@commercetools/connect-payments-sdk 0.0.1 → 0.0.4

package/dist/errorx/errorx.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ErrorConcurrentModification = exports.ErrorResourceNotFound = exports.ErrorSyntaxError = exports.ErrorRequiredField = exports.ErrorReferencedResourceNotFound = exports.ErrorReferenceExists = exports.ErrorObjectNotFound = exports.ErrorMoneyOverflow = exports.ErrorInternalConstraintViolated = exports.ErrorInvalidField = exports.ErrorInvalidOperation = exports.ErrorInvalidJsonInput = exports.ErrorMissingProjectKey = exports.ErrorGeneral = exports.ErrorAuthErrorResponse = exports.MultiErrorx = exports.Errorx = void 0;
+exports.ErrorMissingAuthenticationInfo = exports.ErrorConcurrentModification = exports.ErrorResourceNotFound = exports.ErrorSyntaxError = exports.ErrorRequiredField = exports.ErrorReferencedResourceNotFound = exports.ErrorReferenceExists = exports.ErrorObjectNotFound = exports.ErrorMoneyOverflow = exports.ErrorInternalConstraintViolated = exports.ErrorInvalidField = exports.ErrorInvalidOperation = exports.ErrorInvalidJsonInput = exports.ErrorMissingProjectKey = exports.ErrorGeneral = exports.ErrorAuthErrorResponse = exports.MultiErrorx = exports.Errorx = void 0;
 /**
  * Errorx is a custom error class that extends the native Error class.
  */
@@ -59,11 +59,11 @@ exports.MultiErrorx = MultiErrorx;
  * }
  */
 class ErrorAuthErrorResponse extends Errorx {
-    constructor(additionalOpts) {
+    constructor(message, additionalOpts, code) {
         super({
-            code: 'AuthErrorResponse',
+            code: code || 'invalid_token',
             httpErrorStatus: 401,
-            message: 'Authentication error.',
+            message: message || 'Authentication error.',
             ...additionalOpts,
         });
     }
@@ -324,3 +324,14 @@ class ErrorConcurrentModification extends Errorx {
     }
 }
 exports.ErrorConcurrentModification = ErrorConcurrentModification;
+class ErrorMissingAuthenticationInfo extends Errorx {
+    constructor(additionalOpts) {
+        super({
+            code: 'MissingAuthenticationInfo',
+            httpErrorStatus: 400,
+            message: 'Not able to identify the user',
+            ...additionalOpts,
+        });
+    }
+}
+exports.ErrorMissingAuthenticationInfo = ErrorMissingAuthenticationInfo;

package/dist/index.d.ts

@@ -1,10 +1,9 @@
-/// <reference types="node" />
-import { RequestContextData, RequestContextProvider } from './api';
+import { JWTAuthenticationHook, Oauth2AuthenticationHook, RequestContextData, RequestContextProvider, SessionAuthenticationHook } from './api';
 import { DefaultCommercetoolsAPI } from './commercetools/api/root-api';
+import { DefaultAuthorizationService } from './commercetools/services/ct-authorization.service';
 import { DefaultCartService } from './commercetools/services/ct-cart.service';
 import { DefaultPaymentService } from './commercetools/services/ct-payment.service';
 import { Logger } from './logger';
-import { DefaultOauth2Service, DefaultSessionAuthenticator } from './security';
 export * from './api';
 export * from './commercetools';
 export * from './errorx';
@@ -14,9 +13,11 @@ export declare const setupPaymentSDK: (opts: {
     authUrl: string;
     apiUrl: string;
     sessionUrl: string;
+    jwksUrl: string;
     clientId: string;
     clientSecret: string;
     projectKey: string;
+    jwtIssuer: string;
     getContextFn: () => RequestContextData;
     updateContextFn: (ctx: Partial<RequestContextData>) => void;
     logger?: Logger | undefined;
@@ -24,10 +25,9 @@ export declare const setupPaymentSDK: (opts: {
     ctAPI: DefaultCommercetoolsAPI;
     ctCartService: DefaultCartService;
     ctPaymentService: DefaultPaymentService;
-    oauth2Service: DefaultOauth2Service;
-    sessionAuthenticator: DefaultSessionAuthenticator;
+    ctAuthorizationService: DefaultAuthorizationService;
     contextProvider: RequestContextProvider;
-    sessionAuthHookFn: (req: {
-        headers: import("http").IncomingHttpHeaders;
-    }) => Promise<void>;
+    sessionAuthHookFn: SessionAuthenticationHook;
+    jwtAuthHookFn: JWTAuthenticationHook;
+    oauth2AuthHookFn: Oauth2AuthenticationHook;
 };

