Impersonation capabilities disabled by default, rename to

imperativeImpersonation
keycloakify · Oct 20, 2024 · 69b8542 · 69b8542
1 parent b5ef77c
commit 69b8542
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/src/mock/oidc.ts b/src/mock/oidc.ts
@@ -175,6 +175,7 @@ export async function createMockOidc<
               }
             : {
                   "authMethod": "silent signin"
-              })
+              }),
+        "isImperativeImpersonation": false
     });
 }
diff --git a/src/oidc.ts b/src/oidc.ts
@@ -82,6 +82,7 @@ export declare namespace Oidc {
             subscribeToAutoLogoutCountdown: (
                 tickCallback: (params: { secondsLeft: number | undefined }) => void
             ) => { unsubscribeFromAutoLogoutCountdown: () => void };
+            isImperativeImpersonation: boolean;
         } & (
                 | {
                       /**
@@ -200,6 +201,8 @@ export type ParamsOfCreateOidc<
     autoLogoutParams?: Parameters<Oidc.LoggedIn<any>["logout"]>[0];
     isAuthGloballyRequired?: IsAuthGloballyRequired;
     doEnableDebugLogs?: boolean;
+
+    doAllowImperativeImpersonation?: boolean;
 };
 
 const prOidcByConfigHash = new Map<string, Promise<Oidc<any>>>();
@@ -315,7 +318,8 @@ export async function createOidc_nonMemoized<
         __unsafe_ssoSessionIdleSeconds,
         autoLogoutParams = { "redirectTo": "current page" },
         isAuthGloballyRequired = false,
-        postLoginRedirectUrl
+        postLoginRedirectUrl,
+        doAllowImperativeImpersonation = false
     } = params;
 
     const { issuerUri, clientId, scopes, configHash, log } = preProcessedParams;
@@ -407,7 +411,15 @@ export async function createOidc_nonMemoized<
         await new Promise<never>(() => {});
     }
 
-    maybeImpersonate({ configHash });
+    const isImperativeImpersonation = (() => {
+        if (!doAllowImperativeImpersonation) {
+            return false;
+        }
+
+        const { isImperativeImpersonation } = maybeImpersonate({ configHash });
+
+        return isImperativeImpersonation;
+    })();
 
     const oidcClientTsUserManager = new OidcClientTsUserManager({
         configHash,
@@ -1517,7 +1529,8 @@ export async function createOidc_nonMemoized<
               })
             : {
                   "authMethod": resultOfLoginProcess.authMethod
-              })
+              }),
+        isImperativeImpersonation
     });
 
     {
@@ -1761,7 +1774,7 @@ function oidcClientTsUserToTokens<DecodedIdToken extends Record<string, unknown>
     return tokens;
 }
 
-function maybeImpersonate(params: { configHash: string }) {
+function maybeImpersonate(params: { configHash: string }): { isImperativeImpersonation: boolean } {
     const { configHash } = params;
 
     const value = (() => {
@@ -1795,7 +1808,7 @@ function maybeImpersonate(params: { configHash: string }) {
     })();
 
     if (value === undefined) {
-        return;
+        return { "isImperativeImpersonation": false };
     }
 
     const arr = JSON.parse(decodeBase64(value)) as {
@@ -1845,6 +1858,8 @@ function maybeImpersonate(params: { configHash: string }) {
             })
         );
 
-        break;
+        return { "isImperativeImpersonation": true };
     }
+
+    return { "isImperativeImpersonation": false };
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -175,6 +175,7 @@ export async function createMockOidc< @@
                   }
                 : {
                       "authMethod": "silent signin"
-                  })
+                  }),
+            "isImperativeImpersonation": false
         });
     }