@cemiar/auth-sdk 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/browser/CemiarAuthClient.js +5 -1
  2. package/dist/server/ServerHandler.js +8 -1
  3. package/dist/shared/Types.d.ts +1 -0
  4. package/dist/shared/models/RefreshPayload.d.ts +4 -0
  5. package/dist/shared/models/RefreshPayload.js +1 -0
  6. package/package.json +1 -1
package/dist/browser/CemiarAuthClient.js CHANGED
@@ -99,7 +99,11 @@ export class CemiarAuthClient {
99
99
  return `${this.baseUrl}/microsoft?${params.toString()}`;
100
100
  }
101
101
  async refreshToken() {
102
- const data = await this.authPost("/refresh", {}, true);
102
+ const refreshPayload = {
103
+ tenantId: this.tenantId,
104
+ auds: this.auds
105
+ };
106
+ const data = await this.authPost("/refresh", refreshPayload, true);
103
107
  const accessToken = extractAccessToken(data);
104
108
  this.setAccessToken(accessToken);
105
109
  return { accessToken };
package/dist/server/ServerHandler.js CHANGED
@@ -35,7 +35,7 @@ function createSigningKeyResolver(jwksUri, cacheMaxAgeMs) {
35
35
  }
36
36
  export async function registerCemiarAuthHapi(server, options) {
37
37
  var _a;
38
- const { authUrl, strategyName = "cemiar-jwt", algorithms = DEFAULT_ALGORITHMS, cacheMaxAgeMs = DEFAULT_CACHE_MAX_AGE, validate = defaultValidate } = options;
38
+ const { authUrl, auds, strategyName = "cemiar-jwt", algorithms = DEFAULT_ALGORITHMS, cacheMaxAgeMs = DEFAULT_CACHE_MAX_AGE, validate = defaultValidate } = options;
39
39
  const jwksUri = `${normalizeBaseUrl(authUrl)}/.well-known/jwks.json`;
40
40
  const { getKey } = createSigningKeyResolver(jwksUri, cacheMaxAgeMs);
41
41
  const pluginModule = await import("hapi-auth-jwt2");
@@ -47,6 +47,13 @@ export async function registerCemiarAuthHapi(server, options) {
47
47
  return { key };
48
48
  },
49
49
  validate: async (decoded, request, h) => {
50
+ const payload = decoded.payload;
51
+ const tokenAud = payload === null || payload === void 0 ? void 0 : payload.aud;
52
+ const tokenAuds = Array.isArray(tokenAud) ? tokenAud : tokenAud ? [tokenAud] : [];
53
+ const hasValidAud = tokenAuds.length > 0 && tokenAuds.every(aud => auds.includes(aud));
54
+ if (!hasValidAud) {
55
+ return { isValid: false };
56
+ }
50
57
  return validate(decoded, request, h);
51
58
  },
52
59
  verifyOptions: {
package/dist/shared/Types.d.ts CHANGED
@@ -68,6 +68,7 @@ export interface JwtValidateResult {
68
68
  export type JwtValidateFn = (decoded: JwtParts, request: Request, h: ResponseToolkit) => Promise<JwtValidateResult> | JwtValidateResult;
69
69
  export interface HapiJwtStrategyOptions {
70
70
  authUrl: string;
71
+ auds: string[];
71
72
  strategyName?: string;
72
73
  algorithms?: string[];
73
74
  cacheMaxAgeMs?: number;
package/dist/shared/models/RefreshPayload.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export interface RefreshPayload {
2
+ tenantId: string;
3
+ auds: string[];
4
+ }
package/dist/shared/models/RefreshPayload.js ADDED
@@ -0,0 +1 @@
1
+ export {};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cemiar/auth-sdk",
3
- "version": "1.0.5",
3
+ "version": "1.0.7",
4
4
  "description": "Cemiar Auth integration helpers for web apps and APIs.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",