FredericHeem/starhackit

class MyAdapter {
  /**
   *
   * Creates an instance of MyAdapter for an oidc-provider model.
   *
   * @constructor
   * @param {string} name Name of the oidc-provider model. One of "Grant, "Session", "AccessToken",
   * "AuthorizationCode", "RefreshToken", "ClientCredentials", "Client", "InitialAccessToken",
   * "RegistrationAccessToken", "DeviceCode", "Interaction", "ReplayDetection",
   * "BackchannelAuthenticationRequest", or "PushedAuthorizationRequest"
   *
   */
  constructor(name) {
    console.log("MyAdapter", name);
  }

  /**
   *
   * Update or Create an instance of an oidc-provider model.
   *
   * @return {Promise} Promise fulfilled when the operation succeeded. Rejected with error when
   * encountered.
   * @param {string} id Identifier that oidc-provider will use to reference this model instance for
   * future operations.
   * @param {object} payload Object with all properties intended for storage.
   * @param {integer} expiresIn Number of seconds intended for this model to be stored.
   *
   */
  async upsert(id, payload, expiresIn) {
    console.log("upsert", id, payload);

    /**
     *
     * When this is one of AccessToken, AuthorizationCode, RefreshToken, ClientCredentials,
     * InitialAccessToken, RegistrationAccessToken or DeviceCode the payload will contain the
     * following properties:
     *
     * Note: This list is not exhaustive and properties may be added in the future, it is highly
     * recommended to use a schema that allows for this.
     *
     * - jti {string} - unique identifier of the token
     * - kind {string} - token class name
     * - exp {number} - timestamp of the token's expiration
     * - iat {number} - timestamp of the token's creation
     * - accountId {string} - account identifier the token belongs to
     * - clientId {string} - client identifier the token belongs to
     * - aud {string} - audience of a token
     * - authTime {number} - timestamp of the end-user's authentication
     * - claims {object} - claims parameter (see claims in OIDC Core 1.0)
     * - extra {object} - extra claims returned by the extraTokenClaims helper
     * - codeChallenge {string} - client provided PKCE code_challenge value
     * - codeChallengeMethod {string} - client provided PKCE code_challenge_method value
     * - sessionUid {string} - uid of a session this token stems from
     * - expiresWithSession {boolean} - whether the token is valid when session expires
     * - grantId {string} - grant identifier
     * - nonce {string} - random nonce from an authorization request
     * - redirectUri {string} - redirect_uri value from an authorization request
     * - resource {string|string[]} - resource indicator value(s) (auth code, device code, refresh token)
     * - rotations {number} - [RefreshToken only] - number of times the refresh token was rotated
     * - iiat {number} - [RefreshToken only] - the very first (initial) issued at before rotations
     * - acr {string} - authentication context class reference value
     * - amr {string[]} - Authentication methods references
     * - scope {string} - scope value from an authorization request
     * - sid {string} - session identifier the token comes from
     * - 'x5t#S256' {string} - X.509 Certificate SHA-256 Thumbprint of a certificate bound access or
     *     refresh token
     * - 'jkt' {string} - JWK SHA-256 Thumbprint (according to [RFC7638]) of a DPoP bound
     *     access or refresh token
     * - gty {string} - [AccessToken, RefreshToken only] space delimited grant values, indicating
     *     the grant type(s) they originate from (implicit, authorization_code, refresh_token or
     *     device_code) the original one is always first, second is refresh_token if refreshed
     * - params {object} - [DeviceCode and BackchannelAuthenticationRequest only] an object with the
     *     authorization request parameters as requested by the client with device_authorization_endpoint
     * - userCode {string} - [DeviceCode only] user code value
     * - deviceInfo {object} - [DeviceCode only] an object with details about the
     *     device_authorization_endpoint request
     * - inFlight {boolean} - [DeviceCode only]
     * - error {string} - [DeviceCode and BackchannelAuthenticationRequest only] - error from authnz to be
     *     returned to the polling client
     * - errorDescription {string} - [DeviceCode and BackchannelAuthenticationRequest only] - error_description
     *     from authnz to be returned to the polling client
     * - policies {string[]} - [InitialAccessToken, RegistrationAccessToken only] array of policies
     * - request {string} - [PushedAuthorizationRequest only] Pushed Request Object value
     * - dpopJkt {string} - [PushedAuthorizationRequest only] Calculated or provided dpop_jkt parameter
     * - trusted {boolean} - [PushedAuthorizationRequest only] Whether the parameters in the PAR object
     *     were coming from an authenticated request or an authenticated source.
     *
     * Client model will only use this when registered through Dynamic Registration features and
     * will contain all client properties.
     *
     * Grant model payload contains the following properties:
     * - jti {string} - Grant's unique identifier
     * - kind {string} - "Grant" fixed string value
     * - exp {number} - timestamp of the grant's expiration. exp will be missing when expiration
     *     is not configured on the Grant model.
     * - iat {number} - timestamp of the grant's creation
     * - accountId {string} - the grant account identifier
     * - clientId {string} - client identifier the grant belongs to
     * - openid {object}
     * - openid.scope {string} - Granted OpenId Scope value
     * - openid.claims {string[]} - Granted OpenId Claim names
     * - resources {object}
     * - resources[resourceIndicator] {string} - Granted Scope value for a Resource Server
     *     (indicated by its resource indicator value)
     * - resources {object}
     * - rejected.openid {object}
     * - rejected.openid.scope {string} - Rejected OpenId Scope value
     * - rejected.openid.claims {string[]} - Rejected OpenId Claim names
     * - rejected.resources {object}
     * - rejected.resources[resourceIndicator] {string} - Rejected Scope value for a Resource Server
     *     (indicated by its resource indicator value)
     *
     * OIDC Session model payload contains the following properties:
     * - jti {string} - Session's unique identifier, it changes on some occasions
     * - uid {string} - Session's unique fixed internal identifier
     * - kind {string} - "Session" fixed string value
     * - exp {number} - timestamp of the session's expiration
     * - iat {number} - timestamp of the session's creation
     * - accountId {string} - the session account identifier
     * - authorizations {object} - object with session authorized clients and their session identifiers
     * - loginTs {number} - timestamp of user's authentication
     * - acr {string} - authentication context class reference value
     * - amr {string[]} - Authentication methods references
     * - transient {boolean} - whether the session is using a persistant or session cookie
     * - state: {object} - temporary objects used for one-time csrf and state persistance between
     *     form submissions
     *
     * Short-lived Interaction model payload contains the following properties:
     * - jti {string} - unique identifier of the interaction session
     * - kind {string} - "Interaction" fixed string value
     * - exp {number} - timestamp of the interaction's expiration
     * - iat {number} - timestamp of the interaction's creation
     * - returnTo {string} - after resolving interactions send the user-agent to this url
     * - deviceCode {string} - [DeviceCode user flows only] deviceCode reference
     * - params {object} - parsed recognized parameters object
     * - lastSubmission {object} - previous interaction result submission
     * - trusted {string[]} - parameter names that come from a trusted source
     * - result {object} - interaction results object is expected here
     * - grantId {string} - grant identifier if there's a preexisting one
     * - cid {string} - correlating identifier for the Authorization request
     * - session {object}
     * - session.uid {string} - uid of the session this Interaction belongs to
     * - session.cookie {string} - jti of the session this Interaction belongs to
     * - session.acr {string} - existing acr of the session Interaction belongs to
     * - session.amr {string[]} - existing amr of the session Interaction belongs to
     * - session.accountId {string} - existing account id from the seession Interaction belongs to
     *
     * Replay prevention ReplayDetection model contains the following properties:
     * - jti {string} - unique identifier of the replay object
     * - kind {string} - "ReplayDetection" fixed string value
     * - exp {number} - timestamp of the replay object cache expiration
     * - iat {number} - timestamp of the replay object cache's creation
     */
  }

