@crossauth/backend 0.0.2

package/dist/oauth/resserver.d.ts

@@ -0,0 +1,43 @@
+import { OAuthTokenConsumer } from './tokenconsumer';
+
+/**
+ * Options for {@link OAuthResourceServer}
+ */
+export interface OAuthResourceServerOptions {
+}
+/**
+ * An OAuth resource server
+ *
+ * The purpose of this class is for validating access tokens
+ */
+export declare class OAuthResourceServer {
+    /** The token consumer that validates the access tokens.  Required */
+    tokenConsumers: {
+        [key: string]: OAuthTokenConsumer;
+    };
+    /**
+     * Constructor
+     * @param tokenConsumers one or more consumers that will process
+     *        the access tokens
+     * @param _options See {@link OAuthResourceServerOptions}.  Unused
+     *        at present
+     */
+    constructor(tokenConsumers: OAuthTokenConsumer[], _options?: OAuthResourceServerOptions);
+    /**
+     * Returns a token payload if the access token has a valid signature
+     * and the `type` claim in the payload is `access`, undefined otherwise.
+     *
+     * The `aud` token also has to match the `resourceServerName` value
+     * passed to the constructor.
+     *
+     * Doesn't throw exceptions.
+     *
+     * @param accessToken the access token JWT to validate
+     * @returns The JWT payload as an object or undefinedf if the JWT is
+     *          invalid
+     */
+    accessTokenAuthorized(accessToken: string): Promise<{
+        [key: string]: any;
+    } | undefined>;
+}
+//# sourceMappingURL=resserver.d.ts.map

package/dist/oauth/resserver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resserver.d.ts","sourceRoot":"","sources":["../../src/oauth/resserver.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAGrD;;GAEG;AACH,MAAM,WAAW,0BAA0B;CAC1C;AAED;;;;GAIG;AACH,qBAAa,mBAAmB;IAE5B,qEAAqE;IACrE,cAAc,EAAG;QAAC,CAAC,GAAG,EAAC,MAAM,GAAI,kBAAkB,CAAA;KAAC,CAAM;IAE1D;;;;;;OAMG;gBACS,cAAc,EAAG,kBAAkB,EAAE,EAAE,QAAQ,GAAG,0BAA+B;IAQ7F;;;;;;;;;;;;OAYG;IACG,qBAAqB,CAAC,WAAW,EAAE,MAAM,GACzC,OAAO,CAAC;QAAC,CAAC,GAAG,EAAC,MAAM,GAAG,GAAG,CAAA;KAAC,GAAC,SAAS,CAAC;CAY/C"}

package/dist/oauth/tests/common.d.ts

@@ -0,0 +1,58 @@
+import { OAuthAuthorizationServer } from '../authserver';
+import { InMemoryKeyStorage } from '../../storage/inmemorystorage';
+import { OAuthClientStorage } from '../../storage';
+import { OAuthClient } from '@crossauth/common';
+
+export declare function createClient(secretRequired?: boolean): Promise<{
+    clientStorage: OAuthClientStorage;
+    client: OAuthClient;
+}>;
+export declare function getAuthServer({ aud, persistAccessToken, emptyScopeIsValid, secretRequired, rollingRefreshToken, idTokenClaims, }?: {
+    challenge?: boolean;
+    aud?: string;
+    persistAccessToken?: boolean;
+    emptyScopeIsValid?: boolean;
+    secretRequired?: boolean;
+    rollingRefreshToken?: boolean;
+    idTokenClaims?: {
+        scope?: string | string[] | {
+            [key: string]: string;
+        };
+    };
+}): Promise<{
+    client: OAuthClient;
+    clientStorage: OAuthClientStorage;
+    authServer: OAuthAuthorizationServer;
+    keyStorage: InMemoryKeyStorage;
+    userStorage: import('../..').InMemoryUserStorage;
+}>;
+export declare function getAuthorizationCode({ challenge, aud, persistAccessToken, rollingRefreshToken, scopes, idTokenClaims, }?: {
+    challenge?: boolean;
+    aud?: string;
+    persistAccessToken?: boolean;
+    rollingRefreshToken?: boolean;
+    scopes?: string;
+    idTokenClaims?: {
+        [key: string]: string[] | {
+            [key: string]: string;
+        };
+    };
+}): Promise<{
+    code: string | undefined;
+    client: OAuthClient;
+    clientStorage: OAuthClientStorage;
+    authServer: OAuthAuthorizationServer;
+    keyStorage: InMemoryKeyStorage;
+}>;
+export declare function getAccessToken(): Promise<{
+    authServer: OAuthAuthorizationServer;
+    client: OAuthClient;
+    code: string | undefined;
+    clientStorage: OAuthClientStorage;
+    access_token: string | undefined;
+    error: string | undefined;
+    error_description: string | undefined;
+    refresh_token: string | undefined;
+    expires_in: number | undefined;
+}>;
+//# sourceMappingURL=common.d.ts.map