package/dist/index.js

@@ -17,8 +17,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.setupPaymentSDK = void 0;
 const api_1 = require("./api");
 const root_api_1 = require("./commercetools/api/root-api");
+const ct_authorization_service_1 = require("./commercetools/services/ct-authorization.service");
 const ct_cart_service_1 = require("./commercetools/services/ct-cart.service");
 const ct_payment_service_1 = require("./commercetools/services/ct-payment.service");
+const ct_session_service_1 = require("./commercetools/services/ct-session.service");
 const base_decorator_1 = require("./fetch/decorators/base.decorator");
 const monitoring_decorator_1 = require("./fetch/decorators/monitoring.decorator");
 const security_1 = require("./security");
@@ -32,6 +34,8 @@ const setupPaymentSDK = (opts) => {
         getContextFn: opts.getContextFn,
         updateContextFn: opts.updateContextFn,
     });
+    const fetcher = new monitoring_decorator_1.MonitoringFetcherDecorator(new base_decorator_1.BasicFetcher(), contextProvider);
+    const decoratedFetch = fetcher.run.bind(fetcher);
     const ctAPI = new root_api_1.DefaultCommercetoolsAPI({
         apiUrl: opts.apiUrl,
         authUrl: opts.authUrl,
@@ -42,33 +46,55 @@ const setupPaymentSDK = (opts) => {
     });
     const ctCartService = new ct_cart_service_1.DefaultCartService({ ctAPI });
     const ctPaymentService = new ct_payment_service_1.DefaultPaymentService({ ctAPI });
-    const fetcher = new monitoring_decorator_1.MonitoringFetcherDecorator(new base_decorator_1.BasicFetcher(), contextProvider);
-    const decoratedFetch = fetcher.run.bind(fetcher);
-    const oauth2Service = new security_1.DefaultOauth2Service({
+    const ctAuthorizationService = new ct_authorization_service_1.DefaultAuthorizationService({
         authUrl: opts.authUrl,
+        clientId: opts.clientId,
+        clientSecret: opts.clientSecret,
         fetch: decoratedFetch,
-        logger: opts.logger,
     });
-    const sessionAuthenticator = new security_1.DefaultSessionAuthenticator({
+    const sessionService = new ct_session_service_1.DefaultSessionService({
+        authorizationService: ctAuthorizationService,
+        sessionUrl: opts.sessionUrl,
+        projectKey: opts.projectKey,
+    });
+    const oauth2Service = new security_1.DefaultOauth2Service();
+    const jwtService = new security_1.DefaultJWTService({
+        jwksUrl: opts.jwksUrl,
+    });
+    const sessionAuthenticationManager = new security_1.SessionAuthenticationManager({
+        sessionService,
+    });
+    const oauth2AuthenticationManager = new security_1.Oauth2AuthenticationManager({
         oauth2Service,
         clientId: opts.clientId,
         clientSecret: opts.clientSecret,
-        projectKey: opts.projectKey,
-        sessionUrl: opts.sessionUrl,
-        fetch: decoratedFetch,
+        authUrl: opts.authUrl,
+    });
+    const jwtAuthenticationManager = new security_1.JWTAuthenticationManager({
+        jwtService,
+        iss: opts.jwtIssuer,
     });
-    const sessionAuthHookFn = (0, api_1.sessionAuthHook)({
+    const sessionAuthHookFn = new api_1.SessionAuthenticationHook({
+        authenticationManager: sessionAuthenticationManager,
+        contextProvider,
+    });
+    const jwtAuthHookFn = new api_1.JWTAuthenticationHook({
+        authenticationManager: jwtAuthenticationManager,
+        contextProvider,
+    });
+    const oauth2AuthHookFn = new api_1.Oauth2AuthenticationHook({
+        authenticationManager: oauth2AuthenticationManager,
         contextProvider,
-        sessionAuthenticator,
     });
     return {
         ctAPI,
         ctCartService,
         ctPaymentService,
-        oauth2Service,
-        sessionAuthenticator,
+        ctAuthorizationService,
         contextProvider,
         sessionAuthHookFn,
+        jwtAuthHookFn,
+        oauth2AuthHookFn,
     };
 };
 exports.setupPaymentSDK = setupPaymentSDK;

