<!-- Generated by documentation.js. Update this documentation by updating the source code. -->

### Table of Contents

-   [init][1]
    -   [Parameters][2]
-   [login][3]
-   [logout][4]
-   [changePassword][5]
    -   [Parameters][6]
-   [registerHook][7]
    -   [Parameters][8]
-   [getAccessToken][9]
    -   [Parameters][10]
-   [getDecodedAccessToken][11]
-   [userInfo][12]
-   [getCloudProviderToken][13]
    -   [Parameters][14]
-   [cloudProviderUserInfo][15]
-   [getAdminConsent][16]
    -   [Parameters][17]
-   [revokeAdminConsent][18]
-   [statusAdminConsent][19]
-   [getLinkMap][20]
-   [setLinkMap][21]
    -   [Parameters][22]
-   [linkUser][23]
    -   [Parameters][24]
-   [unlinkUser][25]
    -   [Parameters][26]
-   [cloudProviderReauthenticate][27]
    -   [Parameters][28]
-   [cloudProviderUpdate][29]
    -   [Parameters][30]
-   [registerEventListener][31]
    -   [Parameters][32]
-   [authoriseSupport][33]
    -   [Parameters][34]
-   [passthrough][41]
    -   [Parameters][42]

## init

Initialize the Auth Agent. This function needs to be called at the very beginning of the loading of the app.
If the query contains parameters "code" and "state", the Auth Agent will exchange the auth code for an access_token and store the access_token in memory for later use.

### Parameters

- `authHost` **[string][36]** : LEAP Auth url (required)
- `clientId` **[string][36]** : LEAP Auth client id (required)
- `scopes` **[Array<string>][36]** : a list of scopes for the access_token (required)
- `autoLogin` **[boolean][37]** : If true, the login function is called once the Auth Agent is initialized (optional, default `true`)
- `autoLogout` **[boolean][37]** : If true, the user will be automatically logged out after a configurable time interval if no activity detected (optional, default `true`)
- `idleTimeoutInMinutes` **[number][37]** : In minutes, the time interval after which the user is automatically logged out if no activity detected (optional, default `30`)
- `uniqueSession` **[boolean][37]** : If true, the same user can't have more than one active session for the same app, based on authHost and clientId (optional, default `true`)
- `userPresence` **[boolean][37]** : If true, the same user can't have more than one active session between web applications and LEAP Desktop (optional, default `false`)
- `autoRefreshToken` **[boolean][37]** : If true, AuthAgent would run a background task to refresh access token before they expire(optional, default `false`)
- `rememberMe` **[boolean][37]** : If true, AuthAgent would have query `remember_me=true`, and this would have "Keep me signed in" checkbox checked by default in the login page. (optional, default `false`)
- `hooks` **[object][38]** : callback functions(optional, default: no hooks)
  * afterLogin: Callback function that take the access_token, executed after login.
  * beforeLogout: Callback function executed before logout.
  * uniqueSessionTrigger: Callback function executed when unique session triggered.
  * userPresenceTrigger: Callback function executed when user presence triggered.
  * afterRefreshToken: Callback function executed after an access token refreshed.
- `initToken` **[string][37]** : If provided, AuthAgent would use the jti from the initToken and call "passthrough" to create an auth session(optional, default `""`)


Returns **[Promise][39]** Nothing if autoLogin is turned off, the access_token if autoLogin is turned on

## login

Login function using PKCE flow.
Executes hook afterLogin if any.

### Parameters
-   `force_2fa` **[boolean][37]** Force user to do a 2fa challenge (optional, default `false`)

Returns **[Promise][39]** The access_token

## logout

Executes hook beforeLogout if any.

## changePassword

Change Password function.

### Parameters

-   `redirectUrl` **[string][36]** Url to redirect the browser to after password changed when newWindow = false (current URL by default) (optional, default `currentUrl`)
-   `newWindow` **[boolean][37]** If newWindow = false, changingPassword process will be executed in the same window. Once this done, user would be force to logout and the browser will be redirected to the redirectUrl (current url by default). 
                                        If newWindow = true, changingPassword process will be executed in a new window. Once this done, user would be force to logout by pubnub presence message
                                         1) if there is callback fn, the dedicated window will be closed and the callback will be executed.
                                         2) if there is no callback fn, the dedicated window will stay open and user would be navigated to a changePasswordSuccess confirm page (optional, default `false`)
-   `callback` **[function][38]** The callback function to be executed after changingPassword is done when newWindow = true

## registerHook

Allows to register hook on the fly.

### Parameters

-   `name` **[string][36]** The name of the hook : afterLogin or beforeLogout
-   `callback` **[function][38]** The callback

## getAccessToken

Allows to retrieve the encoded access_token.
If refresh is true, make a request to Leap Auth to get a new access token, and return a promise.
Otherwise, get the access token stored by JSO and return a string

Returns **[String][36]** The access_token

## getRefreshedAccessToken

### Parameters

-   `force` **[boolean][36]** Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired

Allows to retrieve the encoded refreshed access_token.
This function is similar to "getAccessToken", except it is an async and it would firstly check if the current access token expires. It the access token does expire and it has a refreshToken, it would refresh the access token and return a new access token

Returns **[Promise][39]** The access_token

## getDecodedAccessToken

Allows to retrieve the decoded access_token

Returns **[object][35]** The decoded access_token

## getDecodedRefreshedAccessToken

### Parameters

-   `force` **[boolean][36]** Optional parameter and if it is true, it will force to get a refreshed token even the exiting token is not expired

Allows to retrieve the decoded refreshed access_token

Returns **[Promise][39]** The decoded access_token

## userInfo

Returns user info, including external user info if the user is linked to a cloud provider account.

