# Initialize Trust1Connector ## Introduction For initialisation of the T1C you need to prepare your application first by [adding the SDK JS files to your project](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/core/setting-up-the-sdk) and importing them in such a way that you can call for the Javascript functions when you need them. When you've succesfully [downloaded](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/core/downloading-latest-trust1connector) and installed the Trust1Connector you can initialize and use the Trust1Connector ## Mode of operations The Trust1Connector's architecture is created so that we can support a wide range of system setups. This means we can both support single users using the Trust1Connector but also systems where multiple users make use of the same hardware, we call this *shared environments*. Additionally to *shared environments*, we support *remote desktops* as an extension on shared environments. Since Trust1Connector version `3.6.1` we can provide integrators the support to initialise the Trust1Connector in different ways. ### Single Instance Without Consent {% hint style="info" %} Please contact support if you need support for this modus. As this is not the default mode and requires the Trust1Connector to be run in a specific context {% endhint %} Using this operation mode, the integrator can decide to use the Trust1Connector and inforce that no consent is needed. making it very straightforward for the end-user to utilise any functionality the Trust1Connector offers. In this mode we cannot support multiple instances of the Trust1Connector. Meaning shared environments and multiple users logged in on the same system can create unexpected behaviour. ### Single Instance With Consent This is the default mode of operation and goes hand-in-hand with [multi user](#multi-user-instance-with-consent) instances. A consent is required to both request the user's permission to use the Trust1Connector on his system and also to correctly determine which instance of the Trust1Connector needs to be used. The Consent provides support to use the Trust1Connector with multiple users on the same system ([even at the same time](#multi-user-instance-with-consent)). Using Single Instance with consent as an operational mode, enforeces users to consent unregarded the environment - be it single device or multi user environment. Validity of the consent can be determined by the application. ### Multi-user Instance With Consent Just like the [single instance with consent mode](#single-instance-with-consentt) this mode requires a consent to both ask permission to the user and determine the correct instance of the Trust1Connector Agent/API. This mode support shared environments such as Citrix, terminal server and remote desktop. ## Creating the configuration object We will prepare the SDK's configuration Object, this object is used to pass information about which default port the Trust1Connector is running on, JWT key, API url, ... which is needed to properly contact and use the Trust1Connector. When the Trust1Connector is configured with a Distribution Service in mind you **can** provide a valid JWT token in the configuration object. [You can retrieve such token via the Distribution Service based on the API key you received](#retrieve-jwt-token). {% hint style="warning" %} Retrieving JWT tokens should be handled in your own backend to maximize security {% endhint %} Now we can create a complete Configuration Options object to be passed to the Trust1Connector. ### T1CConfigOptions The T1C config options is a class that can be used to create a valid configuration object to initialize the Trust1Connector. Below you can find a class definition. ```javascript class T1CConfigOptions { constructor( public t1cApiUrl?: string, public t1cApiPort?: string, public t1cProxyUrl?: string, // deprecated public t1cProxyPort?: string, // deprecated public jwt?: string, public applicationDomain?: string, // "rmc.t1t.be" ) {} } ``` {% hint style="info" %} `t1cProxyUrl` and `t1cProxyPort` are deprecated since 3.5.x and only used in 3.4.x versions. {% endhint %} #### Parameters **`t1cApiUrl: string`**\ \&#xNAN;*Optional*\ The URL that connects to the local Trust1Connector instances. This can be either localhost or a domain that directs towards localhost. By default this will be `https://t1c.t1t.io` **`t1cApiPort: string`**\ \&#xNAN;*Optional*\ The port defined to be used for the Trust1Connector. By default this is `51983` **`t1cProxyUrl: string`**\ \&#xNAN;*Optional - Deprecated*\ The URL that connects to the local Trust1Connector Proxy instances. This can be either localhost or a domain that directs towards localhost. By default this will be `https://t1c.t1t.io` **`t1cProxyPort: string`**\ \&#xNAN;*Optional - Deprecated*\ The port defined to be used for the Trust1Connector Proxy. By default this is `51983` **`jwt: string`**\ \&#xNAN;*Optional*\ The JWT token that is used to authenticate towards the Trust1Connector. This should be retrieved from the DS and is only needed when the Trust1Connector is configured to work with a DS and requires JWT validation **`applicationDomain: string`**\ \&#xNAN;*Optional*\ The domain of the application that is using the Trust1Connector. This is used to make sure the consent is only available for a specific web-application. This prevents various clients to interfere with eachother.