package/dist/oauth/tests/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/common.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,wBAAwB,EAAwC,MAAM,eAAe,CAAC;AAC/F,OAAO,EAA8B,kBAAkB,EAAqC,MAAM,+BAA+B,CAAC;AAClI,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAc,MAAM,mBAAmB,CAAC;AAK5D,wBAAsB,YAAY,CAAC,cAAc,UAAO,GAAI,OAAO,CAAC;IAAC,aAAa,EAAG,kBAAkB,CAAC;IAAC,MAAM,EAAG,WAAW,CAAA;CAAC,CAAC,CAkB9H;AAED,wBAAsB,aAAa,CAAC,EAChC,GAAG,EACH,kBAAkB,EAClB,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,aAAa,GACZ,GAAG;IACJ,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kBAAkB,CAAC,EAAG,OAAO,CAAC;IAC9B,iBAAiB,CAAC,EAAG,OAAO,CAAC;IAC7B,cAAc,CAAC,EAAG,OAAO,CAAC;IAC1B,mBAAmB,CAAC,EAAG,OAAO,CAAC;IAC/B,aAAa,CAAC,EAAI;QAAC,KAAK,CAAC,EAAG,MAAM,GAAC,MAAM,EAAE,GAAC;YAAC,CAAC,GAAG,EAAC,MAAM,GAAE,MAAM,CAAA;SAAC,CAAA;KAAC,CAAC;CACjE;;;;;;GAkCL;AAED,wBAAsB,oBAAoB,CAAC,EACvC,SAAS,EACT,GAAG,EACH,kBAAkB,EAClB,mBAAmB,EACnB,MAAqB,EACrB,aAAa,GAChB,GAAG;IAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kBAAkB,CAAC,EAAG,OAAO,CAAC;IAC9B,mBAAmB,CAAC,EAAG,OAAO,CAAC;IAC/B,MAAM,CAAC,EAAG,MAAM,CAAC;IACjB,aAAa,CAAC,EAAI;QAAC,CAAC,GAAG,EAAC,MAAM,GAAI,MAAM,EAAE,GAAC;YAAC,CAAC,GAAG,EAAC,MAAM,GAAE,MAAM,CAAA;SAAC,CAAA;KAAC,CAAC;CAC7D;;;;;;GAgCT;AAED,wBAAsB,cAAc;;;;;;;;;;GAUnC"}

package/dist/oauth/tests/oauthauthserver_authzcode.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauthauthserver_authzcode.test.d.ts.map

package/dist/oauth/tests/oauthauthserver_authzcode.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthauthserver_authzcode.test.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/oauthauthserver_authzcode.test.ts"],"names":[],"mappings":""}

package/dist/oauth/tests/oauthauthserver_clientcred.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauthauthserver_clientcred.test.d.ts.map

package/dist/oauth/tests/oauthauthserver_clientcred.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthauthserver_clientcred.test.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/oauthauthserver_clientcred.test.ts"],"names":[],"mappings":""}

package/dist/oauth/tests/oauthauthserver_device.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauthauthserver_device.test.d.ts.map

package/dist/oauth/tests/oauthauthserver_device.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthauthserver_device.test.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/oauthauthserver_device.test.ts"],"names":[],"mappings":""}

package/dist/oauth/tests/oauthauthserver_mfa.test.d.ts

@@ -0,0 +1,5 @@
+export declare var emailTokenData: {
+    to: string;
+    otp: string;
+};
+//# sourceMappingURL=oauthauthserver_mfa.test.d.ts.map

package/dist/oauth/tests/oauthauthserver_mfa.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthauthserver_mfa.test.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/oauthauthserver_mfa.test.ts"],"names":[],"mappings":"AAkBA,eAAO,IAAI,cAAc,EAAI;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,GAAG,EAAG,MAAM,CAAA;CAAC,CAAC"}

package/dist/oauth/tests/oauthauthserver_password.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauthauthserver_password.test.d.ts.map

package/dist/oauth/tests/oauthauthserver_password.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthauthserver_password.test.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/oauthauthserver_password.test.ts"],"names":[],"mappings":""}

package/dist/oauth/tests/oauthclient.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauthclient.test.d.ts.map

package/dist/oauth/tests/oauthclient.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthclient.test.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/oauthclient.test.ts"],"names":[],"mappings":""}

package/dist/oauth/tests/oauthresserver.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oauthresserver.test.d.ts.map

package/dist/oauth/tests/oauthresserver.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauthresserver.test.d.ts","sourceRoot":"","sources":["../../../src/oauth/tests/oauthresserver.test.ts"],"names":[],"mappings":""}

