@trimble-oss/trimble-id
Trimble Identity SDK for JavaScript/ TypeScript.
Getting Started
Installation
Using npm in your project directory run the following command:
npm install @trimble-oss/trimble-idAuthentication with Trimble Identity
To utilize TID authentication, the calling app must be registered with Trimble Identity. You can conveniently handle the application registration process on Trimble Developer Console
Configure the endpoint
Configure the well-known URL endpoint is used to retrieve the authorization, token and user info endpoints for Trimble OAuth server.
| Stage Well-Known URL | https://stage.id.trimblecloud.com/.well-known/openid-configuration |
|---|---|
| Production Well-Known URL | https://id.trimble.com/.well-known/openid-configuration |
JavaScript Usage Reference
trimble-id.OpenIdEndpointProvider
OpenIdEndpointProvider helps to discover various endpoints like authorization_endpoint, token_endpoint, userinfo_endpoint etc.
import {OpenIdEndpointProvider} from '@trimble-oss/trimble-id';var endpointProvider = new OpenIdEndpointProvider(WELL_KNOWN_ENDPOINT);endpointProvider.retrieveAuthorizationEndpoint() .then((endpoint) => {}) .catch(() => {});WELL_KNOWN_ENDPOINT
| Production | https://id.trimble.com/.well-known/openid-configuration |
|---|
trimble-id.ClientCredentialTokenProvider
The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
import {ClientCredentialTokenProvider} from '@trimble-oss/trimble-id';var endpointProvider = new OpenIdEndpointProvider(WELL_KNOWN_ENDPOINT);var tokenProvider = new ClientCredentialTokenProvider(endpointProvider, CONSUMER_KEY, CONSUMER_SECRET).WithScopes([REQUESTED_SCOPE]);tokenProvider.retrieveToken() .then((token) => {}) .catch(() => {});trimble-id.AuthorizationCodeGrantTokenProvider
AuthorizationCodeGrantTokenProvider is effectively composed of three stages:
- Discovering or specifying the endpoints to interact with the provider.
- Authorizing the user, via a browser, in order to obtain an authorization code.
- Exchanging the authorization code with the authorization server, to obtain tokens.
Usage
1. Initialize the AuthorizationCode Provider
Authorization code Grant
import {AuthorizationCodeGrantTokenProvider} from '@trimble-oss/trimble-id';var endpointProvider = new OpenIdEndpointProvider(WELL_KNOWN_ENDPOINT);var tokenProvider = new AuthorizationCodeGrantTokenProvider(endpointProvider, CONSUMER_KEY, REDIRECT_URI).WithConsumerSecret(CONSUMER_SECRET).WithScopes([REQUESTED_SCOPE]);Authorization code Grant With PKCE
import {AuthorizationCodeGrantTokenProvider} from '@trimble-oss/trimble-id';let codeVerifier = AuthorizationCodeGrantTokenProvider.GenerateCodeVerifier();let tokenProvider = new AuthorizationCodeGrantTokenProvider(endpointProvider, CONSUMER_KEY, REDIRECT_URI).WithScopes([REQUESTED_SCOPE]).WithProofKeyForCodeExchange(codeVerifier);2. Get Redirect URL for Trimble Identity
await tokenProvider.GetOAuthRedirect() .then((redirect) => { /* Launch browser with this redirect url*/ }) .catch(() => {})3. Validate the Redirect URL
Validation of redirect url can be done in two ways :
a. Validate Query
After login, Validate the query parameters passed back to the application by Trimble Identity
tokenProvider.ValidateQuery(queryString) // Here queryString is the query string from the URL .then(() => { tokenProvider.retrieveToken() // Retrieves an access token for the authenticated user .then((token) => {}) .catch(() => {}); }) .catch(() => {});b. Validate Code
After login, Validate the authorization code passed back to the application by Trimble Identity
tokenProvider.ValidateCode(code) // Here code is the code from url .then(() => { tokenProvider.retrieveToken() // Retrieves an access token for the authenticated user .then((token) => {}) .catch(() => {}); }) .catch(() => {});NOTE: Authorization code with PKCE use Serial PKCE to refresh their access token. After every
retrieveToken()call, we need to retrieve the code_verifier usingtokenProvider.RetrieveCodeVerifier()and set it to tokenProvider usingtokenProvider.WithProofKeyForCodeExchange(code_verifier)for future token request.
Logout
tokenProvider.WithLogoutRedirect(LOGOUT_REDIRECT_URL); // Here LOGOUT_REDIRECT_URL refers to the Allowed Logout URL added for the application in Trimble cloud console.tokenProvider.GetOAuthLogoutRedirect() .then((redirect) => { /* for the client browser to redirect */ }) .catch(() => {})trimble-id.ValidatedClaimsetProvider
Provides the validated claimset for a JSON web token. A default clock skew/ grace period of 5 minutes is enforced while retrieving the claimset. Clock skew is the acceptable time difference between signer and verifier in seconds.
