@aifabrix/miso-client 3.3.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +624 -0
- package/dist/index.d.ts +30 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +43 -1
- package/dist/index.js.map +1 -1
- package/dist/services/token-validation.service.d.ts +49 -0
- package/dist/services/token-validation.service.d.ts.map +1 -0
- package/dist/services/token-validation.service.js +258 -0
- package/dist/services/token-validation.service.js.map +1 -0
- package/dist/types/config.types.d.ts +7 -0
- package/dist/types/config.types.d.ts.map +1 -1
- package/dist/types/config.types.js.map +1 -1
- package/dist/types/token-validation.types.d.ts +88 -0
- package/dist/types/token-validation.types.d.ts.map +1 -0
- package/dist/types/token-validation.types.js +7 -0
- package/dist/types/token-validation.types.js.map +1 -0
- package/package.json +4 -2
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAMxD,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAChF,OAAO,EAAwC,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACxG,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,gBAAgB;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAMxD,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAChF,OAAO,EAAwC,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACxG,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,cAAc,EACf,MAAM,gCAAgC,CAAC;AAExC,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,eAAe,CAAyB;IAChD,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,gBAAgB;IAsDpC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAcjC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC;;OAEG;IACH,aAAa,IAAI,OAAO;IAMxB;;;OAGG;IACH,QAAQ,CAAC,GAAG,EAAE;QAAE,OAAO,EAAE;YAAE,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,GAAG,MAAM,GAAG,IAAI;IAerE;;;;;;;OAOG;IACH,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,sBAAsB;IAK/E;;;OAGG;IACG,mBAAmB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI5C;;;;;;;;;;;;OAYG;IACG,KAAK,CAAC,MAAM,EAAE;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,OAAO,sBAAsB,EAAE,aAAa,CAAC;IAIzD;;;;OAIG;IACG,aAAa,CACjB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACG,OAAO,CACX,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAI3B;;;;OAIG;IACG,WAAW,CACf,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAI3B;;;;OAIG;IACG,eAAe,CACnB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,MAAM,CAAC,MAAM,EAAE;QACnB,KAAK,EAAE,MAAM,CAAC;KACf,GAAG,OAAO,CAAC,OAAO,sBAAsB,EAAE,cAAc,CAAC;IAI1D;;;;;OAKG;IACG,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,sBAAsB,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAItE;;;;;;OAMG;IACG,kBAAkB,CACtB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,qBAAqB,CAAC;IAIjC;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAI/C;;;OAGG;IACH,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI;IAItC;;OAEG;IACH,oBAAoB,IAAI,IAAI;IAI5B;;OAEG;IACH,mBAAmB,IAAI,IAAI;IAM3B;;;;OAIG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;;OAKG;IACG,OAAO,CACX,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,UAAU,CACd,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EAAE,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,WAAW,CACf,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EAAE,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACG,YAAY,CAChB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;OAIG;IACG,cAAc,CAClB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;;OAKG;IACG,aAAa,CACjB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,gBAAgB,CACpB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EAAE,EACrB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,iBAAiB,CACrB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EAAE,EACrB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACG,kBAAkB,CACtB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;OAIG;IACG,qBAAqB,CACzB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAMhB;;OAEG;IACH,IAAI,GAAG,IAAI,aAAa,CAEvB;IAQD;;OAEG;IACH,IAAI,KAAK,IAAI,YAAY,CAExB;IAID;;OAEG;IACH,SAAS,IAAI,gBAAgB;IAI7B;;OAEG;IACH,gBAAgB,IAAI,OAAO;IAI3B;;;;;;;;;OASG;IACG,uBAAuB,CAAC,CAAC,EAC7B,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,EACzC,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,YAAY,EAC1B,IAAI,CAAC,EAAE,OAAO,EACd,MAAM,CAAC,EAAE,OAAO,OAAO,EAAE,kBAAkB,GAC1C,OAAO,CAAC,CAAC,CAAC;IAUb;;;;;;OAMG;IACH,kBAAkB,CAChB,OAAO,EAAE,CAAC,QAAQ,GAAG,cAAc,GAAG,oBAAoB,GAAG,SAAS,CAAC,EAAE,EACzE,WAAW,CAAC,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,MAAM,GACd,YAAY;IAQf;;;;;OAKG;IACH,sBAAsB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,YAAY;CAG3D;AAGD,cAAc,sBAAsB,CAAC;AAGrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC;AAGnC,YAAY,EACV,aAAa,IAAI,uBAAuB,EACxC,aAAa,GACd,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAC/F,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,qBAAqB,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAChG,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAG9D,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC;AAGnC,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,cAAc,GACf,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EACL,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,WAAW,EACX,qBAAqB,EACrB,mBAAmB,EACnB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,yBAAyB,EACzB,SAAS,GACV,MAAM,WAAW,CAAC;AACnB,YAAY,EACV,0BAA0B,EAC1B,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,aAAa,IAAI,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7D,YAAY,EACV,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,WAAW,IAAI,qBAAqB,EACpC,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,QAAQ,IAAI,kBAAkB,GAC/B,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,wBAAwB,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AACpG,YAAY,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGrE,YAAY,EACV,SAAS,EACT,sBAAsB,EACtB,qBAAqB,EACrB,YAAY,EACZ,cAAc,EACd,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -17,7 +17,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
17
17
