wekan/packages/wekan-oidc/oidc_server.js

Oidc = {};
httpCa = false;

if (process.env.OAUTH2_CA_CERT !== undefined) {
    try {
        const fs = Npm.require('fs');
        if (fs.existsSync(process.env.OAUTH2_CA_CERT)) {
          httpCa = fs.readFileSync(process.env.OAUTH2_CA_CERT);
        }
    } catch(e) {
	console.log('WARNING: failed loading: ' + process.env.OAUTH2_CA_CERT);
	console.log(e);
    }
}

OAuth.registerService('oidc', 2, null, function (query) {

  var debug = process.env.DEBUG || false;
  var token = getToken(query);
  if (debug) console.log('XXX: register token:', token);

  var accessToken = token.access_token || token.id_token;
  var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10));

  var claimsInAccessToken = (process.env.OAUTH2_ADFS_ENABLED === 'true' || process.env.OAUTH2_ADFS_ENABLED === true) || false;

  var userinfo;
  if(claimsInAccessToken)
  {
    // hack when using custom claims in the accessToken. On premise ADFS
    userinfo = getTokenContent(accessToken);
  }
  else
  {
    // normal behaviour, getting the claims from UserInfo endpoint.
    userinfo = getUserInfo(accessToken);
  }

  if (userinfo.ocs) userinfo = userinfo.ocs.data; // Nextcloud hack
  if (userinfo.metadata) userinfo = userinfo.metadata // Openshift hack
  if (debug) console.log('XXX: userinfo:', userinfo);

  var serviceData = {};
  serviceData.id = userinfo[process.env.OAUTH2_ID_MAP]; // || userinfo["id"];
  serviceData.username = userinfo[process.env.OAUTH2_USERNAME_MAP]; // || userinfo["uid"];
  serviceData.fullname = userinfo[process.env.OAUTH2_FULLNAME_MAP]; // || userinfo["displayName"];
  serviceData.accessToken = accessToken;
  serviceData.expiresAt = expiresAt;

  // If on Oracle OIM email is empty or null, get info from username
  if (process.env.ORACLE_OIM_ENABLED === 'true' || process.env.ORACLE_OIM_ENABLED === true) {
    if (userinfo[process.env.OAUTH2_EMAIL_MAP]) {
      serviceData.email = userinfo[process.env.OAUTH2_EMAIL_MAP];
    } else {
      serviceData.email = userinfo[process.env.OAUTH2_USERNAME_MAP];
    }
  }

  if (process.env.ORACLE_OIM_ENABLED !== 'true' && process.env.ORACLE_OIM_ENABLED !== true) {
    serviceData.email = userinfo[process.env.OAUTH2_EMAIL_MAP]; // || userinfo["email"];
  }

  if (accessToken) {
    var tokenContent = getTokenContent(accessToken);
    var fields = _.pick(tokenContent, getConfiguration().idTokenWhitelistFields);
    _.extend(serviceData, fields);
  }

  if (token.refresh_token)
    serviceData.refreshToken = token.refresh_token;
  if (debug) console.log('XXX: serviceData:', serviceData);

  var profile = {};
  profile.name = userinfo[process.env.OAUTH2_FULLNAME_MAP]; // || userinfo["displayName"];
  profile.email = userinfo[process.env.OAUTH2_EMAIL_MAP]; // || userinfo["email"];
  if (debug) console.log('XXX: profile:', profile);

  return {
    serviceData: serviceData,
    options: { profile: profile }
  };
});

var userAgent = "Meteor";
if (Meteor.release) {
  userAgent += "/" + Meteor.release;
}

if (process.env.ORACLE_OIM_ENABLED !== 'true' && process.env.ORACLE_OIM_ENABLED !== true) {
  var getToken = function (query) {
    var debug = process.env.DEBUG || false;
    var config = getConfiguration();
    if(config.tokenEndpoint.includes('https://')){
      var serverTokenEndpoint = config.tokenEndpoint;
    }else{
      var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint;
    }
    var requestPermissions = config.requestPermissions;
    var response;