Returns **[object][35]** user info

## getCloudProviderToken

Get a cloud proiver token for the current user.
Get the token by jti if the paramter exists.

### Parameters

-   `jti` **[string][36]** The token id (optional)

Returns **[Promise][39]** The token

## cloudProviderUserInfo

Returns the cloud provider info related to the current user.

Returns **[Promise][39]** The info

## getAdminConsent

Redirects the browser to the admin consent page of the current user's cloud provider.
Then, the browser is redirected to the redirectUrl.

### Parameters

-   `domain` **[string][36]** The cloud provider domain of the firm (optional)
-   `redirectUrl` **[string][36]** Url to redirect the browser to after getting the admin consent when newWindow is not true (current URL by default) (optional, default `currentUrl`)
-   `newWindow` **[boolean][37]** If true, admin consent process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, admin consent process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default `false`)
-   `callback` **[function][38]** The callback to execute after admin consent is given when newWindow = true

## revokeAdminConsent

Revoke admin consent.

Returns **[Promise][39]** 

## statusAdminConsent

Returns the status of admin consent for the firm

Returns **[Promise][39]** true if admin consent have been given, otherwise false

## getLinkMap

Returns the list of all the users of the tenant, each one mapped with it's internal linked user if any.

Returns **[Promise][39]** The map

## setLinkMap

Allows to save the mapping between users of the tenant and internal linked users.

### Parameters

-   `linkmap` **[array][40]** The map

Returns **[Promise][39]** 

## linkUser

Link current user to a cloud provider account.

### Parameters

-   `redirectUrl` **[string][36]** Url to redirect the browser to after linking the user when newWindow is not true (current URL by default) (optional, default `currentUrl`)
-   `newWindow` **[boolean][37]** If true, linking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, linking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default `false`)
-   `callback` **[function][38]** The callback to execute after linking is done when newWindow = true

Returns **[Promise][39]** 

## unlinkUser

Unlink current user from cloud provider account.

### Parameters

-   `redirectUrl` **[string][36]** Url to redirect the browser to after unlinking the user when newWindow is not true (current URL by default) (optional, default `currentUrl`)
-   `newWindow` **[boolean][37]** If true, unlinking process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, unlinking process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default `false`)
-   `callback` **[function][38]** The callback to execute after unlinking is done when newWindow = true

Returns **[Promise][39]** 

## cloudProviderReauthenticate

Allows to reauthenticate the user against it's cloud provider to renew the access token

### Parameters

-   `nonce` **[string][36]** A nonce generated by Leap Auth, required but can be null (required)
-   `redirectUrl` **[string][36]** Url to redirect the browser to after reauthentication when newWindow is not true (current URL by default) (optional, default `currentUrl`)
-   `newWindow` **[boolean][37]** If true, re-authentication process will be executed in a new window. Once done, the dedicated window will be closed and the callback will be executed. If false, re-authentication process will be executed in the same window and once done, the browser will be redirected to the redirectUrl. (optional, default `false`)
-   `callback` **[function][38]** The callback to execute after re-authentication is done when newWindow = true

## cloudProviderUpdate

Updates the firm's cloud provider

### Parameters

-   `cloudProviderId` **[string][36]** "microsoft", "google" (required)

## registerEventListener

Allows to register a callback to execute when receiving a user event for the topic and message type passed as paramters.

### Parameters

-   `topic` **[string][36]** The topic (required)
-   `messageType` **[string][36]** The type of message (required)
-   `callback` **[function][38]** The callback to execute when receiving the message (required)

## authoriseSupport

Allows to authorise a support request from a support agent.

### Parameters

-   `code` **[string][36]** The code of the support request received (required)
-   `duration` **[string][36]** The duration of the support request can be modified by the user. It has to be in momentjs format (optional)

## passthrough

Create an auth session and open a new app

### Parameters

-   `url` **[string][36]** Url of the app (requried)
-   `newWindow` **[boolean][37]** If true, the new app will be open in the new browser tab. If false, app will be open in the current browser tab. (optional, default `false`)
-   `authHost` **[string][36]** The authHost that the new app is using. (optional, default value is the same authHost as current app)

[1]: #init

[2]: #parameters

[3]: #login

[4]: #logout

[5]: #changepassword

[6]: #parameters-1

[7]: #registerhook

[8]: #parameters-2

[9]: #getaccesstoken

[10]: #parameters-3

[11]: #getdecodedaccesstoken

[12]: #userinfo

[13]: #getcloudprovidertoken

[14]: #parameters-4

[15]: #cloudprovideruserinfo

[16]: #getadminconsent

[17]: #parameters-5

[18]: #revokeadminconsent

[19]: #statusadminconsent

[20]: #getlinkmap

[21]: #setlinkmap

[22]: #parameters-6

[23]: #linkuser

[24]: #parameters-7

[25]: #unlinkuser

[26]: #parameters-8

[27]: #cloudproviderreauthenticate

[28]: #parameters-9

[29]: #cloudproviderupdate

[30]: #parameters-10

[31]: #registereventlistener

[32]: #parameters-11

[33]: #authorisesupport

[34]: #parameters-12

[35]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object

[36]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String

[37]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Boolean

[38]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Statements/function

[39]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise

[40]: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Array

[41]: #passthrough

[42]: #parameters-14