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
18
18
|
};
|
|
19
19
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
20
|
-
exports.getCachedDataClientConfig = exports.autoInitializeDataClient = exports.dataClient = exports.DataClient = exports.hasConfig = exports.createClientTokenEndpoint = exports.EncryptionUtil = exports.sendErrorResponse = exports.getErrorTitle = exports.getErrorTypeUri = exports.handleRouteError = exports.setErrorLogger = exports.createErrorResponse = exports.createSuccessResponse = exports.AppError = exports.ValidationHelper = exports.asyncHandlerNamed = exports.asyncHandler = exports.injectResponseHelpers = exports.ResponseHelper = exports.handleApiError = exports.transformError = exports.ApiErrorException = exports.MisoClientError = exports.extractRequestContext = exports.extractLoggingContext = exports.validateUrl = exports.isBrowser = exports.resolveControllerUrl = exports.extractClientTokenInfo = exports.getEnvironmentToken = exports.validateOrigin = exports.loadConfig = exports.HttpClient = exports.CacheService = exports.RedisService = exports.LoggerService = exports.BrowserRoleService = exports.BrowserPermissionService = exports.PermissionService = exports.RoleService = exports.AuthService = exports.MisoClient = void 0;
|
|
20
|
+
exports.TokenValidationService = exports.getCachedDataClientConfig = exports.autoInitializeDataClient = exports.dataClient = exports.DataClient = exports.hasConfig = exports.createClientTokenEndpoint = exports.EncryptionUtil = exports.sendErrorResponse = exports.getErrorTitle = exports.getErrorTypeUri = exports.handleRouteError = exports.setErrorLogger = exports.createErrorResponse = exports.createSuccessResponse = exports.AppError = exports.ValidationHelper = exports.asyncHandlerNamed = exports.asyncHandler = exports.injectResponseHelpers = exports.ResponseHelper = exports.handleApiError = exports.transformError = exports.ApiErrorException = exports.MisoClientError = exports.extractRequestContext = exports.extractLoggingContext = exports.validateUrl = exports.isBrowser = exports.resolveControllerUrl = exports.extractClientTokenInfo = exports.getEnvironmentToken = exports.validateOrigin = exports.loadConfig = exports.HttpClient = exports.CacheService = exports.RedisService = exports.LoggerService = exports.BrowserRoleService = exports.BrowserPermissionService = exports.PermissionService = exports.RoleService = exports.AuthService = exports.MisoClient = void 0;
|
|
21
21
|
const auth_service_1 = require("./services/auth.service");
|
|
22
22
|
const role_service_1 = require("./services/role.service");
|
|
23
23
|
const permission_service_1 = require("./services/permission.service");
|
|
@@ -30,6 +30,7 @@ const api_1 = require("./api");
|
|
|
30
30
|
const data_masker_1 = require("./utils/data-masker");
|
|
31
31
|
const auth_strategy_1 = require("./utils/auth-strategy");
|
|
32
32
|
const origin_validator_1 = require("./utils/origin-validator");
|
|
33
|
+
const token_validation_service_1 = require("./services/token-validation.service");
|
|
33
34
|
class MisoClient {
|
|
34
35
|
constructor(config) {
|
|
35
36
|
this.initialized = false;
|
|
@@ -63,6 +64,8 @@ class MisoClient {
|
|
|
63
64
|
// Initialize services that use cache
|
|
64
65
|
this.roles = new role_service_1.RoleService(this.httpClient, this.apiClient, this.cacheService);
|
|
65
66
|
this.permissions = new permission_service_1.PermissionService(this.httpClient, this.apiClient, this.cacheService);
|
|
67
|
+
// Initialize token validation service
|
|
68
|
+
this.tokenValidation = new token_validation_service_1.TokenValidationService(config.keycloak);
|
|
66
69
|
}
|
|
67
70
|
/**
|
|
68
71
|
* Initialize the client (connect to Redis if configured)
|
|
@@ -195,6 +198,42 @@ class MisoClient {
|
|
|
195
198
|
async refreshToken(refreshToken, authStrategy) {
|
|
196
199
|
return this.auth.refreshToken(refreshToken, authStrategy);
|
|
197
200
|
}
|
|
201
|
+
/**
|
|
202
|
+
* Validate token locally using JWKS (no API call to controller)
|
|
203
|
+
* Results are cached for 1 minute, JWKS keys cached for 1 hour
|
|
204
|
+
* @param token - JWT token to validate
|
|
205
|
+
* @param options - Validation options (skipResultCache for high-security)
|
|
206
|
+
* @returns Validation result with payload or error
|
|
207
|
+
*/
|
|
208
|
+
async validateTokenLocal(token, options) {
|
|
209
|
+
return this.tokenValidation.validateTokenLocal(token, options);
|
|
210
|
+
}
|
|
211
|
+
/**
|
|
212
|
+
* Set or update Keycloak configuration for local validation
|
|
213
|
+
* @param config - Keycloak configuration
|
|
214
|
+
*/
|
|
215
|
+
setKeycloakConfig(config) {
|
|
216
|
+
this.tokenValidation.setKeycloakConfig(config);
|
|
217
|
+
}
|
|
218
|
+
/**
|
|
219
|
+
* Clear JWKS cache (useful for key rotation scenarios)
|
|
220
|
+
* @param jwksUri - Specific URI to clear, or all if not provided
|
|
221
|
+
*/
|
|
222
|
+
clearJwksCache(jwksUri) {
|
|
223
|
+
this.tokenValidation.clearCache(jwksUri);
|
|
224
|
+
}
|
|
225
|
+
/**
|
|
226
|
+
* Clear validation result cache
|
|
227
|
+
*/
|
|
228
|
+
clearValidationCache() {
|
|
229
|
+
this.tokenValidation.clearResultCache();
|
|
230
|
+
}
|
|
231
|
+
/**
|
|
232
|
+
* Clear all token validation caches (JWKS + results)
|
|
233
|
+
*/
|
|
234
|
+
clearAllTokenCaches() {
|
|
235
|
+
this.tokenValidation.clearAllCaches();
|
|
236
|
+
}
|
|
198
237
|
// ==================== AUTHORIZATION METHODS ====================
|
|
199
238
|
/**
|
|
200
239
|
* Get user roles (cached in Redis if available)
|
|
@@ -437,4 +476,7 @@ Object.defineProperty(exports, "dataClient", { enumerable: true, get: function (
|
|
|
437
476
|
var data_client_auto_init_1 = require("./utils/data-client-auto-init");
|
|
438
477
|
Object.defineProperty(exports, "autoInitializeDataClient", { enumerable: true, get: function () { return data_client_auto_init_1.autoInitializeDataClient; } });
|
|
439
478
|
Object.defineProperty(exports, "getCachedDataClientConfig", { enumerable: true, get: function () { return data_client_auto_init_1.getCachedDataClientConfig; } });
