JavaScript client-side API JavaScript Reference: Class WLAuthorizationManager

Class WLAuthorizationManager

WLAuthorizationManager

JavaScript File:: wlauthorizationmanager.js

Description:

The WLAuthorizationManager class is instantiated as a singleton and can be used anywhere in the application to obtain the client ID and authorization header. It is also called internally to handle MobileFirst OAuth-based security model protocol.

All functions of the authorization manager are asynchronous and return a promise object.

The WLAuthorizationManager and WLResourceRequest classes are supported for the following environments only: Android, iOS, Windows 8.1, Window 10 UWP and Web.

Constructor Summary
Constructor Attributes	Constructor Name and Description
	WLAuthorizationManager()

Method Summary
Method Attributes	Method Name and Description
	clearAccessToken(accessToken) Clears the provided access token.
	getAuthorizationServerUrl() Retrieves the URL of the authorization server.
	getResourceScope(responseHeaders) Returns the scope of the protected resource for the provided response headers.
	isAuthorizationRequired(responseStatus, responseHeaders) Checks whether the provided response status and headers represent a protected resource that requires authorization.
	login(securityCheck, credentials) Logs into the specified security check.
	logout(securityCheck) Logs out of the specified security check.
	obtainAccessToken(scope) Obtains an access token for the specified resource scope from the MobileFirst authorization server.
	setAuthorizationServerUrl(url) Sets the URL of the authorization server.

Constructor Detail

WLAuthorizationManager

WLAuthorizationManager()

Method Detail

clearAccessToken

clearAccessToken(accessToken)

Clears the provided access token.
. Note: When failing to access a resource with an obtained token, call the {@code clearAccessToken} method to clear the invalid token before calling #obtainAccessToken(String) to obtain a new access token.

Parameters:: {Object} accessToken - Mandatory - Access token to clear.

Returns:: A promise object.

getAuthorizationServerUrl

{, } getAuthorizationServerUrl()

Retrieves the URL of the authorization server.

Returns:: Returns the URL of the current authorization server, as a String.; A promise object.

getResourceScope

getResourceScope(responseHeaders)

Returns the scope of the protected resource for the provided response headers.
Note: Call this method only for response headers for which {@link #isAuthorizationRequired(int, Map)} returns {@code true}, indicating that the resource is protected.

Parameters:: {String} responseHeaders - Mandatory. A String representation of the response headers separated by CRLF, as returned from XMLHttpRequest.getAllResponseHeaders().

Returns:: The protecting scope of the target resource, as returned in the {@code WWW-Authenticate} HTTP response header.

isAuthorizationRequired

isAuthorizationRequired(responseStatus, responseHeaders)

Checks whether the provided response status and headers represent a protected resource that requires authorization.

Parameters:: {Integer} responseStatus - Mandatory. Specifies the response status code.; {String} responseHeaders - Mandatory. A String representation of the response headers separated by CRLF, as returned from XMLHttpRequest.getAllResponseHeaders().

Returns:: A boolean value, indicating whether authorization is required (true), or not (false).

login(securityCheck, credentials)

Logs into the specified security check.

Parameters:: {String} securityCheck - Mandatory. Name of the security check to log into.; {Object} credentials - Mandatory. Credentials for logging into the specified security check.

Returns:: A promise object that can be used to login asynchronously.

logout

logout(securityCheck)

Logs out of the specified security check.

Parameters:: {String} securityCheck - Mandatory. Name of the security check to log out of.

Returns:: A promise object that can be used to logout asynchronously.

obtainAccessToken

obtainAccessToken(scope)

Obtains an access token for the specified resource scope from the MobileFirst authorization server.

Parameters:: {String} scope - Optional. Scope for which to obtain the access token.

Returns:: A promise object that can be used to receive the access token asynchronously. The access token is sent as an object with the following properties: scope - the scope which the access token was obtained for. value - the access token value. asAuthorizationRequestHeaderField - the access token value required for an authorization header. asFormEncodedBodyParameter - the access token value required for the HTTP-request entity body.

Example:

WLAuthorizationManager.obtainAccessToken(scope)
.then (
  function(accessToken) {
	   // success flow with the access token
  },
  function(error) {
    // failure flow
  }
);

setAuthorizationServerUrl

setAuthorizationServerUrl(url)

Sets the URL of the authorization server. When this method is not called, the MobileFirst Server URL is used.

Parameters:: {String} url - Mandatory. URL of the authorization server to set.

Returns:: A promise object.