SDK to interact with the iam service

Usage no npm install needed!

<script type="module">
  import vendastaIam from 'https://cdn.skypack.dev/@vendasta/iam';




login(email: string, password: string, personaType?: PersonaType, partnerId?: string): Observable<string>

Login accepts an email and password to use to attempt to auth a user. If personaType isn't specified, IAM will attempt to auth the email and password combo against any of the associated personas. If personaType and optionally partnerId are specified, IAM will auth against that persona specifically.


logout(): Observable<boolean>

Logout will clear the user's cookies on IAM's side. Returns true if successful.

SSO Login

ssoLogin(nextUrl: string, personaType: PersonaType, partnerId?: string): void

SSOLogin will redirect the user's browser to IAM's SSOLogin page. IAM handles all of the oauth google has in place for getting a session using your gmail account (and the whitelabeling of the domain requesting access). Once IAM is done handling those requests, IAM will then attempt to find the persona specified in this endpoint (the personaType and partnerId combination). If IAM fails to find a persona, it will redirect to the nextUrl with error and status query params indicating why it failed. If IAM is successful in finding the appropriate persona for the request, it will redirect to the nextUrl with a session_id query param. You will then have to take this session_id and set up the user's session with it, in the same fashion you would have set up the session from the response of the Login endpoint.

Get Subject By Session

getSubjectBySession(sessionId: string, personaType: PersonaType, partnerId?: string): Observable<BasePersona>

Specify the personaType and optionally the partnerId for the persona you'd like to retrieve using the sessionId. This endpoint returns a BasePersona which is the base class that all Personas inherit. To gain access to the attributes of a specific persona, you will need to cast the persona as the requested type.

import {BasePersona, PartnerPersona, PersonaType} from '@vendasta/core/iam'

this.iamClient.getSubjectBySession('...sessionId...', PersonaType.partner)
  .map((persona: BasePersona) => persona as PartnerPersona)

Get Logged In Subject

getLoggedInSubject(personaType: PersonaType, partnerId?: string): Observable<BasePersona>

Works identically to getSubjectBySession except it grabs the current session being served by the SessionService.

List Personas

listPersonas(sessionId: string, personaType?: PersonaType): Observable<BasePersona[]>

Given a sessionId, listPersonas will find and return all available personas for the session. Optionally specify a personaType to filter the results by only that type of persona. List personas will return a list of all the personas it found. This endpoint returns BasePersona and thus they will need to be casted to their appropriate PersonaTypes to gain access to the attributes.

import {BasePersona, PartnerPersona, PersonaType, SMBPersona} from '@vendasta/core/iam'

  .subscribe((personas: BasePersona[]) => {
    for (const persona of personas) {
      switch(persona.type) {
        case PartnerType.partner:
          const p: PartnerPersona = (persona as PartnerPersona);
        case PartnerType.smb:
          const p: SMBPersona = (persona as SMBPersona);

List Logged In Personas

listLoggedInPersonas(personaType?: PersonaType): Observable<BasePersona[]>

Works identically to listPersonas except it grabs the current session being served by the SessionService.

Get Token

getToken(): Observable<string>

Get token will refresh the 30 minute temporary session a user may have, returning the new sessionId.

Get Multi Users

getMultiUsers(userIdentifiers: UserIdentifierInterface[]): Observable<User[]>

This function takes in an array of user identifiers and converts them (via API) into their respective Users that are stored in IAM. UserIdentifiers are an object containing one of the following:

userId - the user id of a user. This directly identifies the user in our system. token - a token for a user signed by the platform. These tokens include: the session token from IAM (i.e. the session part of the namespaced_session UserIdentifier), as well as access token or identity tokens from SSO.

Deprecated identifiers: namespacedEmail - an email address scoped to a namespace. A namespace is the id of a partner. Prefer to use user id instead, to avoid handling emails and for a more stable user identifier namespacedSession - a session string scoped to a namespace. Use token instead, as sesson is valid token, and namespace is ignored.

List security logs

listSecurityLogs(userId: string, cursor?: string, pageSize?: number, actionId = ''): Observable<ListSecurityLogsResponse>

This function returns security logs for a userId passed in. This is a paged function, but the handling of paged information is left to the implementor (for now). Use the cursor to call this function again and retrieve a new observable of the response to your call.

List Users

listUsers(namespace: string, email?: string, cursor?: string, pageSize?: number): Observable<ListUsersResponse>

ListUsers returns users for a namespace passed in. This is a paged function, but the handling of paged information is left to the implementor (for now). An empty namespace will return users that exist outside of a namespace.