    try {
      var postOptions = {
          headers: {
            Accept: 'application/json',
            "User-Agent": userAgent
          },
          params: {
            code: query.code,
            client_id: config.clientId,
            client_secret: OAuth.openSecret(config.secret),
            redirect_uri: OAuth._redirectUri('oidc', config),
            grant_type: 'authorization_code',
            state: query.state
          }
        };
      if (httpCa) {
	postOptions['npmRequestOptions'] = { ca: httpCa };
      }
      response = HTTP.post(serverTokenEndpoint, postOptions);
    } catch (err) {
      throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message),
        { response: err.response });
    }
    if (response.data.error) {
      // if the http response was a json object with an error attribute
      throw new Error("Failed to complete handshake with OIDC " + serverTokenEndpoint + ": " + response.data.error);
    } else {
      if (debug) console.log('XXX: getToken response: ', response.data);
      return response.data;
    }
  };
}

if (process.env.ORACLE_OIM_ENABLED === 'true' || process.env.ORACLE_OIM_ENABLED === true) {

  var getToken = function (query) {
    var debug = (process.env.DEBUG === 'true' || process.env.DEBUG === true) || false;
    var config = getConfiguration();
    if(config.tokenEndpoint.includes('https://')){
      var serverTokenEndpoint = config.tokenEndpoint;
    }else{
      var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint;
    }
    var requestPermissions = config.requestPermissions;
    var response;

    // OIM needs basic Authentication token in the header - ClientID + SECRET in base64
    var dataToken=null;
    var strBasicToken=null;
    var strBasicToken64=null;

    dataToken = process.env.OAUTH2_CLIENT_ID + ':' + process.env.OAUTH2_SECRET;
    strBasicToken = new Buffer(dataToken);
    strBasicToken64 = strBasicToken.toString('base64');

    // eslint-disable-next-line no-console
    if (debug) console.log('Basic Token: ', strBasicToken64);

    try {
      var postOptions = {
          headers: {
            Accept: 'application/json',
            "User-Agent": userAgent,
            "Authorization": "Basic " + strBasicToken64
          },
          params: {
            code: query.code,
            client_id: config.clientId,
            client_secret: OAuth.openSecret(config.secret),
            redirect_uri: OAuth._redirectUri('oidc', config),
            grant_type: 'authorization_code',
            state: query.state
          }
        };
      if (httpCa) {
	postOptions['npmRequestOptions'] = { ca: httpCa };
      }
      response = HTTP.post(serverTokenEndpoint, postOptions);
    } catch (err) {
      throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message),
        { response: err.response });
    }
    if (response.data.error) {
      // if the http response was a json object with an error attribute
      throw new Error("Failed to complete handshake with OIDC " + serverTokenEndpoint + ": " + response.data.error);
    } else {
      // eslint-disable-next-line no-console
      if (debug) console.log('XXX: getToken response: ', response.data);
      return response.data;
    }
  };
}

var getUserInfo = function (accessToken) {
  var debug = process.env.DEBUG || false;
  var config = getConfiguration();
  // Some userinfo endpoints use a different base URL than the authorization or token endpoints.
  // This logic allows the end user to override the setting by providing the full URL to userinfo in their config.
  if (config.userinfoEndpoint.includes("https://")) {
    var serverUserinfoEndpoint = config.userinfoEndpoint;
  } else {
    var serverUserinfoEndpoint = config.serverUrl + config.userinfoEndpoint;
  }
  var response;
  try {
    var getOptions = {
        headers: {
          "User-Agent": userAgent,
          "Authorization": "Bearer " + accessToken
        }
      };
    if (httpCa) {
      getOptions['npmRequestOptions'] = { ca: httpCa };
    }
    response = HTTP.get(serverUserinfoEndpoint, getOptions);
  } catch (err) {
    throw _.extend(new Error("Failed to fetch userinfo from OIDC " + serverUserinfoEndpoint + ": " + err.message),
                   {response: err.response});
  }
  if (debug) console.log('XXX: getUserInfo response: ', response.data);
  return response.data;
};

var getConfiguration = function () {
  var config = ServiceConfiguration.configurations.findOne({ service: 'oidc' });
  if (!config) {
    throw new ServiceConfiguration.ConfigError('Service oidc not configured.');
  }
  return config;
};

var getTokenContent = function (token) {
  var content = null;
  if (token) {
    try {
      var parts = token.split('.');
      var header = JSON.parse(Buffer.from(parts[0], 'base64').toString());
      content = JSON.parse(Buffer.from(parts[1], 'base64').toString());
      var signature = Buffer.from(parts[2], 'base64');
      var signed = parts[0] + '.' + parts[1];
    } catch (err) {
      this.content = {
        exp: 0
      };
    }
  }
  return content;
}