package/dist/security/authn/authns.d.ts

@@ -0,0 +1,49 @@
+import { Authentication, HeaderPrincipal, JWTPrincipal, Oauth2Principal, SessionPrincipal } from './types/authn.type';
+export declare class SessionAuthentication implements Authentication<SessionPrincipal, string> {
+    private principal;
+    private authorities;
+    private sessionId;
+    private authenticated;
+    constructor(sessionId: string, principal: SessionPrincipal);
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getPrincipal(): SessionPrincipal;
+    getCredentials(): string;
+    isAuthenticated(): boolean;
+}
+export declare class HeaderBasedAuthentication implements Authentication<HeaderPrincipal, string> {
+    private authHeader;
+    constructor(authHeader: string);
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getCredentials(): string;
+    getPrincipal(): HeaderPrincipal;
+    isAuthenticated(): boolean;
+}
+export declare class Oauth2Authentication implements Authentication<Oauth2Principal, string> {
+    private principal;
+    private authorities;
+    private authenticated;
+    private accessToken;
+    constructor(accessToken: string, principal: Oauth2Principal);
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getPrincipal(): Oauth2Principal;
+    getCredentials(): string;
+    isAuthenticated(): boolean;
+}
+export declare class JWTAuthentication implements Authentication<JWTPrincipal, string> {
+    private principal;
+    private authenticated;
+    private jwt;
+    constructor(jwt: string, principal: JWTPrincipal);
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getPrincipal(): JWTPrincipal;
+    getCredentials(): string;
+    isAuthenticated(): boolean;
+}

package/dist/security/authn/authns.js

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWTAuthentication = exports.Oauth2Authentication = exports.HeaderBasedAuthentication = exports.SessionAuthentication = void 0;
+class SessionAuthentication {
+    principal;
+    authorities;
+    sessionId;
+    authenticated;
+    constructor(sessionId, principal) {
+        this.principal = principal;
+        this.sessionId = sessionId;
+        this.authenticated = true;
+    }
+    hasPrincipal() {
+        return this.getPrincipal() !== undefined;
+    }
+    getAuthorities() {
+        return this.authorities;
+    }
+    hasCredentials() {
+        return this.getCredentials() !== undefined;
+    }
+    getPrincipal() {
+        return this.principal;
+    }
+    getCredentials() {
+        return this.sessionId;
+    }
+    isAuthenticated() {
+        return this.authenticated;
+    }
+}
+exports.SessionAuthentication = SessionAuthentication;
+class HeaderBasedAuthentication {
+    authHeader;
+    constructor(authHeader) {
+        this.authHeader = authHeader;
+    }
+    hasPrincipal() {
+        return this.getPrincipal() != undefined;
+    }
+    getAuthorities() {
+        return [];
+    }
+    hasCredentials() {
+        return this.getCredentials() != undefined;
+    }
+    getCredentials() {
+        return this.authHeader;
+    }
+    getPrincipal() {
+        return {
+            authHeader: this.authHeader,
+        };
+    }
+    isAuthenticated() {
+        return false;
+    }
+}
+exports.HeaderBasedAuthentication = HeaderBasedAuthentication;
+class Oauth2Authentication {
+    principal;
+    authorities;
+    authenticated;
+    accessToken;
+    constructor(accessToken, principal) {
+        this.principal = principal;
+        this.authorities = principal.scope
+            .split(' ')
+            .map((scope) => scope.split(':')[0])
+            .filter((scope) => scope !== '');
+        this.authenticated = true;
+        this.accessToken = accessToken;
+    }
+    hasPrincipal() {
+        return this.getPrincipal() !== undefined;
+    }
+    getAuthorities() {
+        return this.authorities;
+    }
+    hasCredentials() {
+        return this.getCredentials() !== undefined;
+    }
+    getPrincipal() {
+        return this.principal;
+    }
+    getCredentials() {
+        return this.accessToken;
+    }
+    isAuthenticated() {
+        return this.authenticated;
+    }
+}
+exports.Oauth2Authentication = Oauth2Authentication;
+class JWTAuthentication {
+    principal;
+    authenticated;
+    jwt;
+    constructor(jwt, principal) {
+        this.principal = principal;
+        this.authenticated = true;
+        this.jwt = jwt;
+    }
+    hasPrincipal() {
+        return this.getPrincipal() !== undefined;
+    }
+    getAuthorities() {
+        return [];
+    }
+    hasCredentials() {
+        return this.getCredentials() !== undefined;
+    }
+    getPrincipal() {
+        return this.principal;
+    }
+    getCredentials() {
+        return this.jwt;
+    }
+    isAuthenticated() {
+        return this.authenticated;
+    }
+}
+exports.JWTAuthentication = JWTAuthentication;