|
|
479
|
+
// Token validation service (for advanced usage)
|
|
480
|
+
var token_validation_service_2 = require("./services/token-validation.service");
|
|
481
|
+
Object.defineProperty(exports, "TokenValidationService", { enumerable: true, get: function () { return token_validation_service_2.TokenValidationService; } });
|
|
440
482
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;AAEH,0DAAsD;AACtD,0DAAsD;AACtD,sEAAkE;AAClE,8DAA0D;AAC1D,4DAAwD;AACxD,4DAAwD;AACxD,qDAAiD;AACjD,uEAAkE;AAClE,+BAAkC;AAClC,qDAAiD;AACjD,yDAA4D;AAE5D,+DAAwG;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;AAEH,0DAAsD;AACtD,0DAAsD;AACtD,sEAAkE;AAClE,8DAA0D;AAC1D,4DAAwD;AACxD,4DAAwD;AACxD,qDAAiD;AACjD,uEAAkE;AAClE,+BAAkC;AAClC,qDAAiD;AACjD,yDAA4D;AAE5D,+DAAwG;AAExG,kFAA6E;AAO7E,MAAa,UAAU;IAarB,YAAY,MAAwB;QAF5B,gBAAW,GAAG,KAAK,CAAC;QAG1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,4DAA4D;QAC5D,IAAI,MAAM,CAAC,qBAAqB,EAAE,CAAC;YACjC,wBAAU,CAAC,aAAa,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,4DAA4D;QAC5D,MAAM,cAAc,GAAG,IAAI,yCAAkB,CAAC,MAAM,CAAC,CAAC;QAEtD,uBAAuB;QACvB,IAAI,CAAC,KAAK,GAAG,IAAI,4BAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE5C,wGAAwG;QACxG,kEAAkE;QAClE,4FAA4F;QAC5F,IAAI,CAAC,MAAM,GAAG,IAAI,8BAAa,CAC7B,cAAuC,EACvC,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,qEAAqE;QACrE,IAAI,CAAC,UAAU,GAAG,IAAI,wBAAU,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAEtD,sEAAsE;QACtE,wGAAwG;QACxG,8DAA8D;QAC7D,IAAI,CAAC,MAAc,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAElD,yEAAyE;QACzE,IAAI,CAAC,SAAS,GAAG,IAAI,eAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEhD,gEAAgE;QAChE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEzC,oFAAoF;QACpF,IAAI,CAAC,YAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEjD,6EAA6E;QAC7E,IAAI,CAAC,IAAI,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAEhF,qCAAqC;QACrC,IAAI,CAAC,KAAK,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACjF,IAAI,CAAC,WAAW,GAAG,IAAI,sCAAiB,CACtC,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,CAClB,CAAC;QAEF,sCAAsC;QACtC,IAAI,CAAC,eAAe,GAAG,IAAI,iDAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC3B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,kEAAkE;YAClE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC,8CAA8C;QACzE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,mEAAmE;IAEnE;;;OAGG;IACH,QAAQ,CAAC,GAA4C;QACnD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kCAAkC;QAClC,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QAED,4DAA4D;QAC5D,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;;;;OAOG;IACH,cAAc,CAAC,GAAY,EAAE,cAAyB;QACpD,MAAM,OAAO,GAAG,cAAc,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC7D,OAAO,IAAA,iCAAkB,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB;QACvB,OAAO,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,KAAK,CAAC,MAGX;QACC,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CACjB,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACtD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CACf,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACpD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CACnB,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACxD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,MAAM,CAAC,MAEZ;QACC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAChB,YAAoB,EACpB,YAA2B;QAE3B,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,kBAAkB,CACtB,KAAa,EACb,OAAgC;QAEhC,OAAO,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACjE,CAAC;IAED;;;OAGG;IACH,iBAAiB,CAAC,MAAsB;QACtC,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,OAAgB;QAC7B,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,IAAI,CAAC,eAAe,CAAC,gBAAgB,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;IACxC,CAAC;IAED,kEAAkE;IAElE;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CACZ,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAClD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,KAAa,EACb,IAAY,EACZ,YAA2B;QAE3B,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CACd,KAAa,EACb,KAAe,EACf,YAA2B;QAE3B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IAC3D,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CACf,KAAa,EACb,KAAe,EACf,YAA2B;QAE3B,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAChB,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACtD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAClB,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CACjB,KAAa,EACb,UAAkB,EAClB,YAA2B;QAE3B,OAAO,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IACzE,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,gBAAgB,CACpB,KAAa,EACb,WAAqB,EACrB,YAA2B;QAE3B,OAAO,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CACrB,KAAa,EACb,WAAqB,EACrB,YAA2B;QAE3B,OAAO,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,KAAK,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;IAC9E,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,kBAAkB,CACtB,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAClE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,qBAAqB,CACzB,KAAa,EACb,YAA2B;QAE3B,OAAO,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACrE,CAAC;IAED,4DAA4D;IAE5D;;OAEG;IACH,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,+DAA+D;IAC/D,kFAAkF;IAClF,8DAA8D;IAE9D,0DAA0D;IAE1D;;OAEG;IACH,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,4DAA4D;IAE5D;;OAEG;IACH,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,uBAAuB,CAC3B,MAAyC,EACzC,GAAW,EACX,YAA0B,EAC1B,IAAc,EACd,MAA2C;QAE3C,OAAO,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAC5C,MAAM,EACN,GAAG,EACH,YAAY,EACZ,IAAI,EACJ,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,kBAAkB,CAChB,OAAyE,EACzE,WAAoB,EACpB,MAAe;QAEf,OAAO;YACL,OAAO;YACP,WAAW;YACX,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,sBAAsB,CAAC,WAAoB;QACzC,OAAO,mCAAmB,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAC7D,CAAC;CACF;AApgBD,gCAogBC;AAED,eAAe;AACf,uDAAqC;AAErC,wCAAwC;AACxC,2DAAyC;AACzC,uDAAqC;AACrC,qDAAmC;AAQnC,qCAAqC;AACrC,wDAAsD;AAA7C,2GAAA,WAAW,OAAA;AACpB,wDAAsD;AAA7C,2GAAA,WAAW,OAAA;AACpB,oEAAkE;AAAzD,uHAAA,iBAAiB,OAAA;AAC1B,oFAAiF;AAAxE,sIAAA,wBAAwB,OAAA;AACjC,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAC3B,4DAA0D;AAAjD,+GAAA,aAAa,OAAA;AACtB,0DAAwD;AAA/C,6GAAA,YAAY,OAAA;AACrB,0DAAwD;AAA/C,6GAAA,YAAY,OAAA;AACrB,mDAAiD;AAAxC,yGAAA,UAAU,OAAA;AAEnB,mBAAmB;AACnB,uDAAmD;AAA1C,2GAAA,UAAU,OAAA;AACnB,6DAA0D;AAAjD,kHAAA,cAAc,OAAA;AACvB,+DAAgE;AAAvD,wHAAA,mBAAmB,OAAA;AAC5B,mDAA6D;AAApD,qHAAA,sBAAsB,OAAA;AAG/B,2EAA+F;AAAtF,+HAAA,oBAAoB,OAAA;AAAE,oHAAA,SAAS,OAAA;AAAE,sHAAA,WAAW,OAAA;AACrD,2DAAgE;AAAvD,wHAAA,qBAAqB,OAAA;AAE9B,2DAAgE;AAAvD,wHAAA,qBAAqB,OAAA;AAG9B,4CAA4C;AAC5C,2DAAyC;AACzC,uDAAqC;AACrC,qDAAmC;AAEnC,qCAAqC;AACrC,yCAKwB;AAJtB,yGAAA,eAAe,OAAA;AACf,2GAAA,iBAAiB,OAAA;AACjB,wGAAA,cAAc,OAAA;AACd,wGAAA,cAAc,OAAA;AAGhB,8BAA8B;AAC9B,2FAA2F;AAC3F,qCAuBmB;AAtBjB,yGAAA,cAAc,OAAA;AAEd,gHAAA,qBAAqB,OAAA;AACrB,uGAAA,YAAY,OAAA;AACZ,4GAAA,iBAAiB,OAAA;AACjB,2GAAA,gBAAgB,OAAA;AAChB,mGAAA,QAAQ,OAAA;AAIR,gHAAA,qBAAqB,OAAA;AACrB,8GAAA,mBAAmB,OAAA;AAEnB,yGAAA,cAAc,OAAA;AACd,2GAAA,gBAAgB,OAAA;AAEhB,0GAAA,eAAe,OAAA;AACf,wGAAA,aAAa,OAAA;AACb,4GAAA,iBAAiB,OAAA;AACjB,yGAAA,cAAc,OAAA;AACd,oHAAA,yBAAyB,OAAA;AACzB,oGAAA,SAAS,OAAA;AAWX,oCAAoC;AACpC,mDAA6D;AAApD,yGAAA,UAAU,OAAA;AAAE,yGAAA,UAAU,OAAA;AAc/B,+CAA+C;AAC/C,uEAAoG;AAA3F,iIAAA,wBAAwB,OAAA;AAAE,kIAAA,yBAAyB,OAAA;AAc5D,gDAAgD;AAChD,gFAA6E;AAApE,kIAAA,sBAAsB,OAAA"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Token validation service for local JWKS-based JWT verification
|
|
3
|
+
* Supports Keycloak and delegated OAuth providers with dual-layer caching
|
|
4
|
+
*/
|
|
5
|
+
import { TokenValidationOptions, TokenValidationResult, KeycloakConfig } from "../types/token-validation.types";
|
|
6
|
+
export declare class TokenValidationService {
|
|
7
|
+
private jwksCache;
|
|
8
|
+
private readonly JWKS_CACHE_TTL_MS;
|
|
9
|
+
private resultCache;
|
|
10
|
+
private readonly RESULT_CACHE_TTL_MS;
|
|
11
|
+
private keycloakConfig?;
|
|
12
|
+
constructor(keycloakConfig?: KeycloakConfig);
|
|
13
|
+
/**
|
|
14
|
+
* Set or update Keycloak configuration
|
|
15
|
+
* @param config - Keycloak configuration
|
|
16
|
+
*/
|
|
17
|
+
setKeycloakConfig(config: KeycloakConfig): void;
|
|
18
|
+
/**
|
|
19
|
+
* Validate token locally using JWKS
|
|
20
|
+
* @param token - JWT token to validate
|
|
21
|
+
* @param options - Validation options
|
|
22
|
+
* @returns Validation result with payload or error
|
|
23
|
+
*/
|
|
24
|
+
validateTokenLocal(token: string, options?: TokenValidationOptions): Promise<TokenValidationResult>;
|
|
25
|
+
/**
|
|
26
|
+
* Clear JWKS cache
|
|
27
|
+
* @param jwksUri - Specific URI to clear, or all if not provided
|
|
28
|
+
*/
|
|
29
|
+
clearCache(jwksUri?: string): void;
|
|
30
|
+
/**
|
|
31
|
+
* Clear validation result cache
|
|
32
|
+
*/
|
|
33
|
+
clearResultCache(): void;
|
|
34
|
+
/**
|
|
35
|
+
* Clear all caches (JWKS + results)
|
|
36
|
+
*/
|
|
37
|
+
clearAllCaches(): void;
|
|
38
|
+
private performValidation;
|
|
39
|
+
private determineTokenType;
|
|
40
|
+
private validateKeycloakToken;
|
|
41
|
+
private validateDelegatedToken;
|
|
42
|
+
private mapPayload;
|
|
43
|
+
private getJWKS;
|
|
44
|
+
private getTokenHash;
|
|
45
|
+
private getCachedResult;
|
|
46
|
+
private cacheResult;
|
|
47
|
+
private shouldCacheResult;
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=token-validation.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-validation.service.d.ts","sourceRoot":"","sources":["../../src/services/token-validation.service.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,OAAO,EAEL,sBAAsB,EACtB,qBAAqB,EAErB,cAAc,EAGf,MAAM,iCAAiC,CAAC;AAEzC,qBAAa,sBAAsB;IAEjC,OAAO,CAAC,SAAS,CAGb;IACJ,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAkB;IAGpD,OAAO,CAAC,WAAW,CAA2C;IAC9D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAa;IAEjD,OAAO,CAAC,cAAc,CAAC,CAAiB;gBAE5B,cAAc,CAAC,EAAE,cAAc;IAI3C;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAI/C;;;;;OAKG;IACG,kBAAkB,CACtB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,qBAAqB,CAAC;IA8BjC;;;OAGG;IACH,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI;IAQlC;;OAEG;IACH,gBAAgB,IAAI,IAAI;IAIxB;;OAEG;IACH,cAAc,IAAI,IAAI;YAOR,iBAAiB;IAyB/B,OAAO,CAAC,kBAAkB;YAWZ,qBAAqB;YAgDrB,sBAAsB;IAoDpC,OAAO,CAAC,UAAU;YAeJ,OAAO;IAerB,OAAO,CAAC,YAAY;IAMpB,OAAO,CAAC,eAAe;IAgBvB,OAAO,CAAC,WAAW;IAQnB,OAAO,CAAC,iBAAiB;CAU1B"}
|
|
@@ -0,0 +1,258 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Token validation service for local JWKS-based JWT verification
|
|
4
|
+
* Supports Keycloak and delegated OAuth providers with dual-layer caching
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.TokenValidationService = void 0;
|
|
8
|
+
const jose_1 = require("jose");
|
|
9
|
+
class TokenValidationService {
|
|
10
|
+
constructor(keycloakConfig) {
|
|
11
|
+
// JWKS cache: jwksUri -> { keySet, expiresAt }
|
|
12
|
+
this.jwksCache = new Map();
|
|
13
|
+
this.JWKS_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour
|
|
14
|
+
// Validation result cache: tokenHash -> { result, expiresAt }
|
|
15
|
+
this.resultCache = new Map();
|
|
16
|
+
this.RESULT_CACHE_TTL_MS = 60 * 1000; // 1 minute
|
|
17
|
+
this.keycloakConfig = keycloakConfig;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Set or update Keycloak configuration
|
|
21
|
+
* @param config - Keycloak configuration
|
|
22
|
+
*/
|
|
23
|
+
setKeycloakConfig(config) {
|
|
24
|
+
this.keycloakConfig = config;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Validate token locally using JWKS
|
|
28
|
+
* @param token - JWT token to validate
|
|
29
|
+
* @param options - Validation options
|
|
30
|
+
* @returns Validation result with payload or error
|
|
31
|
+
*/
|
|
32
|
+
async validateTokenLocal(token, options) {
|
|
33
|
+
try {
|
|
34
|
+
// 1. Check validation result cache (unless skipResultCache)
|
|
35
|
+
if (!options?.skipResultCache) {
|
|
