Merge pull request #5166 from pedroigor/KEYCLOAK-7021

[KEYCLOAK-7021] - keycloak-authz.js and keycloak-authz.d.ts do not work with TypeScript

adapters/oidc/js/src/main/resources/keycloak-authz.d.ts

@@ -18,7 +18,7 @@
  * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
-import * as Keycloak from 'keycloak';
+import * as Keycloak from './keycloak';
 
 export as namespace KeycloakAuthorization;
 
@@ -35,6 +35,64 @@ declare namespace KeycloakAuthorization {
 		then(onGrant: (rpt: string) => void, onDeny: () => void, onError: () => void): void;
 	}
 
+    interface AuthorizationRequest {
+        /**
+         * An array of objects representing the resource and scopes.
+         */
+        permissions?:ResourcePermission[],
+
+        /**
+         * A permission ticket obtained from a resource server when using UMA authorization protocol.
+         */
+        ticket?:string,
+
+        /**
+         * A boolean value indicating whether the server should create permission requests to the resources
+         * and scopes referenced by a permission ticket. This parameter will only take effect when used together
+         * with the ticket parameter as part of a UMA authorization process.
+         */
+        submitRequest?:boolean,
+
+        /**
+         * Defines additional information about this authorization request in order to specify how it should be processed
+         * by the server.
+         */
+        metadata?:AuthorizationRequestMetadata,
+
+        /**
+         * Defines whether or not this authorization request should include the current RPT. If set to true, the RPT will
+         * be sent and permissions in the current RPT will be included in the new RPT. Otherwise, only the permissions referenced in this
+         * authorization request will be granted in the new RPT.
+         */
+        incrementalAuthorization?:boolean
+    }
+
+    interface AuthorizationRequestMetadata {
+        /**
+         * A boolean value indicating to the server if resource names should be included in the RPT’s permissions.
+         * If false, only the resource identifier is included.
+         */
+        responseIncludeResourceName?:any,
+
+        /**
+         * An integer N that defines a limit for the amount of permissions an RPT can have. When used together with
+         * rpt parameter, only the last N requested permissions will be kept in the RPT.
+         */
+        response_permissions_limit?:number
+    }
+
+    interface ResourcePermission {
+        /**
+         * The id or name of a resource.
+         */
+        id:string,
+
+        /**
+         * An array of strings where each value is the name of a scope associated with the resource.
+         */
+        scopes?:string[]
+    }
+
 	interface KeycloakAuthorizationInstance {
 		rpt: any;
 		config: { rpt_endpoint: string };
@@ -42,18 +100,23 @@ declare namespace KeycloakAuthorization {
 		init(): void;
 
 		/**
-		 * This method enables client applications to better integrate with resource servers protected by a Keycloak
+         * This method enables client applications to better integrate with resource servers protected by a Keycloak
-		 * policy enforcer.
+         * policy enforcer using UMA protocol.
-		 *
+         *
-		 * In this case, the resource server will respond with a 401 status code and a WWW-Authenticate header holding the
+         * The authorization request must be provided with a ticket.
-		 * necessary information to ask a Keycloak server for authorization data using both UMA and Entitlement protocol,
+         *
-		 * depending on how the policy enforcer at the resource server was configured.
+         * @param authorizationRequest An AuthorizationRequest instance with a valid permission ticket set.
-		 */
+         * @returns A promise to set functions to be invoked on grant, deny or error.
-		authorize(wwwAuthenticateHeader: string): KeycloakAuthorizationPromise;
+         */
+		authorize(authorizationRequest: AuthorizationRequest): KeycloakAuthorizationPromise;
 
 		/**
 		 * Obtains all entitlements from a Keycloak server based on a given resourceServerId.
+         *
+         * @param resourceServerId The id (client id) of the resource server to obtain permissions from.
+         * @param authorizationRequest An AuthorizationRequest instance.
+         * @returns A promise to set functions to be invoked on grant, deny or error.
 		 */
-		entitlement(resourceServerId: string, entitlementRequest: {}): KeycloakAuthorizationPromise;
+		entitlement(resourceServerId: string, authorizationRequest?: AuthorizationRequest): KeycloakAuthorizationPromise;
 	}
 }

adapters/oidc/js/src/main/resources/keycloak-authz.js

@@ -41,11 +41,9 @@
 
         /**
          * This method enables client applications to better integrate with resource servers protected by a Keycloak
-         * policy enforcer.
+         * policy enforcer using UMA protocol.
          *
-         * In this case, the resource server will respond with a 401 status code and a WWW-Authenticate header holding the
+         * The authorization request must be provided with a ticket.
-         * necessary information to ask a Keycloak server for authorization data using both UMA and Entitlement protocol,
-         * depending on how the policy enforcer at the resource server was configured.
          */
         this.authorize = function (authorizationRequest) {
             this.then = function (onGrant, onDeny, onError) {
@@ -205,6 +203,8 @@
         };
 
         this.init(this);
+
+        return this;
     };
 
     if ( typeof module === "object" && module && typeof module.exports === "object" ) {