\ This domain also `tags` the Distribution service transactions being sent to the Distribution service. This makes it easy to distinguish between applications/tags for the transactions ```javascript // ... let environment = { t1cApiUrl: 'https://t1c.t1t.io', t1cApiPort: '51983', t1cProxyUrl: 'https://t1c.t1t.io', t1cProxyPort: '51983', jwt: 'eyJraWQiOiJ0MWNkcyIsImFsZyI6IlJTMjU2In0..._Mg2PfdhCMQ', applicationDomain: 'test-app' }; const configoptions = new T1CSdk.T1CConfigOptions( environment.t1cApiUrl, environment.t1cApiPort, environment.t1cProxyUrl, environment.t1cProxyPort, environment.jwt, environment.applicationDomain ); config = new T1CSdk.T1CConfig(configoptions); // ... ``` When a remote DS is used you can set the following field with the correct DS url, this will in turn use the DS's capabilities of acting as a Trust1Connector proxy for enchanced security. ```javascript // When remote DS is used set the following parameter config.dsUrl = "https://acc-ds.t1t.io"; ``` Now we can continue to use the `config` variable to [initialize](#initializing-the-trust-1-connector-sdk) and retrieve a `T1CClient` ### Authenticated client If you need to set up the Trust1Connector with a valid JWT token you can follow the documentation on the [Authenticated Client page](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/core/authenticated-client) to [retrieve a valid token](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/authenticated-client#retrieving-a-jwt-token) from the DS. When you have a valid token you can provide this in the Configuration. This will make sure the Trust1Connector is usable until the token becomes unvalid. At which point you can [refresh](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/authenticated-client#refresh-jwt-token) your token to continue to use the Trust1Connector. More information on how to retrieve,use and refresh a token can be found on the [Authenticated Client page](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/core/authenticated-client). ## Initializing the Trust1Connector SDK Initialization of the Trust1Connector in many cases requires a user consent, the exception being when no registry is configured (either local or central) and if the Trust1Connector is run in a [specific single modus](#single-instance-without-consent) enabled. More information can be found [here](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/core/consent). The registry allowed us to create a Trust1Connector that works in any environment, without the need for Administrative rights from the users, wether it be Standalone, Multi session, RDP, Citrix, ... To Initialize the Trust1Connector a [Consent](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/core/consent) is required(when a central or local registry is present) or when the [modus is set to optional consent](#single-instance-without-consent). When no consent can be found the error codes `814500` or `814501` will be thrown. This means that either the previous consent is not valid anymore or no consent was given yet. More information regarding the consent can be found on the [Consent page](https://t1t.gitbook.io/t1c-js-guide-v3/3.7.x/core/consent) which explains it in more detail. If you have the [optional consent mode](#single-instance-without-consent) enabled the consent error will not appear but will either give a valid Client to use or a `112999` error, depicting it could not find any active instance of the Trust1Connector. ```javascript // ... T1CSdk.T1CClient.initialize(config).then(res => { client = res; console.log("Client config: ", client.localConfig); core = client.core(); core.version().then(versionResult => console.log("T1C running on core "+ versionResult)); }, err => { if (err.code == 814500 || err.code == 814501) { client = err.client; // (new) Consent is required } else if(err.code == 112999) { // Could not connect with the Trust1Connector } else { // an uncatched error occured console.error("T1C error:", err) } }); // ... ``` When either no consent is present or its invalid you will receive a **invalid** `client` object (line 8 in example above) that can be used to trigger the `getImplicitConsent` function in the Core serivce. The Consent requires a user action to [copy some data to its clipboard](#clipboard). This data is used by the T1C registry to make sure you're targetting the correct instance of the Trust1Connector. More information about this can be found here. The signature of the `getImplicitConsent` function is as follows; ```javascript public getImplicitConsent(codeWord: string, durationInDays?: number, callback?: (error?: T1CLibException, data?: T1CClient) => void ): Promise ``` This function expects: **`codeword: string`**\ The string value that is saved to the user's clipboard needs to be sent to the Consent function. **`durationInDays: number`**\ \&#xNAN;*Optional*\ Amount of days that the consent is valid. **`callback: (error?: T1CLibException, data?: T1CClient)`**\ \&#xNAN;*Optional*\ Callback when you're not using ES Below is a small javascript example of how you can trigger the `getImplicitConsent` function ```javascript client.core().getImplicitConsent(document.querySelector(".clipboard-data").innerHTML).then(res => { console.log("Consent Executed") client = res; // Use the client for your use-cases }, err => { // Failed, use the error client