36
|
+
const cached = this.getCachedResult(token);
|
|
37
|
+
if (cached) {
|
|
38
|
+
return { ...cached, cached: true };
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
// 2. Perform actual validation
|
|
42
|
+
const result = await this.performValidation(token, options);
|
|
43
|
+
// 3. Cache result (unless skipResultCache or shouldn't cache)
|
|
44
|
+
if (!options?.skipResultCache && this.shouldCacheResult(result)) {
|
|
45
|
+
this.cacheResult(token, result);
|
|
46
|
+
}
|
|
47
|
+
return result;
|
|
48
|
+
}
|
|
49
|
+
catch (error) {
|
|
50
|
+
const errorMessage = error instanceof Error ? error.message : "Token validation failed";
|
|
51
|
+
return {
|
|
52
|
+
valid: false,
|
|
53
|
+
tokenType: options?.tokenType || "auto",
|
|
54
|
+
error: errorMessage,
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Clear JWKS cache
|
|
60
|
+
* @param jwksUri - Specific URI to clear, or all if not provided
|
|
61
|
+
*/
|
|
62
|
+
clearCache(jwksUri) {
|
|
63
|
+
if (jwksUri) {
|
|
64
|
+
this.jwksCache.delete(jwksUri);
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
this.jwksCache.clear();
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Clear validation result cache
|
|
72
|
+
*/
|
|
73
|
+
clearResultCache() {
|
|
74
|
+
this.resultCache.clear();
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Clear all caches (JWKS + results)
|
|
78
|
+
*/
|
|
79
|
+
clearAllCaches() {
|
|
80
|
+
this.jwksCache.clear();
|
|
81
|
+
this.resultCache.clear();
|
|
82
|
+
}
|
|
83
|
+
// ==================== PRIVATE METHODS ====================
|
|
84
|
+
async performValidation(token, options) {
|
|
85
|
+
// Decode to get issuer (without verification)
|
|
86
|
+
const decoded = (0, jose_1.decodeJwt)(token);
|
|
87
|
+
const issuer = decoded.iss;
|
|
88
|
+
if (!issuer) {
|
|
89
|
+
return {
|
|
90
|
+
valid: false,
|
|
91
|
+
tokenType: "auto",
|
|
92
|
+
error: "Token missing issuer (iss) claim",
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
const tokenType = this.determineTokenType(issuer, options?.tokenType);
|
|
96
|
+
if (tokenType === "keycloak") {
|
|
97
|
+
return this.validateKeycloakToken(token, options);
|
|
98
|
+
}
|
|
99
|
+
else {
|
|
100
|
+
return this.validateDelegatedToken(token, issuer, options);
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
determineTokenType(issuer, hint) {
|
|
104
|
+
if (hint && hint !== "auto")
|
|
105
|
+
return hint;
|
|
106
|
+
if (this.keycloakConfig) {
|
|
107
|
+
const keycloakIssuer = `${this.keycloakConfig.authServerUrl}/realms/${this.keycloakConfig.realm}`;
|
|
108
|
+
if (issuer === keycloakIssuer)
|
|
109
|
+
return "keycloak";
|
|
110
|
+
}
|
|
111
|
+
return "delegated";
|
|
112
|
+
}
|
|
113
|
+
async validateKeycloakToken(token, options) {
|
|
114
|
+
if (!this.keycloakConfig) {
|
|
115
|
+
return {
|
|
116
|
+
valid: false,
|
|
117
|
+
tokenType: "keycloak",
|
|
118
|
+
error: "Keycloak not configured",
|
|
119
|
+
};
|
|
120
|
+
}
|
|
121
|
+
const jwksUri = `${this.keycloakConfig.authServerUrl}/realms/${this.keycloakConfig.realm}/protocol/openid-connect/certs`;
|
|
122
|
+
const expectedIssuer = `${this.keycloakConfig.authServerUrl}/realms/${this.keycloakConfig.realm}`;
|
|
123
|
+
try {
|
|
124
|
+
const jwks = await this.getJWKS(jwksUri);
|
|
125
|
+
const verifyOptions = {
|
|
126
|
+
issuer: expectedIssuer,
|
|
127
|
+
};
|
|
128
|
+
if (this.keycloakConfig.verifyAudience &&
|
|
129
|
+
this.keycloakConfig.clientId &&
|
|
130
|
+
!options?.skipAudienceValidation) {
|
|
131
|
+
verifyOptions.audience = this.keycloakConfig.clientId;
|
|
132
|
+
}
|
|
133
|
+
const { payload } = await (0, jose_1.jwtVerify)(token, jwks, verifyOptions);
|
|
134
|
+
return {
|
|
135
|
+
valid: true,
|
|
136
|
+
tokenType: "keycloak",
|
|
137
|
+
payload: this.mapPayload(payload),
|
|
138
|
+
};
|
|
139
|
+
}
|
|
140
|
+
catch (error) {
|
|
141
|
+
return {
|
|
142
|
+
valid: false,
|
|
143
|
+
tokenType: "keycloak",
|
|
144
|
+
error: error instanceof Error
|
|
145
|
+
? error.message
|
|
146
|
+
: "Keycloak token validation failed",
|
|
147
|
+
};
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
async validateDelegatedToken(token, issuer, options) {
|
|
151
|
+
let provider = null;
|
|
152
|
+
if (typeof options?.delegatedProvider === "function") {
|
|
153
|
+
provider = await options.delegatedProvider(issuer);
|
|
154
|
+
}
|
|
155
|
+
else if (options?.delegatedProvider) {
|
|
156
|
+
provider = options.delegatedProvider;
|
|
157
|
+
}
|
|
158
|
+
if (!provider) {
|
|
159
|
+
return {
|
|
160
|
+
valid: false,
|
|
161
|
+
tokenType: "delegated",
|
|
162
|
+
error: `No delegated provider configured for issuer: ${issuer}`,
|
|
163
|
+
};
|
|
164
|
+
}
|
|
165
|
+
try {
|
|
166
|
+
const jwks = await this.getJWKS(provider.jwksUri);
|
|
167
|
+
const verifyOptions = {
|
|
168
|
+
issuer: provider.issuer,
|
|
169
|
+
};
|
|
170
|
+
if (!options?.skipAudienceValidation && provider.audience) {
|
|
171
|
+
verifyOptions.audience = provider.audience;
|
|
172
|
+
}
|
|
173
|
+
const { payload } = await (0, jose_1.jwtVerify)(token, jwks, verifyOptions);
|
|
174
|
+
return {
|
|
175
|
+
valid: true,
|
|
176
|
+
tokenType: "delegated",
|
|
177
|
+
providerKey: provider.key,
|
|
178
|
+
payload: this.mapPayload(payload),
|
|
179
|
+
};
|
|
180
|
+
}
|
|
181
|
+
catch (error) {
|
|
182
|
+
return {
|
|
183
|
+
valid: false,
|
|
184
|
+
tokenType: "delegated",
|
|
185
|
+
providerKey: provider.key,
|
|
186
|
+
error: error instanceof Error
|
|
187
|
+
? error.message
|
|
188
|
+
: "Delegated token validation failed",
|
|
189
|
+
};
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
mapPayload(payload) {
|
|
193
|
+
return {
|
|
194
|
+
...payload,
|
|
195
|
+
sub: payload.sub,
|
|
196
|
+
iss: payload.iss,
|
|
197
|
+
email: payload.email,
|
|
198
|
+
preferredUsername: payload.preferred_username,
|
|
199
|
+
name: payload.name,
|
|
200
|
+
realmAccess: payload.realm_access,
|
|
201
|
+
resourceAccess: payload.resource_access,
|
|
202
|
+
