import IGirafeContext from '../context/icontext.js'; import AbstractConnectManager from './abstractconnectmanager.js'; import GMFManager from './gmfmanager.js'; /** * For diverse reasons, this could NOT be done using the oAuth2 mechanisms of GMF: * 1. There is no .well-know discovery endpoint * 2. The token endpoint needs a client_secret, and for security reasons it has to be called from the backend itself. * There is not custom backend for GeoGirafe and we cannot do this. * 3. The redirect url is limited to exact matches, and we cannot pass the state of the application in the redirect_uri * 4. Using GMF oAuth2 routes for authentification does not authenticate the user to the backend. * It just tells the client that you have a correct user in GMF. * But you do not get any valid cookie for the GMF Backend. * * For all those reasons, we cannot use the geomapfish oAuth process * Instead we will use the login.html page of the backend to delegate the login to the backend * This will be a standard GMF login, there is no oAuth Process here. * * NOTE: If the geogirafe client is not running on the same domain as the GMF backend, * the GMF Backend needs to be configured with : * - CORS with credentials for specific domain (this can be done for example with an lua script at the in the haproxy configuration) * - The frontend domain has to be allowed as referer in the vars.yaml file. * - The variable AUTHTKT_SAMESITE has to be set to None, to allow authentication cookies to be sent to the backend from another domain * There is no need for any oAuth2 configuration in the admin tool. */ export default class GMFConnectManager extends AbstractConnectManager { private readonly gmfManager; constructor(context: IGirafeContext, gmfManager: GMFManager); private get authConfig(); private isAuthentified; initialize(): Promise; login(): Promise; silentLogin(): Promise; logout(): Promise; private redirectToIssuerLogin; private handleLoggedInToIssuer; private refreshToken; }