@explorins/pers-shared 2.1.117 → 2.1.119
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/shared-lib/dto/auth/auth.dto.d.ts +6 -0
- package/dist/cjs/shared-lib/dto/auth/auth.dto.d.ts.map +1 -1
- package/dist/cjs/shared-lib/dto/auth/auth.dto.js +15 -2
- package/dist/cjs/shared-lib/dto/auth/auth.dto.js.map +1 -1
- package/dist/cjs/shared-lib/dto/tenant/tenant.dto.d.ts +2 -0
- package/dist/cjs/shared-lib/dto/tenant/tenant.dto.d.ts.map +1 -1
- package/dist/cjs/shared-lib/dto/tenant/tenant.dto.js +9 -0
- package/dist/cjs/shared-lib/dto/tenant/tenant.dto.js.map +1 -1
- package/dist/cjs/shared-lib/dto/tenant/tenantUpdate.request.dto.d.ts +11 -0
- package/dist/cjs/shared-lib/dto/tenant/tenantUpdate.request.dto.d.ts.map +1 -1
- package/dist/cjs/shared-lib/dto/tenant/tenantUpdate.request.dto.js +69 -1
- package/dist/cjs/shared-lib/dto/tenant/tenantUpdate.request.dto.js.map +1 -1
- package/dist/cjs/shared-lib/interfaces/external-token-issuer.interface.d.ts +65 -0
- package/dist/cjs/shared-lib/interfaces/external-token-issuer.interface.d.ts.map +1 -0
- package/dist/cjs/shared-lib/interfaces/external-token-issuer.interface.js +3 -0
- package/dist/cjs/shared-lib/interfaces/external-token-issuer.interface.js.map +1 -0
- package/dist/cjs/shared-lib/interfaces/index.d.ts +1 -0
- package/dist/cjs/shared-lib/interfaces/index.d.ts.map +1 -1
- package/dist/cjs/shared-lib/interfaces/index.js +1 -0
- package/dist/cjs/shared-lib/interfaces/index.js.map +1 -1
- package/dist/cjs/shared-lib/interfaces/jwt.payload.interface.d.ts +13 -0
- package/dist/cjs/shared-lib/interfaces/jwt.payload.interface.d.ts.map +1 -1
- package/dist/cjs/shared-lib/interfaces/jwt.payload.interface.js.map +1 -1
- package/dist/esm/shared-lib/dto/auth/auth.dto.d.ts +6 -0
- package/dist/esm/shared-lib/dto/auth/auth.dto.d.ts.map +1 -1
- package/dist/esm/shared-lib/dto/auth/auth.dto.js +15 -2
- package/dist/esm/shared-lib/dto/auth/auth.dto.js.map +1 -1
- package/dist/esm/shared-lib/dto/tenant/tenant.dto.d.ts +2 -0
- package/dist/esm/shared-lib/dto/tenant/tenant.dto.d.ts.map +1 -1
- package/dist/esm/shared-lib/dto/tenant/tenant.dto.js +8 -0
- package/dist/esm/shared-lib/dto/tenant/tenant.dto.js.map +1 -1
- package/dist/esm/shared-lib/dto/tenant/tenantUpdate.request.dto.d.ts +11 -0
- package/dist/esm/shared-lib/dto/tenant/tenantUpdate.request.dto.d.ts.map +1 -1
- package/dist/esm/shared-lib/dto/tenant/tenantUpdate.request.dto.js +63 -2
- package/dist/esm/shared-lib/dto/tenant/tenantUpdate.request.dto.js.map +1 -1
- package/dist/esm/shared-lib/interfaces/external-token-issuer.interface.d.ts +65 -0
- package/dist/esm/shared-lib/interfaces/external-token-issuer.interface.d.ts.map +1 -0
- package/dist/esm/shared-lib/interfaces/external-token-issuer.interface.js +2 -0
- package/dist/esm/shared-lib/interfaces/external-token-issuer.interface.js.map +1 -0
- package/dist/esm/shared-lib/interfaces/index.d.ts +1 -0
- package/dist/esm/shared-lib/interfaces/index.d.ts.map +1 -1
- package/dist/esm/shared-lib/interfaces/index.js +1 -0
- package/dist/esm/shared-lib/interfaces/index.js.map +1 -1
- package/dist/esm/shared-lib/interfaces/jwt.payload.interface.d.ts +13 -0
- package/dist/esm/shared-lib/interfaces/jwt.payload.interface.d.ts.map +1 -1
- package/dist/esm/shared-lib/interfaces/jwt.payload.interface.js.map +1 -1
- package/package.json +1 -1
|
@@ -18,6 +18,12 @@ export declare class AuthContextDTO implements AuthContext {
|
|
|
18
18
|
*
|
|
19
19
|
* Use the nested `context` object for explicit context selection
|
|
20
20
|
* when users have multiple memberships.