};
|
|
203
|
+
}
|
|
204
|
+
async getJWKS(jwksUri) {
|
|
205
|
+
const cached = this.jwksCache.get(jwksUri);
|
|
206
|
+
if (cached && cached.expiresAt > Date.now()) {
|
|
207
|
+
return cached.keySet;
|
|
208
|
+
}
|
|
209
|
+
const keySet = (0, jose_1.createRemoteJWKSet)(new URL(jwksUri));
|
|
210
|
+
this.jwksCache.set(jwksUri, {
|
|
211
|
+
keySet,
|
|
212
|
+
expiresAt: Date.now() + this.JWKS_CACHE_TTL_MS,
|
|
213
|
+
});
|
|
214
|
+
return keySet;
|
|
215
|
+
}
|
|
216
|
+
getTokenHash(token) {
|
|
217
|
+
// Use first 16 + last 16 chars as pseudo-hash for cache key
|
|
218
|
+
if (token.length <= 32)
|
|
219
|
+
return token;
|
|
220
|
+
return `${token.slice(0, 16)}...${token.slice(-16)}`;
|
|
221
|
+
}
|
|
222
|
+
getCachedResult(token) {
|
|
223
|
+
const hash = this.getTokenHash(token);
|
|
224
|
+
const entry = this.resultCache.get(hash);
|
|
225
|
+
if (entry && entry.expiresAt > Date.now()) {
|
|
226
|
+
return entry.result;
|
|
227
|
+
}
|
|
228
|
+
// Clean up expired entry
|
|
229
|
+
if (entry) {
|
|
230
|
+
this.resultCache.delete(hash);
|
|
231
|
+
}
|
|
232
|
+
return null;
|
|
233
|
+
}
|
|
234
|
+
cacheResult(token, result) {
|
|
235
|
+
const hash = this.getTokenHash(token);
|
|
236
|
+
this.resultCache.set(hash, {
|
|
237
|
+
result,
|
|
238
|
+
expiresAt: Date.now() + this.RESULT_CACHE_TTL_MS,
|
|
239
|
+
});
|
|
240
|
+
}
|
|
241
|
+
shouldCacheResult(result) {
|
|
242
|
+
// Cache valid results and definitive invalid results
|
|
243
|
+
// Don't cache config errors (provider not found, etc.)
|
|
244
|
+
if (result.valid)
|
|
245
|
+
return true;
|
|
246
|
+
if (result.error?.includes("expired"))
|
|
247
|
+
return true;
|
|
248
|
+
if (result.error?.includes('"exp"'))
|
|
249
|
+
return true; // jose library format
|
|
250
|
+
if (result.error?.includes("signature"))
|
|
251
|
+
return true;
|
|
252
|
+
if (result.error?.includes("invalid"))
|
|
253
|
+
return true;
|
|
254
|
+
return false;
|
|
255
|
+
}
|
|
256
|
+
}
|
|
257
|
+
exports.TokenValidationService = TokenValidationService;
|
|
258
|
+
//# sourceMappingURL=token-validation.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-validation.service.js","sourceRoot":"","sources":["../../src/services/token-validation.service.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,+BAKc;AAWd,MAAa,sBAAsB;IAcjC,YAAY,cAA+B;QAb3C,+CAA+C;QACvC,cAAS,GAAG,IAAI,GAAG,EAGxB,CAAC;QACa,sBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;QAE9D,8DAA8D;QACtD,gBAAW,GAAG,IAAI,GAAG,EAAgC,CAAC;QAC7C,wBAAmB,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;QAK3D,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAED;;;OAGG;IACH,iBAAiB,CAAC,MAAsB;QACtC,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC;IAC/B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,kBAAkB,CACtB,KAAa,EACb,OAAgC;QAEhC,IAAI,CAAC;YACH,4DAA4D;YAC5D,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;gBAC3C,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;gBACrC,CAAC;YACH,CAAC;YAED,+BAA+B;YAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAE5D,8DAA8D;YAC9D,IAAI,CAAC,OAAO,EAAE,eAAe,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAClC,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAChB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC;YACrE,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,MAAM;gBACvC,KAAK,EAAE,YAAY;aACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAAgB;QACzB,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED,4DAA4D;IAEpD,KAAK,CAAC,iBAAiB,CAC7B,KAAa,EACb,OAAgC;QAEhC,8CAA8C;QAC9C,MAAM,OAAO,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;QAE3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,MAAM;gBACjB,KAAK,EAAE,kCAAkC;aAC1C,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAEtE,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,MAAc,EAAE,IAAgB;QACzD,IAAI,IAAI,IAAI,IAAI,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,cAAc,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,WAAW,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;YAClG,IAAI,MAAM,KAAK,cAAc;gBAAE,OAAO,UAAU,CAAC;QACnD,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,KAAK,CAAC,qBAAqB,CACjC,KAAa,EACb,OAAgC;QAEhC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,UAAU;gBACrB,KAAK,EAAE,yBAAyB;aACjC,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,WAAW,IAAI,CAAC,cAAc,CAAC,KAAK,gCAAgC,CAAC;QACzH,MAAM,cAAc,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,WAAW,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAElG,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,aAAa,GAA0C;gBAC3D,MAAM,EAAE,cAAc;aACvB,CAAC;YAEF,IACE,IAAI,CAAC,cAAc,CAAC,cAAc;gBAClC,IAAI,CAAC,cAAc,CAAC,QAAQ;gBAC5B,CAAC,OAAO,EAAE,sBAAsB,EAChC,CAAC;gBACD,aAAa,CAAC,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC;YACxD,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;YAEhE,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;aAClC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,UAAU;gBACrB,KAAK,EACH,KAAK,YAAY,KAAK;oBACpB,CAAC,CAAC,KAAK,CAAC,OAAO;oBACf,CAAC,CAAC,kCAAkC;aACzC,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAClC,KAAa,EACb,MAAc,EACd,OAAgC;QAEhC,IAAI,QAAQ,GAAmC,IAAI,CAAC;QAEpD,IAAI,OAAO,OAAO,EAAE,iBAAiB,KAAK,UAAU,EAAE,CAAC;YACrD,QAAQ,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC;aAAM,IAAI,OAAO,EAAE,iBAAiB,EAAE,CAAC;YACtC,QAAQ,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACvC,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,WAAW;gBACtB,KAAK,EAAE,gDAAgD,MAAM,EAAE;aAChE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClD,MAAM,aAAa,GAA0C;gBAC3D,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE,sBAAsB,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBAC1D,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC;YAC7C,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;YAEhE,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,SAAS,EAAE,WAAW;gBACtB,WAAW,EAAE,QAAQ,CAAC,GAAG;gBACzB,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;aAClC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