feat: support for learning-only users

Author: piejanssens

README.md

@@ -4,11 +4,20 @@ This utility can generate and validate key pairs, generate SAML assertions accep
 
 Features:
 
-- [Generate a new key pair](#generate-a-new-key-pair)
-- [Check certificate validity](#check-the-oauth-client-certificates-validity)
-- [Generate assertion (and validate)](#generate-via-cli)
-- [Run a local web service to generate an assertion and provide access tokens](#run-a-web-service-returning-oauth-access-tokens)
-- [Integrate with a Postman OAuth flow to obtain an access token](#usage-with-postman)
+- [OAuth 2.0 SAML Assertion Access Token Generator for SAP SuccessFactors HXM Suite](#oauth-20-saml-assertion-access-token-generator-for-sap-successfactors-hxm-suite)
+  - [Prerequisites](#prerequisites)
+  - [Installation](#installation)
+  - [Usage](#usage)
+    - [Generate a new key pair](#generate-a-new-key-pair)
+    - [Create or update the OAuth client in SuccessFactors](#create-or-update-the-oauth-client-in-successfactors)
+    - [Run a web service returning OAuth access tokens](#run-a-web-service-returning-oauth-access-tokens)
+    - [Usage with Postman](#usage-with-postman)
+    - [Generate via CLI](#generate-via-cli)
+      - [Argument Aliases](#argument-aliases)
+    - [Check the OAuth client certificate's validity](#check-the-oauth-client-certificates-validity)
+    - [Learning Only Users](#learning-only-users)
+  - [Contributing](#contributing)
+  - [Sponsorship](#sponsorship)
 
 ## Prerequisites
 
@@ -127,19 +136,20 @@ Token is valid  🎉
 
 #### Argument Aliases
 
-| alias | argument     |
-| ----- | ------------ |
-| -g    | --generate   |
-| -n    | --newkeypair |
-| -c    | --clientId   |
-| -u    | --userId     |
-| -i    | --companyId  |
-| -h    | --hostname   |
-| -v    | --validate   |
-| -t    | --ttl        |
-| -p    | --port       |
-| -r    | --raw        |
-| -d    | --dir        |
+| alias | argument       |
+| ----- | -------------- |
+| -g    | --generate     |
+| -n    | --newkeypair   |
+| -c    | --clientId     |
+| -u    | --userId       |
+| -i    | --companyId    |
+| -h    | --hostname     |
+| -v    | --validate     |
+| -t    | --ttl          |
+| -p    | --port         |
+| -r    | --raw          |
+| -d    | --dir          |
+| -l    | --learningOnly |
 
 ### Check the OAuth client certificate's validity
 
@@ -148,6 +158,10 @@ $ sf-oauth --validate [--companyId]
 notAfter=Mar  6 13:37:03 2032 GMT
 ```
 
+### Learning Only Users
+
+The SuccessFactors Learning OAuth token server is deprecated. Instead, you can use the SuccessFactors Platform token server to generate OAuth tokens even if the user does not exist in Employee Profile or Employee Central, a so-called learning-only user. For this use-case, use the `-l` or `--learningOnly` argument.
+
 ## Contributing
 
 Contributions are more than welcome! Please open an issue or a pull request.

src/cli.js

@@ -27,6 +27,7 @@ try {
     '--port': Number,
     '--raw': Boolean,
     '--dir': String,
+    '--learningOnly': Boolean,
     // Aliases
     '-g': '--generate',
     '-n': '--newkeypair',
@@ -39,6 +40,7 @@ try {
     '-p': '--port',
     '-r': '--raw',
     '-d': '--dir',
+    '-l': '--learningOnly'
   })
 } catch (err) {
   switch (err.code) {
@@ -100,6 +102,7 @@ if (args['--generate']) {
     userId,
     hostname,
     companyId,
+    !!args['--learningOnly'],
     args['--ttl'],
     args['--raw']
   )

src/gen.js

@@ -8,6 +8,7 @@ function generate(
   sUser,
   sHostname,
   companyId,
+  learningOnly,
   iTtl = 600,
   silent = false
 ) {
@@ -53,8 +54,9 @@ function generate(
     attributes: {
       api_key: sClientId,
       use_username: 'false',
+      external_user: learningOnly ? 'true' : 'false'
     },
-    nameIdentifier: sUser,
+    nameIdentifier: learningOnly ? `${sUser}#DIV#${companyId}` : sUser,
     sessionIndex: crypto.randomUUID(),
     recipient: `https://${sHostname}/oauth/token`,
   }