Oidc.retrieveCredential = function (credentialToken, credentialSecret) {
  return OAuth.retrieveCredential(credentialToken, credentialSecret);
};
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00			`Oidc = {};`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`httpCa = false;`

Try to fix Color picker of lists is empty. Part 2. Thanks to bronger and xet7 ! Related #3418 2021-01-06 15:43:46 +02:00			`if (process.env.OAUTH2_CA_CERT !== undefined) {`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`try {`
			`const fs = Npm.require('fs');`
Try to fix Color picker of lists is empty. Part 3. Thanks to bronger and xet7 ! Related #3418 2021-01-06 15:47:21 +02:00			`if (fs.existsSync(process.env.OAUTH2_CA_CERT)) {`
Try to fix Color picker of lists is empty. Part 2. Thanks to bronger and xet7 ! Related #3418 2021-01-06 15:43:46 +02:00			`httpCa = fs.readFileSync(process.env.OAUTH2_CA_CERT);`
			`}`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`} catch(e) {`
			`console.log('WARNING: failed loading: ' + process.env.OAUTH2_CA_CERT);`
			`console.log(e);`
			`}`
			`}`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00
			`OAuth.registerService('oidc', 2, null, function (query) {`

			`var debug = process.env.DEBUG \|\| false;`
			`var token = getToken(query);`
			`if (debug) console.log('XXX: register token:', token);`

			`var accessToken = token.access_token \|\| token.id_token;`
			`var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10));`

- Remove mouse scroll settings of already removed custom scrollbar. - Add setting OAUTH2_ADFS_ENABLED=false - Add testing for both string and boolean version of true Thanks to xet7 ! Fixes #2949 2020-09-13 09:41:53 +03:00			`var claimsInAccessToken = (process.env.OAUTH2_ADFS_ENABLED === 'true' \|\| process.env.OAUTH2_ADFS_ENABLED === true) \|\| false;`

			`var userinfo;`
Update oidc_server.js added hack for getting the claims in the accessToken instead of the /adfs/oauth2/userinfo endpoint https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-faq#i-am-trying-to-get-additional-claims-on-the-user-info-endpoint-but-its-only-returning-subject-how-can-i-get-additional-claims Environment variable needed set OAUTH2_ADFS=true 2020-09-11 11:16:28 +02:00			`if(claimsInAccessToken)`
			`{`
			`// hack when using custom claims in the accessToken. On premise ADFS`
			`userinfo = getTokenContent(accessToken);`
			`}`
			`else`
			`{`
			`// normal behaviour, getting the claims from UserInfo endpoint.`
			`userinfo = getUserInfo(accessToken);`
			`}`
- Remove mouse scroll settings of already removed custom scrollbar. - Add setting OAUTH2_ADFS_ENABLED=false - Add testing for both string and boolean version of true Thanks to xet7 ! Fixes #2949 2020-09-13 09:41:53 +03:00
Implemented Nextcloud OAuth2 Hack Fixed: OAuth2 authentication via Nextcloud(tested Nextcloud 17.0.2-18.0.0) Todo: actually use the profile data: Fullname and Email in Profile 2020-01-22 22:28:03 +01:00			`if (userinfo.ocs) userinfo = userinfo.ocs.data; // Nextcloud hack`
ocp hack added 2020-04-13 14:03:19 +02:00			`if (userinfo.metadata) userinfo = userinfo.metadata // Openshift hack`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00			`if (debug) console.log('XXX: userinfo:', userinfo);`

			`var serviceData = {};`
Try to fix OIDC login. Thanks to xet7 ! 2019-06-12 06:29:57 +03:00			`serviceData.id = userinfo[process.env.OAUTH2_ID_MAP]; // \|\| userinfo["id"];`
			`serviceData.username = userinfo[process.env.OAUTH2_USERNAME_MAP]; // \|\| userinfo["uid"];`
			`serviceData.fullname = userinfo[process.env.OAUTH2_FULLNAME_MAP]; // \|\| userinfo["displayName"];`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00			`serviceData.accessToken = accessToken;`
			`serviceData.expiresAt = expiresAt;`
Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true. Thanks to xet7 ! 2020-10-02 23:15:39 +03:00
			`// If on Oracle OIM email is empty or null, get info from username`
			`if (process.env.ORACLE_OIM_ENABLED === 'true' \|\| process.env.ORACLE_OIM_ENABLED === true) {`
			`if (userinfo[process.env.OAUTH2_EMAIL_MAP]) {`
			`serviceData.email = userinfo[process.env.OAUTH2_EMAIL_MAP];`
			`} else {`
			`serviceData.email = userinfo[process.env.OAUTH2_USERNAME_MAP];`
			`}`
			`}`

