@absolutejs/auth 0.27.0-beta.1 → 0.27.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/abuse/captcha.d.ts +11 -0
- package/dist/abuse/config.d.ts +29 -0
- package/dist/adaptive/config.d.ts +13 -1
- package/dist/adaptive/fingerprint.d.ts +2 -0
- package/dist/adaptive/types.d.ts +13 -1
- package/dist/apikeys/routes.d.ts +1 -1
- package/dist/audit/export.d.ts +2 -0
- package/dist/audit/integrity.d.ts +19 -0
- package/dist/audit/siem.d.ts +11 -0
- package/dist/audit/types.d.ts +2 -1
- package/dist/credentials/config.d.ts +1 -0
- package/dist/credentials/emailValidation.d.ts +9 -0
- package/dist/credentials/login.d.ts +2 -1
- package/dist/credentials/passwordPolicy.d.ts +1 -0
- package/dist/credentials/routes.d.ts +1 -0
- package/dist/fga/config.d.ts +53 -0
- package/dist/fga/inMemoryStores.d.ts +3 -0
- package/dist/fga/postgresStores.d.ts +144 -0
- package/dist/fga/schema.d.ts +2 -0
- package/dist/fga/types.d.ts +28 -0
- package/dist/index.d.ts +6276 -3
- package/dist/index.js +2963 -1330
- package/dist/index.js.map +35 -14
- package/dist/mfa/rotation.d.ts +17 -0
- package/dist/mfa/types.d.ts +1 -0
- package/dist/oidc/config.d.ts +71 -0
- package/dist/oidc/dpop.d.ts +12 -0
- package/dist/oidc/inMemoryStores.d.ts +4 -0
- package/dist/oidc/keys.d.ts +21 -0
- package/dist/oidc/postgresStores.d.ts +573 -0
- package/dist/oidc/routes.d.ts +142 -0
- package/dist/oidc/types.d.ts +42 -0
- package/dist/session/anonymous.d.ts +11 -0
- package/dist/session/impersonation.d.ts +29 -0
- package/dist/session/multiSession.d.ts +25 -0
- package/dist/session/promote.d.ts +3 -1
- package/dist/types.d.ts +24 -0
- package/package.json +1 -1
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import type { MFAStore } from './types';
|
|
2
|
+
export type MfaKeyRotationResult = {
|
|
3
|
+
alreadyRotated: number;
|
|
4
|
+
rotated: number;
|
|
5
|
+
skippedNoSecret: number;
|
|
6
|
+
total: number;
|
|
7
|
+
};
|
|
8
|
+
export declare const rotateMfaEncryptionKey: ({ mfaStore, newKey, oldKey }: {
|
|
9
|
+
mfaStore: MFAStore;
|
|
10
|
+
newKey: string;
|
|
11
|
+
oldKey: string;
|
|
12
|
+
}) => Promise<{
|
|
13
|
+
alreadyRotated: number;
|
|
14
|
+
rotated: number;
|
|
15
|
+
skippedNoSecret: number;
|
|
16
|
+
total: number;
|
|
17
|
+
}>;
|
package/dist/mfa/types.d.ts
CHANGED
|
@@ -10,6 +10,7 @@ export type MfaEnrollment = {
|
|
|
10
10
|
};
|
|
11
11
|
export type MFAStore = {
|
|
12
12
|
getEnrollment: (userId: string) => Promise<MfaEnrollment | undefined>;
|
|
13
|
+
listEnrollments: () => Promise<MfaEnrollment[]>;
|
|
13
14
|
removeEnrollment: (userId: string) => Promise<void>;
|
|
14
15
|
saveEnrollment: (enrollment: MfaEnrollment) => Promise<void>;
|
|
15
16
|
};
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import type { RouteString } from '../types';
|
|
2
|
+
import { type SigningKey } from './keys';
|
|
3
|
+
import type { AuthorizationCodeStore, OAuthClientStore, OidcRefreshTokenStore } from './types';
|
|
4
|
+
export declare const DEFAULT_OIDC_ROUTE: RouteString;
|
|
5
|
+
export type OidcProviderConfig<UserType> = {
|
|
6
|
+
accessTokenTtlMs?: number;
|
|
7
|
+
authorizationCodeStore: AuthorizationCodeStore;
|
|
8
|
+
clientStore: OAuthClientStore;
|
|
9
|
+
getClaims?: (user: UserType) => Record<string, unknown>;
|
|
10
|
+
getGrantedScopes?: (context: {
|
|
11
|
+
client: {
|
|
12
|
+
clientId: string;
|
|
13
|
+
name: string;
|
|
14
|
+
};
|
|
15
|
+
requestedScopes: string[];
|
|
16
|
+
user: UserType;
|
|
17
|
+
}) => string[] | undefined | Promise<string[] | undefined>;
|
|
18
|
+
getUserId: (user: UserType) => string;
|
|
19
|
+
idTokenTtlMs?: number;
|
|
20
|
+
issuer: string;
|
|
21
|
+
loginUrl?: string;
|
|
22
|
+
oidcRoute?: RouteString;
|
|
23
|
+
