How to use the @authx/authx.AuthenticationError function in @authx/authx
To help you get started, we’ve selected a few @authx/authx examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
the-control-group / authx / packages / strategy-openid / src / server / graphql / mutation / authenticateOpenId.ts View on Github 
throw new ForbiddenError("You area already authenticated.");
}
const tx = await pool.connect();
try {
await tx.query("BEGIN DEFERRABLE");
// Fetch the authority.
const authority = await Authority.read(
tx,
args.authorityId,
authorityMap
);
if (!(authority instanceof OpenIdAuthority)) {
throw new AuthenticationError(
"The authority uses a strategy other than openid."
);
}
// Fetch the ID token.
const requestBody = new FormData();
requestBody.append("grant_type", "authorization_code");
requestBody.append("client_id", authority.details.clientId);
requestBody.append("client_secret", authority.details.clientSecret);
requestBody.append("code", args.code);
requestBody.append(
"redirect_uri",
`${base}?authorityId=${args.authorityId}`
);
const response = await fetch(authority.details.tokenUrl, {__DEV__ ? "Unable to find user identity." : undefined
);
}
// Get the credential.
const credential = await authority.credential(tx, userId);
if (!credential) {
throw new AuthenticationError(
__DEV__ ? "No such credential exists." : undefined
);
}
// Check the password.
if (!(await compare(args.password, credential.details.hash))) {
throw new AuthenticationError(
__DEV__ ? "The password is incorrect." : undefined
);
}
const authorizationId = v4();
const values = {
currentAuthorizationId: authorizationId,
currentUserId: credential.userId,
currentGrantId: null,
currentClientId: null
};
// Make sure the user can create new authorizations.
const user = await User.read(tx, credential.userId);
if (AND replacement_record_id IS NULL
`,
[args.identityAuthorityId, args.identityAuthorityUserId]
);
if (results.rows.length > 1) {
throw new Error(
"INVARIANT: There cannot be more than one active credential with the same authorityId and authorityUserId."
);
}
userId = results.rows.length ? results.rows[0].user_id : null;
}
if (!userId) {
throw new AuthenticationError(
__DEV__ ? "Unable to find user identity." : undefined
);
}
// Get the credential.
const credential = await authority.credential(tx, userId);
if (!credential) {
throw new AuthenticationError(
__DEV__ ? "No such credential exists." : undefined
);
}
// Check the password.
if (!(await compare(args.password, credential.details.hash))) {
throw new AuthenticationError(throw new ForbiddenError("You area already authenticated.");
}
const tx = await pool.connect();
try {
await tx.query("BEGIN DEFERRABLE");
// fetch the authority
const authority = await Authority.read(
tx,
args.authorityId,
authorityMap
);
if (!(authority instanceof EmailAuthority)) {
throw new AuthenticationError(
__DEV__
? "The authority uses a strategy other than email."
: undefined
);
}
// get the credential
const credential = await authority.credential(tx, args.email);
if (!credential) {
throw new AuthenticationError(
__DEV__ ? "No such credential exists." : undefined
);
}
// The user already has a proof that she controls the email.
const { proof } = args;}
userId = results.rows.length ? results.rows[0].user_id : null;
}
if (!userId) {
throw new AuthenticationError(
__DEV__ ? "Unable to find user identity." : undefined
);
}
// Get the credential.
const credential = await authority.credential(tx, userId);
if (!credential) {
throw new AuthenticationError(
__DEV__ ? "No such credential exists." : undefined
);
}
// Check the password.
if (!(await compare(args.password, credential.details.hash))) {
throw new AuthenticationError(
__DEV__ ? "The password is incorrect." : undefined
);
}
const authorizationId = v4();
const values = {
currentAuthorizationId: authorizationId,
currentUserId: credential.userId,throw new ForbiddenError("You area already authenticated.");
}
const tx = await pool.connect();
try {
await tx.query("BEGIN DEFERRABLE");
// Fetch the authority.
const authority = await Authority.read(
tx,
args.passwordAuthorityId,
authorityMap
);
if (!(authority instanceof PasswordAuthority)) {
throw new AuthenticationError(
__DEV__
? "The authority uses a strategy other than password."
: undefined
);
}
// Find the user ID given identityAuthorityId and identityAuthorityUserId.
let userId: string | null;
if (args.identityAuthorityId === authority.id) {
userId = args.identityAuthorityUserId;
} else {
const results = await tx.query(
`
SELECT user_id
FROM authx.credential_record
WHEREargs.authorityId,
authorityMap
);
if (!(authority instanceof EmailAuthority)) {
throw new AuthenticationError(
__DEV__
? "The authority uses a strategy other than email."
: undefined
);
}
// get the credential
const credential = await authority.credential(tx, args.email);
if (!credential) {
throw new AuthenticationError(
__DEV__ ? "No such credential exists." : undefined
);
}
// The user already has a proof that she controls the email.
const { proof } = args;
if (proof) {
if (
!authority.details.publicKeys.some(key => {
try {
const payload = jwt.verify(proof, key, {
algorithms: ["RS512"]
});
// Make sure we're using the same email
if ((payload as any).email !== args.email) {{
...role,
userIds: [...role.userIds, user.id]
},
{
recordId: v4(),
createdByAuthorizationId: authorizationId,
createdAt: new Date()
}
)
);
}
}
if (!credential) {
throw new AuthenticationError("No such credential exists.");
}
const values = {
currentAuthorizationId: authorizationId,
currentUserId: credential.userId,
currentGrantId: null,
currentClientId: null
};
// Make sure the user can create new authorizations.
const user = await User.read(tx, credential.userId);
if (
!isSuperset(
await user.access(tx, values),
createV2AuthXScope(
realm,@authx/authx
This is AuthX. It's named AuthX because it's an "exchange" of sorts, consolidating identities from several upstream authorities into a single identity for downstream clients. AuthX uses the OAuth2 framework in both directions, and adds a robust access con
Package Health Score
73 / 100Popular @authx/authx functions
- @authx/authx.AuthenticationError
- @authx/authx.Authority.read
- @authx/authx.Authorization
- @authx/authx.Authorization.write
- @authx/authx.Client.write
- @authx/authx.Credential.read
- @authx/authx.ForbiddenError
- @authx/authx.Grant.write
- @authx/authx.NotFoundError
- @authx/authx.Role
- @authx/authx.Role.read
- @authx/authx.Role.write
- @authx/authx.StrategyCollection
- @authx/authx.User.read
- @authx/authx.User.write
- @authx/authx.validateIdFormat
- @authx/authx.ValidationError
- @authx/authx/dist/util/explanations.match
- @authx/authx/dist/util/scopes.createV2AuthXScope
- @authx/authx