@authly/sdk 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/config.js
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.TokenExpiredError = exports.TokenInvalidError = exports.TokenError = exports.AuthlyError = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Base exception for all Authly errors.
|
|
6
|
+
*/
|
|
7
|
+
class AuthlyError extends Error {
|
|
8
|
+
constructor(message) {
|
|
9
|
+
super(message);
|
|
10
|
+
this.name = "AuthlyError";
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
exports.AuthlyError = AuthlyError;
|
|
14
|
+
/**
|
|
15
|
+
* Base exception for all token errors.
|
|
16
|
+
*/
|
|
17
|
+
class TokenError extends AuthlyError {
|
|
18
|
+
constructor(message) {
|
|
19
|
+
super(message);
|
|
20
|
+
this.name = "TokenError";
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.TokenError = TokenError;
|
|
24
|
+
/**
|
|
25
|
+
* Exception raised when a token is invalid:
|
|
26
|
+
* - bad signature
|
|
27
|
+
* - bad format
|
|
28
|
+
* - bad iss / aud
|
|
29
|
+
*/
|
|
30
|
+
class TokenInvalidError extends TokenError {
|
|
31
|
+
constructor(message) {
|
|
32
|
+
super(message);
|
|
33
|
+
this.name = "TokenInvalidError";
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
exports.TokenInvalidError = TokenInvalidError;
|
|
37
|
+
/**
|
|
38
|
+
* Exception raised when a token is expired.
|
|
39
|
+
*/
|
|
40
|
+
class TokenExpiredError extends TokenError {
|
|
41
|
+
constructor(message) {
|
|
42
|
+
super(message);
|
|
43
|
+
this.name = "TokenExpiredError";
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
exports.TokenExpiredError = TokenExpiredError;
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthlyClient = void 0;
|
|
4
|
+
const config_1 = require("../../config");
|
|
5
|
+
const JWTVerifier_1 = require("./internal/JWTVerifier");
|
|
6
|
+
/**
|
|
7
|
+
* A client for verifying Authly JWT tokens.
|
|
8
|
+
*
|
|
9
|
+
* This client handles the validation of tokens against a specific issuer and audience,
|
|
10
|
+
* fetching the public keys (JWKS) automatically.
|
|
11
|
+
*/
|
|
12
|
+
class AuthlyClient {
|
|
13
|
+
verifier;
|
|
14
|
+
serviceId;
|
|
15
|
+
issuer;
|
|
16
|
+
constructor(options) {
|
|
17
|
+
this.issuer = options.issuer.replace(/\/$/, "");
|
|
18
|
+
this.serviceId = options.serviceId;
|
|
19
|
+
const jwksPath = options.jwksPath || config_1.DEFAULT_JWKS_PATH;
|
|
20
|
+
this.verifier = new JWTVerifier_1.JWTVerifier({
|
|
21
|
+
issuer: this.issuer,
|
|
22
|
+
audience: options.audience,
|
|
23
|
+
jwksUrl: `${this.issuer}${jwksPath}`,
|
|
24
|
+
algorithms: options.algorithms,
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Verify a JWT token and return its decoded claims.
|
|
29
|
+
*
|
|
30
|
+
* This method verifies the token's signature using the provider's JWKS,
|
|
31
|
+
* and validates standard claims like expiration, issuer, and audience.
|
|
32
|
+
*
|
|
33
|
+
* @param token - The encoded JWT token string.
|
|
34
|
+
* @returns A promise that resolves to the token claims (e.g., sub, iss, aud).
|
|
35
|
+
* @throws {TokenExpiredError} If the token has expired.
|
|
36
|
+
* @throws {TokenInvalidError} If the token is invalid (e.g., bad signature, invalid audience).
|
|
37
|
+
*/
|
|
38
|
+
async verify(token) {
|
|
39
|
+
return this.verifier.verify(token);
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
exports.AuthlyClient = AuthlyClient;
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.JWTVerifier = void 0;
|
|
4
|
+
const jose_1 = require("jose");
|
|
5
|
+
const config_1 = require("../../../config");
|
|
6
|
+
const exceptions_1 = require("../../../exceptions");
|
|
7
|
+
/**
|
|
8
|
+
* Internal class for verifying JWT tokens using jose.
