Skip to content
Unilim

Authenticate

Initialize

Section titled “Initialize”

Let’s try to authenticate to cas.unilim.fr using the given credentials. Doing the following will create a new authentication session on their end, thanks to LemonLDAP::NG.

import { CAS, type PendingAuth } from "unilim/cas";
const auth: PendingAuth = await CAS.initialize("username", "password");

Once a session has been initialized, you’ll end up with a PendingAuth instance. This is an intermediary step where you have to resolve a 2FA challenge if solved property is falsy.

if (!auth.solved) {
  // You have to solve 2FA, check the "Resolve 2FA" section below.
}

Resolve 2FA

Section titled “Resolve 2FA”

You’ll be asked to resolve a 2FA challenge when solved is falsy on PendingAuth. This challenge can be either resolved through an email code or a previously registered TOTP code.

This library does not support the case where you don’t have any 2FA method attached to your account - they might prompt you to add one - so please add a 2FA method.

You might want to know which 2FA option is available, if you don’t know.

if (auth.isTotpAvailable) {
  // You can use TOTP method.
}


if (auth.isEmailAvailable) {
  // You can use the email code method.
}

As a side note, if the 2FA was already solved both properties will be falsy, by default.

TOTP

Section titled “TOTP”
await auth.solveWithTotp("123456");

You’re done! You can go ahead to the finish section.

Email

Section titled “Email”

This is split into two methods, one to send the email and the other to input the code received.

You must not call the TOTP method after calling the method to send an email, otherwise it’ll fail.

await auth.sendEmailCode();
await auth.solveWithEmailCode("123456");

You’re done! You can go ahead to the finish section.

Finish

Section titled “Finish”

Let’s exchange our authentication session with an authenticated CAS instance.

const cas: CAS = await auth.finish();

Restore

Section titled “Restore”

Once your session has expired, you’ll have to create a new one. Using the previously created session, you can make up a new one without having to solve 2FA manually, thanks to the TrustedBrowser plugin they enabled.

You’ll need the cookie llngconnection and a key, generated on first authentication, that you can retrieve using the following on an authenticated CAS instance.

const llngconnection: string = cas.connection; // <- the cookie
const key: string = cas.key; // <- the linked totp key

You’ll still need username and password since this is not a refresh token. It is only kind of a 2FA bypass.

const cas: CAS = await CAS.restore(
  "username", "password", // <- the usual you'd give in initialize()
  llngconnection, key     // <- the variables we retrieved
);

As you can see, we get directly a CAS instance and we don’t have to deal with PendingAuth anymore.

Their cookie llngconnection is available for one month, after this it’ll be expired and you’ll have to go through a manual 2FA solve once again.

Temporary

Section titled “Temporary”

You can create a temporary CAS instance by providing a lemonldap cookie value.

const cas: CAS = CAS.temporary("value");