Credential management
This introduces a versatile system for managing user credentials within the application. It supports various authentication methods, including basic authentication, refresh tokens, and Single Sign-On (SSO), alongside utilities for credential validation, normalization, storage, and retrieval.
Key components
- Credential Types and Inputs: Defines specific types and input structures for basic, refresh, and SSO credentials, facilitating clear and type-safe credential management across different authentication flows.
- Credential Manager Interface (
CredentialManager): Specifies the contract for credential management operations, including the creation, validation, storage, and retrieval of credentials. - Default Implementation (
DefaultCredentialManager): Provides a concrete implementation of theCredentialManagerinterface, utilizing theanalyticslibrary for configurable analytics tracking. - Utility Functions: Includes functions for validating and normalizing credentials, supporting legacy credential formats, and determining the best storage mechanism based on browser capabilities.
Usage examples
Storing user credentials
import { CredentialManager, BasicCredentialsInput } from '@genesislcap/foundation-comms';
export class MyExampleComponent extends FASTElement {
@CredentialManager credentialManager: CredentialManager;
async login(username: string, password: string): Promise<void> {
const basicCredentials: BasicCredentialsInput = { username, password };
await this.credentialManager.storeCredentials(basicCredentials);
}
}
Retrieving user credentials
import { CredentialManager } from '@genesislcap/foundation-comms';
export class MyExampleClass {
@CredentialManager credentialManager: CredentialManager;
async getUserProfile(): Promise<UserProfile> {
const credentials = await this.credentialManager.getCredentials();
if (credentials) {
console.log('Retrieved credentials:', credentials);
}
}
}
Best practices
- Secure Storage and Transmission: Ensure that credentials are stored and transmitted securely, leveraging HTTPS and secure storage mechanisms provided by the browser.
- Minimize Credential Exposure: Use credentials judiciously within the application, minimizing their exposure to the client-side environment and utilizing tokens (e.g., refresh tokens, SSO tokens) wherever possible.
- Legacy Data Handling: Implement appropriate migration strategies for legacy credential formats to ensure compatibility and security, utilizing the normalization utilities provided.
Migration and compatibility
The system includes functionality for migrating legacy credential formats to the latest expectations, ensuring a smooth transition for existing applications and users. It supports a wide range of browsers while gracefully degrading in environments where certain APIs (e.g., CredentialsContainer) are not available.