(function (global, factory) { typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() : typeof define === 'function' && define.amd ? define('keycloak-authorization', factory) : (global = typeof globalThis !== 'undefined' ? globalThis : global || self, global.KeycloakAuthorization = factory()); })(this, (function () { 'use strict'; var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; function commonjsRequire(path) { throw new Error('Could not dynamically require "' + path + '". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.'); } var es6Promise_min = {exports: {}}; (function (module, exports) { !function(t,e){module.exports=e();}(commonjsGlobal,function(){function t(t){var e=typeof t;return null!==t&&("object"===e||"function"===e)}function e(t){return "function"==typeof t}function n(t){W=t;}function r(t){z=t;}function o(){return function(){return process.nextTick(a)}}function i(){return "undefined"!=typeof U?function(){U(a);}:c()}function s(){var t=0,e=new H(a),n=document.createTextNode("");return e.observe(n,{characterData:!0}),function(){n.data=t=++t%2;}}function u(){var t=new MessageChannel;return t.port1.onmessage=a,function(){return t.port2.postMessage(0)}}function c(){var t=setTimeout;return function(){return t(a,1)}}function a(){for(var t=0;t= 200 && status < 300) { var rpt = JSON.parse(request.responseText).access_token; _instance.rpt = rpt; onGrant(rpt); } else if (status == 403) { if (onDeny) { onDeny(); } else { console.error('Authorization request was denied by the server.'); } } else { if (onError) { onError(); } else { console.error('Could not obtain authorization data from server.'); } } } }; var params = "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&client_id=" + keycloak.clientId + "&ticket=" + authorizationRequest.ticket; if (authorizationRequest.submitRequest != undefined) { params += "&submit_request=" + authorizationRequest.submitRequest; } var metadata = authorizationRequest.metadata; if (metadata) { if (metadata.responseIncludeResourceName) { params += "&response_include_resource_name=" + metadata.responseIncludeResourceName; } if (metadata.responsePermissionsLimit) { params += "&response_permissions_limit=" + metadata.responsePermissionsLimit; } } if (_instance.rpt && (authorizationRequest.incrementalAuthorization == undefined || authorizationRequest.incrementalAuthorization)) { params += "&rpt=" + _instance.rpt; } request.send(params); } }; return this; }; /** * Obtains all entitlements from a Keycloak Server based on a given resourceServerId. */ this.entitlement = function (resourceServerId, authorizationRequest) { this.then = function (onGrant, onDeny, onError) { var request = new XMLHttpRequest(); request.open('POST', _instance.config.token_endpoint, true); request.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); request.setRequestHeader('Authorization', 'Bearer ' + keycloak.token); request.onreadystatechange = function () { if (request.readyState == 4) { var status = request.status; if (status >= 200 && status < 300) { var rpt = JSON.parse(request.responseText).access_token; _instance.rpt = rpt; onGrant(rpt); } else if (status == 403) { if (onDeny) { onDeny(); } else { console.error('Authorization request was denied by the server.'); } } else { if (onError) { onError(); } else { console.error('Could not obtain authorization data from server.'); } } } }; if (!authorizationRequest) { authorizationRequest = {}; } var params = "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&client_id=" + keycloak.clientId; if (authorizationRequest.claimToken) { params += "&claim_token=" + authorizationRequest.claimToken; if (authorizationRequest.claimTokenFormat) { params += "&claim_token_format=" + authorizationRequest.claimTokenFormat; } } params += "&audience=" + resourceServerId; var permissions = authorizationRequest.permissions; if (!permissions) { permissions = []; } for (var i = 0; i < permissions.length; i++) { var resource = permissions[i]; var permission = resource.id; if (resource.scopes && resource.scopes.length > 0) { permission += "#"; for (var j = 0; j < resource.scopes.length; j++) { var scope = resource.scopes[j]; if (permission.indexOf('#') != permission.length - 1) { permission += ","; } permission += scope; } } params += "&permission=" + permission; } var metadata = authorizationRequest.metadata; if (metadata) { if (metadata.responseIncludeResourceName) { params += "&response_include_resource_name=" + metadata.responseIncludeResourceName; } if (metadata.responsePermissionsLimit) { params += "&response_permissions_limit=" + metadata.responsePermissionsLimit; } } if (_instance.rpt) { params += "&rpt=" + _instance.rpt; } request.send(params); }; return this; }; this.init(this); return this; }; return KeycloakAuthorization; }));