|
|
9
|
+
*/
|
|
10
|
+
class JWTVerifier {
|
|
11
|
+
issuer;
|
|
12
|
+
audience;
|
|
13
|
+
algorithms;
|
|
14
|
+
JWKS;
|
|
15
|
+
constructor(params) {
|
|
16
|
+
this.issuer = params.issuer;
|
|
17
|
+
this.audience = params.audience;
|
|
18
|
+
this.algorithms = params.algorithms || config_1.DEFAULT_ALGORITHMS;
|
|
19
|
+
this.JWKS = params.jwks || (0, jose_1.createRemoteJWKSet)(new URL(params.jwksUrl));
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Verify the JWT token and return its claims.
|
|
23
|
+
* @param token - The encoded JWT token string.
|
|
24
|
+
* @returns The decoded claims from the token.
|
|
25
|
+
* @throws {TokenExpiredError} If the token's exp claim is in the past.
|
|
26
|
+
* @throws {TokenInvalidError} If the token is otherwise invalid.
|
|
27
|
+
*/
|
|
28
|
+
async verify(token) {
|
|
29
|
+
try {
|
|
30
|
+
const options = {
|
|
31
|
+
issuer: this.issuer,
|
|
32
|
+
audience: this.audience,
|
|
33
|
+
algorithms: this.algorithms,
|
|
34
|
+
};
|
|
35
|
+
const { payload } = await (0, jose_1.jwtVerify)(token, this.JWKS, options);
|
|
36
|
+
return payload;
|
|
37
|
+
}
|
|
38
|
+
catch (error) {
|
|
39
|
+
if (error instanceof Error) {
|
|
40
|
+
const code = error.code;
|
|
41
|
+
if (code === "ERR_JWT_EXPIRED") {
|
|
42
|
+
throw new exceptions_1.TokenExpiredError("Token has expired");
|
|
43
|
+
}
|
|
44
|
+
if (code === "ERR_JWT_CLAIM_VALIDATION_FAILED" ||
|
|
45
|
+
code === "ERR_JWS_SIGNATURE_VERIFICATION_FAILED" ||
|
|
46
|
+
code === "ERR_JWS_INVALID" ||
|
|
47
|
+
code === "ERR_JWT_INVALID") {
|
|
48
|
+
throw new exceptions_1.TokenInvalidError(error.message || "Token validation failed");
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
throw new exceptions_1.TokenInvalidError("Invalid token");
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
exports.JWTVerifier = JWTVerifier;
|
package/dist/index.js
CHANGED
|
@@ -1,2 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
2
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./models/Claims"), exports);
|
|
18
|
+
__exportStar(require("./exceptions"), exports);
|
|
19
|
+
__exportStar(require("./globals/clients/AuthlyClient"), exports);
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@authly/sdk",
|
|
3
3
|
"description": "A library for building authentication systems using Authly.",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.1",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Anvoria",
|
|
7
7
|
"url": "https://github.com/Anvoria"
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
"license": "MIT",
|
|
10
10
|
"repository": {
|
|
11
11
|
"type": "git",
|
|
12
|
-
"url": "https://github.com/Anvoria/authly-sdk-ts.git"
|
|
12
|
+
"url": "git+https://github.com/Anvoria/authly-sdk-ts.git"
|
|
13
13
|
},
|
|
14
14
|
"homepage": "https://github.com/Anvoria/authly-sdk-ts",
|
|
15
15
|
"bugs": {
|
|
@@ -67,5 +67,8 @@
|
|
|
67
67
|
"tsx": "^4.21.0",
|
|
68
68
|
"typescript": "^5.9.3",
|
|
69
69
|
"typescript-eslint": "^8.50.0"
|
|
70
|
+
},
|
|
71
|
+
"dependencies": {
|
|
72
|
+
"jose": "^6.1.3"
|
|
70
73
|
}
|
|
71
74
|
}
|