// Here token validation is performed with a clockskew/graceperiod of 5 minutes while retrieving claimset.
import {OpenIdKeysetProvider} from '@trimble-oss/trimble-id'import {ValidatedClaimsetProvider} from '@trimble-oss/trimble-id'var keysetProvider = new OpenIdKeysetProvider(endpointProvider)var claimsetProvider = new ValidatedClaimsetProvider(keysetProvider);var claimset = await claimsetProvider.RetrieveClaimset(ID_TOKEN);
--With custom clock skew---// Here the clockskew is set to x minutes
var claimsetProvider = new ValidatedClaimsetProvider(keysetProvider).WithClockSkew(x*60);
---Without Token Validation-----var claimsetProvider = new ValidatedClaimsetProvider(keysetProvider).WithTokenValidation(false);
//Here clockskew is ignored.trimble-id.RefreshableTokenProvider
The Refresh Token grant type is used by clients to exchange a refresh token for an access token when the access token has expired.
import {RefreshableTokenProvider} from '@trimble-oss/trimble-id';var endpointProvider = new OpenIdEndpointProvider(WELL_KNOWN_ENDPOINT);var tokenProvider = new RefreshableTokenProvider(endpointProvider, CONSUMER_KEY, CONSUMER_SECRET).WithRefreshToken(REFRESH_TOKEN);tokenProvider.retrieveToken() .then((token) => {}) .catch(() => {});With PKCE
import {RefreshableTokenProvider} from '@trimble-oss/trimble-id';var endpointProvider = new OpenIdEndpointProvider(WELL_KNOWN_ENDPOINT);var tokenProvider = new RefreshableTokenProvider(endpointProvider, CONSUMER_KEY).WithRefreshToken(REFRESH_TOKEN).WithProofKeyForCodeExchange(CODE_VERIFIER);tokenProvider.retrieveToken() .then((token) => {}) .catch(() => {});trimble-id.OnBehalfTokenProvider
The On Behalf grant flow allows an application to act on behalf of a user. The On Behalf grant is only supported for access tokens. It does not work with any other type of token, including refresh tokens.
import {OnBehalfTokenProvider} from '@trimble-oss/trimble-id';var endpointProvider = new OpenIdEndpointProvider(WELL_KNOWN_ENDPOINT);var tokenProvider = new OnBehalfTokenProvider(endpointProvider, CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN).WithScopes([REQUESTED_SCOPE]);tokenProvider.retrieveToken() .then((token) => {}) .catch(() => {});trimble-id.FixedTokenProvider
FixedTokenProvider helps to return the fixed tokens.
import {FixedTokenProvider} from '@trimble-oss/trimble-id';var tokenProvider = new FixedTokenProvider(ACCESS_TOKEN);tokenProvider.retrieveToken() .then((token) => {}) .catch(() => {});trimble-id.FixedEndpointProvider
FixedEndpointProvider helps to configure the fixed oauth endpoints like authorization_endpoint, token_endpoint, userinfo_endpoint etc.
import {FixedEndpointProvider} from '@trimble-oss/trimble-id';var endpointProvider = new FixedEndpointProvider(AUTHORIZATION_ENDPOINT, TOKEN_ENDPOINT, USERINFO_ENDPOINT,TOKENREVOCATION_ENDPOINT, JWKS_ENDPOINT);endpointProvider.retrieveAuthorizationEndpoint() .then((endpoint) => {}) .catch(() => {});trimble-id.BearerTokenHttpClientProvider
Http client provider for API using bearer token authorization
import {BearerTokenHttpClientProvider} from '@trimble-oss/trimble-id';var tokenProvider = new ClientCredentialTokenProvider(endpointProvider, CONSUMER_KEY, CONSUMER_SECRET).WithScopes([REQUESTED_SCOPE]);var httpClientProvider = new BearerTokenHttpClientProvider(tokenProvider, BASE_URL);httpClientProvider.RetrieveClient() .then((httpClient) => {}) .catch(() => {});trimble-id.SimpleHttpClientProvider
Http client provider for API
import {SimpleHttpClientProvider} from '@trimble-oss/trimble-id';var httpClientProvider = new SimpleHttpClientProvider();httpClientProvider.RetrieveClient() .then((httpClient) => {}) .catch(() => {});Samples
Please find the samples here.
FAQ
Do you have questions? Do not worry, we have prepared a complete FAQ answering the most common questions.
Support
Send email to cloudplatform_support@trimble.com for any questions or issues.