,WAAW;gBACtB,WAAW,EAAE,QAAQ,CAAC,GAAG;gBACzB,KAAK,EACH,KAAK,YAAY,KAAK;oBACpB,CAAC,CAAC,KAAK,CAAC,OAAO;oBACf,CAAC,CAAC,mCAAmC;aAC1C,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,OAAgC;QACjD,OAAO;YACL,GAAG,OAAO;YACV,GAAG,EAAE,OAAO,CAAC,GAAa;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAa;YAC1B,KAAK,EAAE,OAAO,CAAC,KAA2B;YAC1C,iBAAiB,EAAE,OAAO,CAAC,kBAAwC;YACnE,IAAI,EAAE,OAAO,CAAC,IAA0B;YACxC,WAAW,EAAE,OAAO,CAAC,YAA+C;YACpE,cAAc,EAAE,OAAO,CAAC,eAEX;SACd,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,OAAe;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE;YAC1B,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB;SAC/C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,YAAY,CAAC,KAAa;QAChC,4DAA4D;QAC5D,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE;YAAE,OAAO,KAAK,CAAC;QACrC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACvD,CAAC;IAEO,eAAe,CAAC,KAAa;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEzC,IAAI,KAAK,IAAI,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC,MAAM,CAAC;QACtB,CAAC;QAED,yBAAyB;QACzB,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,WAAW,CAAC,KAAa,EAAE,MAA6B;QAC9D,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE;YACzB,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,mBAAmB;SACjD,CAAC,CAAC;IACL,CAAC;IAEO,iBAAiB,CAAC,MAA6B;QACrD,qDAAqD;QACrD,uDAAuD;QACvD,IAAI,MAAM,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAC9B,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,sBAAsB;QACxE,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QACrD,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AA5SD,wDA4SC"}
|
|
@@ -60,6 +60,13 @@ export interface MisoClientConfig {
|
|
|
60
60
|
authStrategy?: AuthStrategy;
|
|
61
61
|
clientTokenUri?: string;
|
|
62
62
|
allowedOrigins?: string[];
|
|
63
|
+
keycloak?: {
|
|
64
|
+
authServerUrl: string;
|
|
65
|
+
realm: string;
|
|
66
|
+
clientId?: string;
|
|
67
|
+
clientSecret?: string;
|
|
68
|
+
verifyAudience?: boolean;
|
|
69
|
+
};
|
|
63
70
|
}
|
|
64
71
|
export interface AuditConfig {
|
|
65
72
|
enabled?: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.types.d.ts","sourceRoot":"","sources":["../../src/types/config.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAClB,QAAQ,GACR,cAAc,GACd,oBAAoB,GACpB,SAAS,CAAC;AAEd;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,OAAO,EAAE,UAAU,EAAE,CAAC;IAEtB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAE/B,QAAQ,EAAE,MAAM,CAAC;IAKjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IAItB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAI7B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,oBAAoB,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAGrC,oBAAoB,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAG3E,KAAK,CAAC,EAAE,WAAW,CAAC;IAGpB,QAAQ,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAG/C,aAAa,CAAC,EAAE,MAAM,CAAC;IAGvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAGhB,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;IAGF,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAG/B,KAAK,CAAC,EAAE,WAAW,CAAC;IAKpB,UAAU,CAAC,EAAE,OAAO,CAAC;IAIrB,YAAY,CAAC,EAAE,YAAY,CAAC;IAG5B,cAAc,CAAC,EAAE,MAAM,CAAC;IAGxB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"config.types.d.ts","sourceRoot":"","sources":["../../src/types/config.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAClB,QAAQ,GACR,cAAc,GACd,oBAAoB,GACpB,SAAS,CAAC;AAEd;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,OAAO,EAAE,UAAU,EAAE,CAAC;IAEtB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAE/B,QAAQ,EAAE,MAAM,CAAC;IAKjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IAItB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAI7B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,oBAAoB,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAGrC,oBAAoB,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAG3E,KAAK,CAAC,EAAE,WAAW,CAAC;IAGpB,QAAQ,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAG/C,aAAa,CAAC,EAAE,MAAM,CAAC;IAGvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAGhB,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;IAGF,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAG/B,KAAK,CAAC,EAAE,WAAW,CAAC;IAKpB,UAAU,CAAC,EAAE,OAAO,CAAC;IAIrB,YAAY,CAAC,EAAE,YAAY,CAAC;IAG5B,cAAc,CAAC,EAAE,MAAM,CAAC;IAGxB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAG1B,QAAQ,CAAC,EAAE;QACT,aAAa,EAAE,MAAM,CAAC;QACtB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,aAAa,EAAE,OAAO,CAAC;IACvB,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAGlC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IAGxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IAEjB,IAAI,CAAC,EAAE;QACL,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE;QACJ,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,aAAa,CA8BpE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.types.js","sourceRoot":"","sources":["../../src/types/config.types.ts"],"names":[],"mappings":";AAAA;;GAEG;;
|
|
1
|
+
{"version":3,"file":"config.types.js","sourceRoot":"","sources":["../../src/types/config.types.ts"],"names":[],"mappings":";AAAA;;GAEG;;AA4PH,0CA8BC;AAjCD;;GAEG;AACH,SAAgB,eAAe,CAAC,IAAa;IAC3C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,GAAG,GAAG,IAA+B,CAAC;IAE5C,wBAAwB;IACxB,IACE,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;QAC1B,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAC/C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oCAAoC;IACpC,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uBAAuB;IACvB,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACnE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Token validation types for local JWKS-based JWT verification
|
|
3
|
+
* @module token-validation.types
|
|
4
|
+
*/
|
|
5
|
+
import { JWTPayload } from "jose";
|
|
6
|
+
/** Token type for validation routing */
|
|
7
|
+
export type TokenType = "keycloak" | "delegated" | "auto";
|
|
8
|
+
/** Keycloak server configuration for local token validation */
|
|
9
|
+