			`if (process.env.ORACLE_OIM_ENABLED !== 'true' && process.env.ORACLE_OIM_ENABLED !== true) {`
			`serviceData.email = userinfo[process.env.OAUTH2_EMAIL_MAP]; // \|\| userinfo["email"];`
			`}`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00
			`if (accessToken) {`
			`var tokenContent = getTokenContent(accessToken);`
			`var fields = _.pick(tokenContent, getConfiguration().idTokenWhitelistFields);`
			`_.extend(serviceData, fields);`
			`}`

			`if (token.refresh_token)`
			`serviceData.refreshToken = token.refresh_token;`
			`if (debug) console.log('XXX: serviceData:', serviceData);`

			`var profile = {};`
Try to fix OIDC login. Thanks to xet7 ! 2019-06-12 06:29:57 +03:00			`profile.name = userinfo[process.env.OAUTH2_FULLNAME_MAP]; // \|\| userinfo["displayName"];`
			`profile.email = userinfo[process.env.OAUTH2_EMAIL_MAP]; // \|\| userinfo["email"];`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00			`if (debug) console.log('XXX: profile:', profile);`

			`return {`
			`serviceData: serviceData,`
			`options: { profile: profile }`
			`};`
			`});`

			`var userAgent = "Meteor";`
			`if (Meteor.release) {`
			`userAgent += "/" + Meteor.release;`
			`}`

Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true. Thanks to xet7 ! 2020-10-02 23:15:39 +03:00			`if (process.env.ORACLE_OIM_ENABLED !== 'true' && process.env.ORACLE_OIM_ENABLED !== true) {`
			`var getToken = function (query) {`
			`var debug = process.env.DEBUG \|\| false;`
			`var config = getConfiguration();`
			`if(config.tokenEndpoint.includes('https://')){`
			`var serverTokenEndpoint = config.tokenEndpoint;`
			`}else{`
			`var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint;`
			`}`
			`var requestPermissions = config.requestPermissions;`
			`var response;`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00
Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true. Thanks to xet7 ! 2020-10-02 23:15:39 +03:00			`try {`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`var postOptions = {`
Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true. Thanks to xet7 ! 2020-10-02 23:15:39 +03:00			`headers: {`
			`Accept: 'application/json',`
			`"User-Agent": userAgent`
			`},`
			`params: {`
			`code: query.code,`
			`client_id: config.clientId,`
			`client_secret: OAuth.openSecret(config.secret),`
			`redirect_uri: OAuth._redirectUri('oidc', config),`
			`grant_type: 'authorization_code',`
			`state: query.state`
			`}`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`};`
			`if (httpCa) {`
			`postOptions['npmRequestOptions'] = { ca: httpCa };`
			`}`
			`response = HTTP.post(serverTokenEndpoint, postOptions);`
Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true. Thanks to xet7 ! 2020-10-02 23:15:39 +03:00			`} catch (err) {`
			`throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message),`
			`{ response: err.response });`
			`}`
			`if (response.data.error) {`
			`// if the http response was a json object with an error attribute`
			`throw new Error("Failed to complete handshake with OIDC " + serverTokenEndpoint + ": " + response.data.error);`
			`} else {`
			`if (debug) console.log('XXX: getToken response: ', response.data);`
			`return response.data;`
			`}`
			`};`
			`}`

			`if (process.env.ORACLE_OIM_ENABLED === 'true' \|\| process.env.ORACLE_OIM_ENABLED === true) {`

			`var getToken = function (query) {`
			`var debug = (process.env.DEBUG === 'true' \|\| process.env.DEBUG === true) \|\| false;`
			`var config = getConfiguration();`
			`if(config.tokenEndpoint.includes('https://')){`
			`var serverTokenEndpoint = config.tokenEndpoint;`
			`}else{`
			`var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint;`
			`}`
			`var requestPermissions = config.requestPermissions;`
			`var response;`

			`// OIM needs basic Authentication token in the header - ClientID + SECRET in base64`
			`var dataToken=null;`
			`var strBasicToken=null;`
			`var strBasicToken64=null;`