  /**
   *
   * Return previously stored instance of an oidc-provider model.
   *
   * @return {Promise} Promise fulfilled with what was previously stored for the id (when found and
   * not dropped yet due to expiration) or falsy value when not found anymore. Rejected with error
   * when encountered.
   * @param {string} id Identifier of oidc-provider model
   *
   */
  async find(id) {
    console.log("find", id);
    return {
      client_id: id,
      client_secret: process.env.OAUTH2_CLIENT_SECRET ?? "bar",
    };
  }

  /**
   *
   * Return previously stored instance of DeviceCode by the end-user entered user code. You only
   * need this method for the deviceFlow feature
   *
   * @return {Promise} Promise fulfilled with the stored device code object (when found and not
   * dropped yet due to expiration) or falsy value when not found anymore. Rejected with error
   * when encountered.
   * @param {string} userCode the user_code value associated with a DeviceCode instance
   *
   */
  async findByUserCode(userCode) {
    console.log("findByUserCode TODO", userCode);
  }

  /**
   *
   * Return previously stored instance of Session by its uid reference property.
   *
   * @return {Promise} Promise fulfilled with the stored session object (when found and not
   * dropped yet due to expiration) or falsy value when not found anymore. Rejected with error
   * when encountered.
   * @param {string} uid the uid value associated with a Session instance
   *
   */
  async findByUid(uid) {
    console.log("findByUid TODO", uid);
  }

  /**
   *
   * Mark a stored oidc-provider model as consumed (not yet expired though!). Future finds for this
   * id should be fulfilled with an object containing additional property named "consumed" with a
   * truthy value (timestamp, date, boolean, etc).
   *
   * @return {Promise} Promise fulfilled when the operation succeeded. Rejected with error when
   * encountered.
   * @param {string} id Identifier of oidc-provider model
   *
   */
  async consume(id) {
    console.error("consume TODO", consume);
  }

  /**
   *
   * Destroy/Drop/Remove a stored oidc-provider model. Future finds for this id should be fulfilled
   * with falsy values.
   *
   * @return {Promise} Promise fulfilled when the operation succeeded. Rejected with error when
   * encountered.
   * @param {string} id Identifier of oidc-provider model
   *
   */
  async destroy(id) {
    console.error("destroy TODO", id);
  }

  /**
   *
   * Destroy/Drop/Remove a stored oidc-provider model by its grantId property reference. Future
   * finds for all tokens having this grantId value should be fulfilled with falsy values.
   *
   * @return {Promise} Promise fulfilled when the operation succeeded. Rejected with error when
   * encountered.
   * @param {string} grantId the grantId value associated with a this model's instance
   *
   */
  async revokeByGrantId(grantId) {
    console.error("revokeByGrantId TODO", grantId);
  }
}

module.exports = MyAdapter;