export interface KeycloakConfig {
|
|
10
|
+
/** Keycloak server URL (e.g., "https://keycloak.example.com") */
|
|
11
|
+
authServerUrl: string;
|
|
12
|
+
/** Keycloak realm name */
|
|
13
|
+
realm: string;
|
|
14
|
+
/** Client ID for audience validation (optional) */
|
|
15
|
+
clientId?: string;
|
|
16
|
+
/** Client secret for confidential clients (optional) */
|
|
17
|
+
clientSecret?: string;
|
|
18
|
+
/** Enable audience validation (default: false) */
|
|
19
|
+
verifyAudience?: boolean;
|
|
20
|
+
}
|
|
21
|
+
/** Configuration for delegated OAuth providers */
|
|
22
|
+
export interface DelegatedProviderConfig {
|
|
23
|
+
/** Provider identifier (e.g., "google", "github") */
|
|
24
|
+
key: string;
|
|
25
|
+
/** Expected issuer claim value */
|
|
26
|
+
issuer: string;
|
|
27
|
+
/** JWKS endpoint URL */
|
|
28
|
+
jwksUri: string;
|
|
29
|
+
/** Expected audience (optional) */
|
|
30
|
+
audience?: string;
|
|
31
|
+
}
|
|
32
|
+
/** Function to look up delegated provider by issuer */
|
|
33
|
+
export type DelegatedProviderLookup = (issuer: string) => Promise<DelegatedProviderConfig | null>;
|
|
34
|
+
/** Options for token validation */
|
|
35
|
+
export interface TokenValidationOptions {
|
|
36
|
+
/** Force token type detection */
|
|
37
|
+
tokenType?: TokenType;
|
|
38
|
+
/** Delegated provider config or lookup function */
|
|
39
|
+
delegatedProvider?: DelegatedProviderConfig | DelegatedProviderLookup;
|
|
40
|
+
/** Skip audience validation */
|
|
41
|
+
skipAudienceValidation?: boolean;
|
|
42
|
+
/** Skip validation result cache (for high-security scenarios) */
|
|
43
|
+
skipResultCache?: boolean;
|
|
44
|
+
}
|
|
45
|
+
/** Result of token validation */
|
|
46
|
+
export interface TokenValidationResult {
|
|
47
|
+
/** Whether token is valid */
|
|
48
|
+
valid: boolean;
|
|
49
|
+
/** Detected or specified token type */
|
|
50
|
+
tokenType: TokenType;
|
|
51
|
+
/** Decoded token payload (if valid) */
|
|
52
|
+
payload?: TokenPayload;
|
|
53
|
+
/** Error message (if invalid) */
|
|
54
|
+
error?: string;
|
|
55
|
+
/** Provider key for delegated tokens */
|
|
56
|
+
providerKey?: string;
|
|
57
|
+
/** True if result came from cache */
|
|
58
|
+
cached?: boolean;
|
|
59
|
+
}
|
|
60
|
+
/** JWT payload with common claims */
|
|
61
|
+
export interface TokenPayload extends JWTPayload {
|
|
62
|
+
/** Subject (user ID) */
|
|
63
|
+
sub: string;
|
|
64
|
+
/** Issuer */
|
|
65
|
+
iss: string;
|
|
66
|
+
/** User email (optional) */
|
|
67
|
+
email?: string;
|
|
68
|
+
/** Preferred username (optional) */
|
|
69
|
+
preferredUsername?: string;
|
|
70
|
+
/** Display name (optional) */
|
|
71
|
+
name?: string;
|
|
72
|
+
/** Keycloak realm roles (optional) */
|
|
73
|
+
realmAccess?: {
|
|
74
|
+
roles: string[];
|
|
75
|
+
};
|
|
76
|
+
/** Keycloak resource/client roles (optional) */
|
|
77
|
+
resourceAccess?: Record<string, {
|
|
78
|
+
roles: string[];
|
|
79
|
+
}>;
|
|
80
|
+
}
|
|
81
|
+
/** Internal cache entry for validation results */
|
|
82
|
+
export interface ValidationCacheEntry {
|
|
83
|
+
/** Cached result */
|
|
84
|
+
result: TokenValidationResult;
|
|
85
|
+
/** Expiration timestamp */
|
|
86
|
+
expiresAt: number;
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=token-validation.types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-validation.types.d.ts","sourceRoot":"","sources":["../../src/types/token-validation.types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAElC,wCAAwC;AACxC,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;AAE1D,+DAA+D;AAC/D,MAAM,WAAW,cAAc;IAC7B,iEAAiE;IACjE,aAAa,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wDAAwD;IACxD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kDAAkD;IAClD,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,kDAAkD;AAClD,MAAM,WAAW,uBAAuB;IACtC,qDAAqD;IACrD,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,wBAAwB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,uDAAuD;AACvD,MAAM,MAAM,uBAAuB,GAAG,CACpC,MAAM,EAAE,MAAM,KACX,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;AAE7C,mCAAmC;AACnC,MAAM,WAAW,sBAAsB;IACrC,iCAAiC;IACjC,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,mDAAmD;IACnD,iBAAiB,CAAC,EAAE,uBAAuB,GAAG,uBAAuB,CAAC;IACtE,+BAA+B;IAC/B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,iEAAiE;IACjE,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,iCAAiC;AACjC,MAAM,WAAW,qBAAqB;IACpC,6BAA6B;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,uCAAuC;IACvC,SAAS,EAAE,SAAS,CAAC;IACrB,uCAAuC;IACvC,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qCAAqC;AACrC,MAAM,WAAW,YAAa,SAAQ,UAAU;IAC9C,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,4BAA4B;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,oCAAoC;IACpC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,8BAA8B;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,WAAW,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAClC,gDAAgD;IAChD,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;CACtD;AAED,kDAAkD;AAClD,MAAM,WAAW,oBAAoB;IACnC,oBAAoB;IACpB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-validation.types.js","sourceRoot":"","sources":["../../src/types/token-validation.types.ts"],"names":[],"mappings":";AAAA;;;GAGG"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aifabrix/miso-client",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.4.0",
|
|
4
4
|
"description": "AI Fabrix Client SDK - Authentication, authorization, logging, and Express.js utilities",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -47,6 +47,7 @@
|
|
|
47
47
|
"axios": "^1.6.2",
|
|
48
48
|
"dotenv": "^17.2.3",
|
|
49
49
|
"ioredis": "^5.3.2",
|
|
50
|
+
"jose": "^5.9.6",
|
|
50
51
|
"jsonwebtoken": "^9.0.2"
|
|
51
52
|
},
|
|
52
53
|
"devDependencies": {
|
|
@@ -68,7 +69,8 @@
|
|
|
68
69
|
"files": [
|
|
69
70
|
"dist/",
|
|
70
71
|
"README.md",
|
|
71
|
-
"LICENSE"
|
|
72
|
+
"LICENSE",
|
|
73
|
+
"CHANGELOG.md"
|
|
72
74
|
],
|
|
73
75
|
"repository": {
|
|
74
76
|
"type": "git",
|