package/dist/oauth/tokenconsumer.d.ts

@@ -0,0 +1,80 @@
+import { KeyStorage } from '../storage';
+import { OAuthTokenConsumerBase, OAuthTokenConsumerBaseOptions } from '@crossauth/common';
+
+/**
+ * Options for {@link OAuthTokenConsumer}
+ */
+export interface OAuthTokenConsumerOptions extends OAuthTokenConsumerBaseOptions {
+    /** Whether to persist access tokens in key storage.  Default false.
+     *
+     * If you set this to true, you must also set `keyStorage`.
+     */
+    persistAccessToken?: boolean;
+    /** If persisting tokens, you need to provide a storage to persist them to */
+    keyStorage?: KeyStorage;
+    /** Filename with secret key if using a symmetric cipher for signing the
+     * JWT.  Either this or `jwtSecretKey` is required when using this kind
+     * of cipher */
+    jwtSecretKeyFile?: string;
+    /** Filename for the public key if using a public key cipher for signing the
+     * JWT.  Either this or `jwtPublicKey` is required when using this kind of
+     * cipher.  privateKey or privateKeyFile is also required. */
+    jwtPublicKeyFile?: string;
+    /**
+     * The aud claim needs to match this value.
+     * No default (required)
+     */
+    audience?: string;
+}
+/**
+ * This class validates access tokens.
+ *
+ * It is separated into its own class as the functionality is used in both
+ * the OAuth resource server and OAuth client
+ */
+export declare class OAuthTokenConsumer extends OAuthTokenConsumerBase {
+    /**
+     * Value passed to the constructor.  The `aud` claim must match it
+     */
+    protected readonly audience: string;
+    /**
+     * Value passed to the constructor. If true, access tokens are saved
+     * in storage,
+     */
+    protected readonly persistAccessToken = false;
+    private keyStorage?;
+    private jwtSecretKeyFile;
+    private jwtPublicKeyFile;
+    /**
+     * Constructor
+     *
+     * @param options see {@link OAuthTokenConsumerOptions}
+     */
+    constructor(options?: OAuthTokenConsumerOptions);
+    /**
+     * Uses {@link Crypto.hash} to hash the given string.
+     *
+     * @param plaintext the string to hash
+     * @returns Base64-url-encoded hash
+     */
+    hash(plaintext: string): Promise<string>;
+    /**
+     * If the given token is valid, the paylaod is returned.  Otherwise
+     * undefined is returned.
+     *
+     * The signature must be valid, the expiry must not have passed and,
+     * if `tokenType` is defined,. the `type` claim in the payload must
+     * match it.
+     *
+     * Doesn't throw exceptions.
+     *
+     * @param token The token to validate
+     * @param tokenType If defined, the `type` claim in the payload must
+     *        match this value
+     * @returns
+     */
+    tokenAuthorized(token: string, tokenType: "access" | "refresh" | "id"): Promise<{
+        [key: string]: any;
+    } | undefined>;
+}
+//# sourceMappingURL=tokenconsumer.d.ts.map

package/dist/oauth/tokenconsumer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenconsumer.d.ts","sourceRoot":"","sources":["../../src/oauth/tokenconsumer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAMxC,OAAO,EACH,sBAAsB,EACtB,KAAK,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,yBACb,SAAQ,6BAA6B;IAErC;;;OAGG;IACH,kBAAkB,CAAC,EAAG,OAAO,CAAC;IAE9B,6EAA6E;IAC7E,UAAU,CAAC,EAAG,UAAU,CAAC;IAEzB;;mBAEe;IACf,gBAAgB,CAAC,EAAG,MAAM,CAAC;IAE3B;;iEAE6D;IAC7D,gBAAgB,CAAC,EAAG,MAAM,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAG,MAAM,CAAC;CACtB;AAED;;;;;GAKG;AACH,qBAAa,kBAAmB,SAAQ,sBAAsB;IAE1D;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAG,MAAM,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,kBAAkB,SAAS;IAE9C,OAAO,CAAC,UAAU,CAAC,CAAc;IACjC,OAAO,CAAC,gBAAgB,CAAM;IAC9B,OAAO,CAAC,gBAAgB,CAAM;IAE9B;;;;OAIG;gBACS,OAAO,GAAG,yBAA8B;IAiDpD;;;;;OAKG;IACG,IAAI,CAAC,SAAS,EAAG,MAAM,GAAI,OAAO,CAAC,MAAM,CAAC;IAIhD;;;;;;;;;;;;;;OAcG;IACG,eAAe,CAAC,KAAK,EAAE,MAAM,EAC/B,SAAS,EAAE,QAAQ,GAAG,SAAS,GAAG,IAAI,GACtC,OAAO,CAAC;QAAC,CAAC,GAAG,EAAC,MAAM,GAAG,GAAG,CAAA;KAAC,GAAC,SAAS,CAAC;CAwB7C"}