package/dist/security/authn/bearer-utils.d.ts

@@ -0,0 +1 @@
+export declare const validateBearerAuthorization: (authorization: string | undefined) => string;

package/dist/security/authn/bearer-utils.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateBearerAuthorization = void 0;
+const errorx_1 = require("../../errorx");
+const validateBearerAuthorization = (authorization) => {
+    if (!authorization) {
+        throw new errorx_1.ErrorAuthErrorResponse('This endpoint requires the authorization header.', {
+            skipLog: true,
+        }, 'access_denied');
+    }
+    const authorizationParts = authorization.split(' ');
+    if (authorizationParts.length !== 2 || authorizationParts[0] !== 'Bearer') {
+        throw new errorx_1.ErrorAuthErrorResponse(`Authorization header must have the format 'Bearer <token>'`, {
+            skipLog: true,
+        }, 'invalid_request');
+    }
+    return authorizationParts[1];
+};
+exports.validateBearerAuthorization = validateBearerAuthorization;

package/dist/security/authn/jwt-authn-manager.d.ts

@@ -0,0 +1,12 @@
+import { JWTService } from '../services/types/jwt.type';
+import { HeaderBasedAuthentication, JWTAuthentication } from './authns';
+import { AuthenticationManager } from './types/authn.type';
+export declare class JWTAuthenticationManager implements AuthenticationManager {
+    private jwtService;
+    private iss;
+    constructor(opts: {
+        jwtService: JWTService;
+        iss: string;
+    });
+    authenticate(authentication: HeaderBasedAuthentication): Promise<JWTAuthentication>;
+}

package/dist/security/authn/jwt-authn-manager.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWTAuthenticationManager = void 0;
+const errorx_1 = require("../../errorx");
+const authns_1 = require("./authns");
+const bearer_utils_1 = require("./bearer-utils");
+class JWTAuthenticationManager {
+    jwtService;
+    iss;
+    constructor(opts) {
+        this.jwtService = opts.jwtService;
+        this.iss = opts.iss;
+    }
+    async authenticate(authentication) {
+        const principal = authentication.getPrincipal();
+        const token = (0, bearer_utils_1.validateBearerAuthorization)(principal.authHeader);
+        const decodedToken = (await this.jwtService.verify({
+            token,
+        }));
+        if (decodedToken.iss !== this.iss) {
+            throw new errorx_1.ErrorAuthErrorResponse('Issuer in the token does not match the expected issuer', {
+                privateFields: {
+                    expectedIssuer: this.iss,
+                    actualIssuer: decodedToken['iss'],
+                },
+            });
+        }
+        return new authns_1.JWTAuthentication(token, {
+            mcCustomerId: decodedToken['sub'],
+        });
+    }
+}
+exports.JWTAuthenticationManager = JWTAuthenticationManager;

package/dist/security/authn/oauth2-authn-manager.d.ts

@@ -0,0 +1,17 @@
+import { Oauth2Service } from '../services/types/oauth2.type';
+import { HeaderBasedAuthentication, Oauth2Authentication } from './authns';
+import { AuthenticationManager } from './types/authn.type';
+export declare class Oauth2AuthenticationManager implements AuthenticationManager {
+    private oauth2Service;
+    private clientId;
+    private clientSecret;
+    private authUrl;
+    constructor(opts: {
+        oauth2Service: Oauth2Service;
+        clientId: string;
+        clientSecret: string;
+        authUrl: string;
+    });
+    authenticate(authentication: HeaderBasedAuthentication): Promise<Oauth2Authentication>;
+    private searchPermission;
+}