refreshTokenStore: OidcRefreshTokenStore;
|
|
24
|
+
refreshTokenTtlMs?: number;
|
|
25
|
+
signingKey: SigningKey;
|
|
26
|
+
};
|
|
27
|
+
export type TokenExchangeResult = {
|
|
28
|
+
error: 'invalid_grant' | 'invalid_scope';
|
|
29
|
+
ok: false;
|
|
30
|
+
} | {
|
|
31
|
+
accessToken: string;
|
|
32
|
+
expiresIn: number;
|
|
33
|
+
ok: true;
|
|
34
|
+
scope: string;
|
|
35
|
+
};
|
|
36
|
+
export declare const exchangeToken: <UserType>({ actorClientId, audience, config, dpopJkt, now, requestedScopes, subjectToken }: {
|
|
37
|
+
actorClientId: string;
|
|
38
|
+
audience?: string;
|
|
39
|
+
config: OidcProviderConfig<UserType>;
|
|
40
|
+
dpopJkt?: string;
|
|
41
|
+
now?: number;
|
|
42
|
+
requestedScopes?: string[];
|
|
43
|
+
subjectToken: string;
|
|
44
|
+
}) => Promise<TokenExchangeResult>;
|
|
45
|
+
export declare const issueTokenSet: <UserType>({ claims, clientId, config, dpopJkt, nonce, now, scopes, sub }: {
|
|
46
|
+
claims?: Record<string, unknown>;
|
|
47
|
+
clientId: string;
|
|
48
|
+
config: OidcProviderConfig<UserType>;
|
|
49
|
+
dpopJkt?: string;
|
|
50
|
+
nonce?: string;
|
|
51
|
+
now?: number;
|
|
52
|
+
scopes: string[];
|
|
53
|
+
sub: string;
|
|
54
|
+
}) => Promise<{
|
|
55
|
+
access_token: string;
|
|
56
|
+
expires_in: number;
|
|
57
|
+
id_token: string;
|
|
58
|
+
refresh_token: string;
|
|
59
|
+
scope: string;
|
|
60
|
+
token_type: string;
|
|
61
|
+
}>;
|
|
62
|
+
export declare const mcpProtectedResourceMetadata: ({ issuer, resource, scopes }: {
|
|
63
|
+
issuer: string;
|
|
64
|
+
resource: string;
|
|
65
|
+
scopes?: string[];
|
|
66
|
+
}) => {
|
|
67
|
+
authorization_servers: string[];
|
|
68
|
+
resource: string;
|
|
69
|
+
scopes_supported: string[];
|
|
70
|
+
};
|
|
71
|
+
export declare const verifyPkce: (codeVerifier: string, codeChallenge: string) => Promise<boolean>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export type DpopResult = {
|
|
2
|
+
jkt: string;
|
|
3
|
+
jti?: string;
|
|
4
|
+
};
|
|
5
|
+
export declare const verifyDpopProof: ({ htm, htu, isUsedJti, maxAgeMs, now, proof }: {
|
|
6
|
+
htm: string;
|
|
7
|
+
htu: string;
|
|
8
|
+
isUsedJti?: (jti: string) => boolean | Promise<boolean>;
|
|
9
|
+
maxAgeMs?: number;
|
|
10
|
+
now?: number;
|
|
11
|
+
proof: string | undefined;
|
|
12
|
+
}) => Promise<DpopResult | undefined>;
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import type { AuthorizationCodeStore, OAuthClient, OAuthClientStore, OidcRefreshTokenStore } from './types';
|
|
2
|
+
export declare const createInMemoryAuthorizationCodeStore: () => AuthorizationCodeStore;
|
|
3
|
+
export declare const createInMemoryOAuthClientStore: (clients: OAuthClient[]) => OAuthClientStore;
|
|
4
|
+
export declare const createInMemoryOidcRefreshTokenStore: () => OidcRefreshTokenStore;
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export type SigningKey = {
|
|
2
|
+
kid: string;
|
|
3
|
+
privateJwk: JsonWebKey;
|
|
4
|
+
publicJwk: JsonWebKey;
|
|
5
|
+
};
|
|
6
|
+
export declare const generateSigningKey: () => Promise<SigningKey>;
|
|
7
|
+
export declare const jwkThumbprint: (jwk: JsonWebKey) => Promise<string>;
|
|
8
|
+
export declare const signJwt: (payload: Record<string, unknown>, signing: SigningKey) => Promise<string>;
|
|
9
|
+
export declare const toPublicJwk: (key: SigningKey) => {
|
|
10
|
+
alg: string;
|
|
11
|
+
crv: string | undefined;
|
|
12
|
+
kid: string;
|
|
13
|
+
kty: string | undefined;
|
|
14
|
+
use: string;
|
|
15
|
+
x: string | undefined;
|
|
16
|
+
y: string | undefined;
|
|
17
|
+
};
|
|
18
|
+
export declare const verifyJwt: (token: string, publicJwk: JsonWebKey) => Promise<{
|
|
19
|
+
header: any;
|
|
20
|
+
payload: any;
|
|
21
|
+
} | undefined>;
|