			`dataToken = process.env.OAUTH2_CLIENT_ID + ':' + process.env.OAUTH2_SECRET;`
			`strBasicToken = new Buffer(dataToken);`
			`strBasicToken64 = strBasicToken.toString('base64');`

			`// eslint-disable-next-line no-console`
			`if (debug) console.log('Basic Token: ', strBasicToken64);`

			`try {`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`var postOptions = {`
Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true. Thanks to xet7 ! 2020-10-02 23:15:39 +03:00			`headers: {`
			`Accept: 'application/json',`
			`"User-Agent": userAgent,`
			`"Authorization": "Basic " + strBasicToken64`
			`},`
			`params: {`
			`code: query.code,`
			`client_id: config.clientId,`
			`client_secret: OAuth.openSecret(config.secret),`
			`redirect_uri: OAuth._redirectUri('oidc', config),`
			`grant_type: 'authorization_code',`
			`state: query.state`
			`}`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`};`
			`if (httpCa) {`
			`postOptions['npmRequestOptions'] = { ca: httpCa };`
			`}`
			`response = HTTP.post(serverTokenEndpoint, postOptions);`
Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true. Thanks to xet7 ! 2020-10-02 23:15:39 +03:00			`} catch (err) {`
			`throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message),`
			`{ response: err.response });`
			`}`
			`if (response.data.error) {`
			`// if the http response was a json object with an error attribute`
			`throw new Error("Failed to complete handshake with OIDC " + serverTokenEndpoint + ": " + response.data.error);`
			`} else {`
			`// eslint-disable-next-line no-console`
			`if (debug) console.log('XXX: getToken response: ', response.data);`
			`return response.data;`
			`}`
			`};`
			`}`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00
			`var getUserInfo = function (accessToken) {`
			`var debug = process.env.DEBUG \|\| false;`
			`var config = getConfiguration();`
			`// Some userinfo endpoints use a different base URL than the authorization or token endpoints.`
			`// This logic allows the end user to override the setting by providing the full URL to userinfo in their config.`
			`if (config.userinfoEndpoint.includes("https://")) {`
			`var serverUserinfoEndpoint = config.userinfoEndpoint;`
			`} else {`
			`var serverUserinfoEndpoint = config.serverUrl + config.userinfoEndpoint;`
			`}`
			`var response;`
			`try {`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`var getOptions = {`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00			`headers: {`
			`"User-Agent": userAgent,`
			`"Authorization": "Bearer " + accessToken`
			`}`
fix(oidc): wekan/wekan#3299 2020-11-01 20:48:50 +01:00			`};`
			`if (httpCa) {`
			`getOptions['npmRequestOptions'] = { ca: httpCa };`
			`}`
			`response = HTTP.get(serverUserinfoEndpoint, getOptions);`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00			`} catch (err) {`
			`throw _.extend(new Error("Failed to fetch userinfo from OIDC " + serverUserinfoEndpoint + ": " + err.message),`
			`{response: err.response});`
			`}`
			`if (debug) console.log('XXX: getUserInfo response: ', response.data);`
			`return response.data;`
			`};`

			`var getConfiguration = function () {`
			`var config = ServiceConfiguration.configurations.findOne({ service: 'oidc' });`
			`if (!config) {`
			`throw new ServiceConfiguration.ConfigError('Service oidc not configured.');`
			`}`
			`return config;`
			`};`

			`var getTokenContent = function (token) {`
			`var content = null;`
			`if (token) {`
			`try {`
			`var parts = token.split('.');`
Try to fix Node 12 Buffer() deprecation errors. Thanks to xet7 ! 2020-01-18 16:01:02 +02:00			`var header = JSON.parse(Buffer.from(parts[0], 'base64').toString());`
			`content = JSON.parse(Buffer.from(parts[1], 'base64').toString());`
			`var signature = Buffer.from(parts[2], 'base64');`
Include to Wekan packages directory contents, so that meteor command would build all directly. This also simplifies build scripts. Thanks to xet7 ! 2019-04-20 15:18:33 +03:00			`var signed = parts[0] + '.' + parts[1];`
			`} catch (err) {`
			`this.content = {`
			`exp: 0`
			`};`
			`}`
			`}`
			`return content;`
			`}`

			`Oidc.retrieveCredential = function (credentialToken, credentialSecret) {`
			`return OAuth.retrieveCredential(credentialToken, credentialSecret);`
			`};`