Adobe I/O Lib Core IMS Library

The Adobe I/O Lib Core IMS Library helps interacting with the IMS API as well as creating and invalidating tokens. To support multiple use cases and environments, there is not a single configuration managed by this library but multiple configurations called IMS configuration contexts. Each configuration context holds configuration data needed to create tokens. See the Configuration section below.

Installation

To install the Adobe I/O Lib Core IMS Library, simple use npm:

$ npm install @adobe/aio-lib-core-ims --save

Quickstart

Before using the AIO Lib Core IMS Library you need to create an integration on Adobe I/O Console from where you can the grab the integration details to setup a first configuration context. Let's use an OAuth2 integration as an example:

const { context, getToken } = require('@adobe/aio-lib-core-ims');

const config = {
  callback_url: "https://callback.example.org",
  client_id: "123456cafebabe",
  client_secret: "12345678-cafe-babe-cafe-9999",
  scope: "openid"
};
context.set('example', config, true);
context.current = 'example';

const token = getToken();
const tokenDecoded = getTokenData(token);

See the API Documentation for full details.

Configuration

The AIO Lib Core IMS Library is leveraging the Configuration module for use by aio-cli plugins to maintain the login configuration and keep access and refresh tokens for reuse before they expire.

All configuration is stored in a single semi-hidden $ims root property.

The plugin supports maintaining multiple configurations for different use cases. Each such configuration is stored in its own named object with the $ims configuration. Such a configuration is called an IMS (configuration) context and has a label which allows to refer to the configuration by name.

To simplify usage, there may be a designated current context which is always used if explicit context is not given to the command. Inside the $ims configuration object, the name of the current context is stored in the $current property.

Here is an example $ims configuration

{
  $ims: {
    sample_jwt: {
      client_id: "<jwt-clientid>",
      client_secret: "XXX",
      techacct: "<guid>@techacct.adobe.com",
      meta_scopes: [
        "ent_dataservices_sdk"
      ],
      ims_org_id: "<org-guid>@AdobeOrg",
      private_key: "XXX"
    },
    sample_oauth2: {
      callback_url: "https://callback.example.com",
      client_id: "<oauth2-clientid>",
      client_secret: "XXX",
      scope: "openid AdobeID"
    },
    $current: "sample_oauth2",
    $plugins: [
      "sample-aio-lib-ims-plugin"
    ]
  }
}

This configuration lists two configuration contexts sample_jwt and sample_oauth2 designating the sample_oauth2 configuration to be the current context.

IMS Environment

The use of IMS environments is reserved to Adobe use. For information it is indicated by the env configuration context property and takes one of the values prod and stage. The default value is prod. In general, you do not need to deal with this property.

JWT Configuration

JWT (service to service integration) configuration requires the following properties:

OAuth2 Configuration

OAuth2 configuration requires the following properties:

Adding Configuration Support

The AIO Lib Core IMS Library handles common tasks around tokens by itself. This includes storing access and refresh tokens in the configuration context, checking those tokens for expiry, and refreshing as needed. Only when an access token (and a refresh token) needs to be created anew from the configuration context credentials, do the plugins come into play.

When a new access token needs to be created from credentials, the IMS Library implements the following algorithm:

• Collect the AIO Lib Core IMS Library plugins
• Iterate over this collection and for each plugin do:
  • require the plugin
  • Call the plugin's supports(config) function with the configuration context
  • If supports(config) returns true then call the plugin's imsLogin(ims, config, force) function with an instance of the Ims class, the configuration context, and a boolean flag described below in Forced imsLogin.

From this algorithm we can derive the following requirements for a plugin:

• MUST be installed and available to the require function of the AIO Lib Core IMS Library.

• MUST set the script to be loaded by require-ing the plugin's root folder in the package.json#/main property (this is actually how require loads the package's main script when using the folder containing the package.json file).

• MUST export an object from this script with the following two properties being functions:

  Property	Signature	Description
  supports	(config) => boolean	Given the IMS configuration context, returns true if the configuration can be used for the plugins login mechanism.
  imsLogin	(ims, config, force) => Promise	Given the Ims instance and the IMS configuration context implement the authentication with IMS and return a Promise resolving to a token object. See Forced imsLogin for details on the force parameter.

Forced imsLogin

Some plugins support an OAuth2 login mechanism where the actual account for which an access token is generated depends on the user input. For example the OAuth2 plugin implements an ExpressJS application to implemented the three legged OAuth2 flow. During this flow the user enters their credentials for IMS to validate.

Typically IMS will set some cookies to cache the login state in the browser to improve the user experience in a standard OAUth2 web application. In CLI contexts it might not always be desired to always get a token for the same user, particularly in testing scenarios.

To allow changing user identity in the OAuth2 plugin or to prevent reusing cached information, the force flag to the imsLogin function indicates whether to clean the caches before logging in. true meaning to clean the cache, while false indicates that using the cached information is just fine.

imsLogin Promise

The promise returned form imsLogin must resolve to a token object having the following general structure:

{
  access_token: {
    token: <token-value>,
    expiry: <token-expiry-time-in-ms-since-epoch>
  },
  refresh_token: {
    token: <token-value>,
    expiry: <token-expiry-time-in-ms-since-epoch>
  },
  ...<more properties>...
}

The access_token object containing the token value and expiry time is required and login will fail if this property is missing. The refresh_token is optional and may not always be present. Any additional properties are currently ignored.

The Ims.exchangeJwtToken() and Ims.getAccessToken() functions both return a Promise resolving to a token object as expected to be returned from the imsLogin function.

Implementing Plugins

Since plugins are accessed using standard require , one npm package only provides exactly one IMS plugin extension. Multiple plugins must be implemented in separate plugins. The configuration support modules for JWT and OAuth2 are two such packages. The IMS Library has a dependency on the JWT and OAuth2 plugins and will always try to use those.

Additional plugins must be npm install-ed and listed in the $ims/$plugins array property. This can easily be done in the package postinstall script like this:

const { context } = require('@adobe/aio-lib-core-ims');
context.plugins = context.plugins.push(process.env.npm_package_name);

NOTE: You want to actually first check whether the plugin is already listed, and you might also want to provide a preuninstall script to remove the plugin from the list again when being uninstalled.

Contributing

Contributions are welcomed! Read the Contributing Guide for more information.

Licensing

This project is licensed under the Apache V2 License. See LICENSE for more information.