to retry the consent this.client = err.client; console.error(err.description ? err.description : err) }) ``` After this you will have a `client` that can be used to execute the rest of the functionality that the Trust1Connector has to offer. #### Full example ```javascript // Global client to be used over the entire application const client = null // Prepare the configuration let environment = { t1cApiUrl: 'https://t1c.t1t.io', t1cApiPort: '51983', t1cProxyUrl: 'https://t1c.t1t.io', t1cProxyPort: '51983', jwt: 'eyJraWQiOiJ0MWNkcyIsImFsZyI6IlJTMjU2In0..._Mg2PfdhCMQ', applicationDomain: 'test-app' }; const configoptions = new T1CSdk.T1CConfigOptions( environment.t1cApiUrl, environment.t1cApiPort, environment.t1cProxyUrl, environment.t1cProxyPort, environment.jwt, environment.applicationDomain ); config = new T1CSdk.T1CConfig(configoptions); // Initialize the Trust1Connector with the previously created configuration object T1CSdk.T1CClient.initialize(config).then(res => { client = res; console.log("Client config: ", client.localConfig); core = client.core(); core.version().then(versionResult => console.log("T1C running on core "+ versionResult)); }, err => { if (err.code == 814500 || err.code == 814501) { // (new) Consent is required } else if(err.code == 112999) { // Could not connect with the Trust1Connector } else { // an uncatched error occured console.error("T1C error:", err) } }); // when the user has clicked on the clipboard/consent button we execute the getImplicitConsent function document.querySelector(".clipboard").addEventListener("click", (ev) => { if (client != null) { client.core().getImplicitConsent(document.querySelector(".clipboard-data").innerHTML).then(res => { console.log("Consent Executed") client = res; // Use the client for your use-cases }, err => { this.client = err.client; console.error(err.description ? err.description : err) }) } }) ``` ### Enforcing consent flow in a optional consent enabled Trust1Connector When your instance of the Trust1Connector has the optional consent mode enabled but still want to enforce the consent flow you can use the following explicit consent initialisation. This will ignore the enabled feature of having the consent being optional and will require a valid consent to operate the Trust1Connector. ```javascript // ... T1CSdk.T1CClient.initializeExplicitConsent(config).then(res => { client = res; console.log("Client config: ", client.localConfig); core = client.core(); core.version().then(versionResult => console.log("T1C running on core "+ versionResult)); }, err => { if (err.code == 814500 || err.code == 814501) { client = err.client; // (new) Consent is required } else if(err.code == 112999) { // Could not connect with the Trust1Connector } else { // an uncatched error occured console.error("T1C error:", err) } }); // ... ``` ## Clipboard To provide a consent, we suggest you use the clipboard functionality available in browsers. The most supported way is via `document.exeCommand` and below you can find an example of this. There is also a [clipboard API ](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API)but this is not fully supported yet {% hint style="info" %} The code below is an example of how you can integrate a copy command in the webbrowser {% endhint %} ```javascript const tokenNode = document.querySelector('.consent-token'); var range = document.createRange(); range.selectNode(tokenNode); window.getSelection().addRange(range); try { // Now that we've selected the anchor text, execute the copy command document.execCommand('copy'); } catch(err) { console.log('Oops, unable to copy'); } // Remove the selections - NOTE: Should use // removeRange(range) when it is supported window.getSelection().removeRange(range); const clipboardData = tokenNode.textContent; ``` ## Retrieve JWT token `GET` `https://ds.t1t.io/v3_5/tokens/application` This endpoint will return a valid JWT token to use for a certain period based on the API-key you provide in the \`apikey\` header #### Headers | Name | Type | Description | | ------ | ------ | -------------------------------- | | apikey | string | API-key received from Trust1Team | {% tabs %} {% tab title="200 Will return an success boolean and data object. The data object is the JWT token" %} ```javascript { "success": true, "data": "eyJraWQiOiJ0MWNkcyIsImFsZyI6IlJTMjU2In0...v8_Mg2PfdhCMQ" } ``` {% endtab %} {% tab title="401 When the apikey header is not sent" %} ```javascript { "message": "No API key found in request" } ``` {% endtab %} {% tab title="403 When trying to retrieve a JWT token for an invalid/unknown API key" %} ```javascript { "success": false, "description": "Invalid API key", "code": 1005, } ``` {% endtab %} {% endtabs %} ## Trust1Connector environments The Trust1Connector has a Develop, Acceptance and production version. The difference between them is mainly the Distirbution service connection and the port number they use. {% hint style="info" %} These port numbers are linked to the Trust1Connector distributed by Trust1Team. If you have a custom installation these will be different. Please contact your distributor for more information. {% endhint %} The port numbers of the Trust1Connector are; | Environment | Port number | Distribution service | | ----------- | ----------- | ----------------------- | | Production | 51983 | | | Acceptance | 51883 | | | Develop | 51783 | None |