute | Description |
result | * | ||
keyPair | * |
Return:
* |
public unregisterIdentity(email: String) source
Function to unregister an identity from the emailsList array and not show in to the GUI
Params:
Name | Type | Attribute | Description |
String |