package/dist/security/authn/oauth2-authn-manager.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Oauth2AuthenticationManager = void 0;
+const errorx_1 = require("../../errorx");
+const authns_1 = require("./authns");
+const bearer_utils_1 = require("./bearer-utils");
+class Oauth2AuthenticationManager {
+    oauth2Service;
+    clientId;
+    clientSecret;
+    authUrl;
+    constructor(opts) {
+        this.oauth2Service = opts.oauth2Service;
+        this.clientId = opts.clientId;
+        this.clientSecret = opts.clientSecret;
+        this.authUrl = opts.authUrl;
+    }
+    async authenticate(authentication) {
+        const principal = authentication.getPrincipal();
+        const authorizationHeader = principal.authHeader;
+        const token = (0, bearer_utils_1.validateBearerAuthorization)(authorizationHeader);
+        const tokenIntrospectionResponseData = await this.oauth2Service.introspectToken({
+            url: `${this.authUrl}/oauth/introspect`,
+            clientId: this.clientId,
+            clientSecret: this.clientSecret,
+            token,
+        });
+        if (!tokenIntrospectionResponseData.active) {
+            throw new errorx_1.ErrorAuthErrorResponse('invalid_token', {
+                skipLog: true,
+            });
+        }
+        const scopes = tokenIntrospectionResponseData.scope?.split(' ') ?? null;
+        if (!scopes) {
+            throw new errorx_1.ErrorAuthErrorResponse('Token has no scopes.', {
+                skipLog: true,
+            });
+        }
+        // Search for customer_id:<customer> scope
+        const customerPermission = this.searchPermission(scopes, 'customer_id');
+        // Search for anonymous_id:<anonymous> scope
+        const anonymousPermission = this.searchPermission(scopes, 'anonymous_id');
+        return new authns_1.Oauth2Authentication(token, {
+            scope: tokenIntrospectionResponseData.scope,
+            clientId: tokenIntrospectionResponseData.client_id,
+            customerId: customerPermission?.principal,
+            anonymousId: anonymousPermission?.principal,
+        });
+    }
+    searchPermission(scopes, ...permissions) {
+        for (const permission of permissions) {
+            // Search for customer_id:<customer> scope
+            const permissionIndex = scopes.findIndex((element) => element.startsWith(`${permission}`));
+            if (permissionIndex >= 0) {
+                const splitPermission = scopes[permissionIndex].split(':');
+                return {
+                    permission: splitPermission[0],
+                    principal: splitPermission[1],
+                };
+            }
+        }
+        return undefined;
+    }
+}
+exports.Oauth2AuthenticationManager = Oauth2AuthenticationManager;

package/dist/security/authn/session-authn-manager.d.ts

@@ -0,0 +1,10 @@
+import { AuthenticationManager } from './types/authn.type';
+import { HeaderBasedAuthentication, SessionAuthentication } from './authns';
+import { CommercetoolsSessionService } from '../../commercetools';
+export declare class SessionAuthenticationManager implements AuthenticationManager {
+    private sessionService;
+    constructor(opts: {
+        sessionService: CommercetoolsSessionService;
+    });
+    authenticate(authentication: HeaderBasedAuthentication): Promise<SessionAuthentication>;
+}

package/dist/security/authn/session-authn-manager.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionAuthenticationManager = void 0;
+const authns_1 = require("./authns");
+const errorx_1 = require("../../errorx");
+class SessionAuthenticationManager {
+    sessionService;
+    constructor(opts) {
+        this.sessionService = opts.sessionService;
+    }
+    async authenticate(authentication) {
+        const principal = authentication.getPrincipal();
+        try {
+            const session = await this.sessionService.verifySession(principal.authHeader);
+            return new authns_1.SessionAuthentication(principal.authHeader, {
+                cartId: this.sessionService.getCartFromSession(session),
+                allowedPaymentMethods: this.sessionService.getAllowedPaymentMethodsFromSession(session),
+            });
+        }
+        catch (e) {
+            throw new errorx_1.ErrorAuthErrorResponse('Session is not active');
+        }
+    }
+}
+exports.SessionAuthenticationManager = SessionAuthenticationManager;

package/dist/security/authn/types/authn.type.d.ts

@@ -0,0 +1,27 @@
+export interface AuthenticationManager {
+    authenticate(authentication: Authentication): Promise<Authentication> | Authentication;
+}
+export interface Authentication<Principal = unknown, Credentials = unknown> {
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getPrincipal(): Principal;
+    getCredentials(): Credentials;
+    isAuthenticated(): boolean;
+}
+export type HeaderPrincipal = {
+    authHeader: string;
+};
+export type SessionPrincipal = {
+    cartId: string;
+    allowedPaymentMethods: string[];
+};
+export type Oauth2Principal = {
+    clientId: string;
+    scope: string;
+    customerId?: string;
+    anonymousId?: string;
+};
+export type JWTPrincipal = {
+    mcCustomerId?: string;
+};

package/dist/security/authn/types/authn.type.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/security/index.d.ts

@@ -1,3 +1,7 @@
-export * from './auth/session.auth';
+export * from './authn/authns';
+export * from './authn/jwt-authn-manager';
+export * from './authn/oauth2-authn-manager';
+export * from './authn/session-authn-manager';
+export * from './authn/types/authn.type';
+export * from './services/jwt.service';
 export * from './services/oauth2.service';
-export * from './types/session.type';

package/dist/security/index.js

@@ -14,6 +14,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./auth/session.auth"), exports);
+__exportStar(require("./authn/authns"), exports);
+__exportStar(require("./authn/jwt-authn-manager"), exports);
+__exportStar(require("./authn/oauth2-authn-manager"), exports);
+__exportStar(require("./authn/session-authn-manager"), exports);
+__exportStar(require("./authn/types/authn.type"), exports);
+__exportStar(require("./services/jwt.service"), exports);
 __exportStar(require("./services/oauth2.service"), exports);
-__exportStar(require("./types/session.type"), exports);

package/dist/security/services/jwt.service.d.ts

@@ -0,0 +1,10 @@
+import { JWTService } from './types/jwt.type';
+export declare class DefaultJWTService implements JWTService {
+    private client;
+    constructor(opts: {
+        jwksUrl: string;
+    });
+    verify(opts: {
+        token: string | undefined;
+    }): Promise<unknown>;
+}

package/dist/security/services/jwt.service.js

@@ -0,0 +1,40 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultJWTService = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
+const errorx_1 = require("../../errorx");
+class DefaultJWTService {
+    client;
+    constructor(opts) {
+        this.client = (0, jwks_rsa_1.default)({
+            jwksUri: opts.jwksUrl,
+        });
+    }
+    async verify(opts) {
+        const getKey = (header, callback) => {
+            this.client.getSigningKey(header.kid, function (err, key) {
+                if (err) {
+                    return callback(err);
+                }
+                const signingKey = key.getPublicKey();
+                callback(null, signingKey);
+            });
+        };
+        return new Promise((resolve, reject) => {
+            if (!opts.token) {
+                throw new errorx_1.ErrorAuthErrorResponse('Token is missing');
+            }
+            jsonwebtoken_1.default.verify(opts.token, getKey, {}, function (err, decoded) {
+                if (err) {
+                    return reject(new errorx_1.ErrorAuthErrorResponse(err.message, { privateMessage: err.message, cause: err }));
+                }
+                return resolve(decoded);
+            });
+        });
+    }
+}
+exports.DefaultJWTService = DefaultJWTService;

package/dist/security/services/oauth2.service.d.ts

@@ -1,16 +1,9 @@
-import { Fetch } from '../../fetch/types/fetch.type';
-import { Logger } from '../../logger';
-import { GetAccessTokenParams, Oauth2Service, TokenResponse } from '../types/oauth2.type';
+import { Oauth2Service, TokenInfo } from './types/oauth2.type';
 export declare class DefaultOauth2Service implements Oauth2Service {
-    private authUrl;
-    private fetch;
-    private logger?;
-    constructor(opts: {
-        authUrl: string;
-        fetch: Fetch;
-        logger?: Logger;
-    });
-    private oauth2tokenCache;
-    private oauth2tokenKey;
-    getAccessToken(opts: GetAccessTokenParams): Promise<TokenResponse>;
+    introspectToken(opts: {
+        url: string;
+        clientId: string;
+        clientSecret: string;
+        token: string;
+    }): Promise<TokenInfo>;
 }