|
|
21
|
+
*
|
|
22
|
+
* THIRD-PARTY JWT REQUIREMENTS:
|
|
23
|
+
* When providing authToken from external providers, the JWT must include:
|
|
24
|
+
* - Header: kid (Key ID), alg (Algorithm: RS256/ES256/EdDSA)
|
|
25
|
+
* - Payload: iss (Issuer URL), sub (Subject), aud (Audience), exp, iat
|
|
26
|
+
* - Provider must expose JWKS at: {issuer}/.well-known/jwks.json
|
|
21
27
|
*/
|
|
22
28
|
export declare class SessionAuthRequestDTO {
|
|
23
29
|
authToken?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAG,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,iDAAiD,CAAC;AAG9E;;;;;GAKG;AACH,qBAAa,cAAe,YAAW,WAAW;IAQ9C,UAAU,CAAC,EAAE,MAAM,CAAC;IASpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED
|
|
1
|
+
{"version":3,"file":"auth.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAG,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,iDAAiD,CAAC;AAG9E;;;;;GAKG;AACH,qBAAa,cAAe,YAAW,WAAW;IAQ9C,UAAU,CAAC,EAAE,MAAM,CAAC;IASpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,qBAAqB;IAe9B,SAAS,CAAC,EAAE,MAAM,CAAC;IAQnB,QAAQ,CAAC,EAAE,gBAAgB,CAAyB;IASpD,OAAO,CAAC,EAAE,cAAc,CAAC;IAQzB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACtC;AAGD,qBAAa,sBAAsB;IAO/B,YAAY,EAAG,MAAM,CAAC;CACzB;AAGD,qBAAa,sBAAuB,SAAQ,sBAAsB;IAQ9D,WAAW,EAAE,MAAM,CAAM;CAExB;AAEL,qBAAa,6BAA8B,SAAQ,sBAAsB;IAKrE,KAAK,CAAC,EAAE,QAAQ,CAAC;IAMjB,IAAI,CAAC,EAAE,OAAO,CAAC;IAMf,QAAQ,CAAC,EAAE,WAAW,CAAC;IAQvB,QAAQ,EAAE,gBAAgB,CAAyB;CACtD"}
|
|
@@ -54,6 +54,12 @@ __decorate([
|
|
|
54
54
|
*
|
|
55
55
|
* Use the nested `context` object for explicit context selection
|
|
56
56
|
* when users have multiple memberships.
|
|
57
|
+
*
|
|
58
|
+
* THIRD-PARTY JWT REQUIREMENTS:
|
|
59
|
+
* When providing authToken from external providers, the JWT must include:
|
|
60
|
+
* - Header: kid (Key ID), alg (Algorithm: RS256/ES256/EdDSA)
|
|
61
|
+
* - Payload: iss (Issuer URL), sub (Subject), aud (Audience), exp, iat
|
|
62
|
+
* - Provider must expose JWKS at: {issuer}/.well-known/jwks.json
|
|
57
63
|
*/
|
|
58
64
|
class SessionAuthRequestDTO {
|
|
59
65
|
authToken;
|
|
@@ -64,8 +70,15 @@ class SessionAuthRequestDTO {
|
|
|
64
70
|
exports.SessionAuthRequestDTO = SessionAuthRequestDTO;
|
|
65
71
|
__decorate([
|
|
66
72
|
(0, swagger_1.ApiPropertyOptional)({
|
|
67
|
-
description:
|
|
68
|
-
|
|
73
|
+
description: `Authentication token from identity provider (WebAuthn, DFNS, Firebase, Auth0, etc.).
|
|
74
|
+
|
|
75
|
+
**Third-Party JWT Requirements:**
|
|
76
|
+
- **Header**: \`kid\` (Key ID matching JWKS), \`alg\` (RS256/ES256/EdDSA)
|
|
77
|
+
- **Payload Claims**: \`iss\` (issuer URL), \`sub\` (user ID), \`aud\` (audience), \`exp\`, \`iat\`
|
|
78
|
+
- **Provider Requirement**: Must expose JWKS at \`{issuer}/.well-known/jwks.json\`
|
|
79
|
+
|
|
80
|
+
PERS will automatically discover and fetch the issuer's public keys for verification.`,
|
|
81
|
+
example: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIn0.eyJpc3MiOiJodHRwczovL2lkcC5leGFtcGxlLmNvbSIsInN1YiI6InVzZXItMTIzIiwiYXVkIjoieW91ci1jbGllbnQtaWQiLCJleHAiOjE3MzM0MDAwMDAsImlhdCI6MTczMzM5NjQwMH0.signature',
|
|
69
82
|
type: String
|
|
70
83
|
}),
|
|
71
84
|
(0, decorators_1.OptionalStrip)(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAmE;AACnE,qDAA+E;AAC/E,yDAAyC;AACzC,+CAA2C;AAC3C,0CAA2C;AAC3C,qCAA8C;AAC9C,oCAAoC;AAEpC,iDAAiD;AAEjD;;;;;GAKG;AACH,MAAa,cAAc;IAQvB,UAAU,CAAU;IASpB,QAAQ,CAAU;CACrB;AAlBD,wCAkBC;AAVG;IAPC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,sGAAsG;QACnH,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,IAAA,0BAAa,GAAE;IACf,IAAA,0BAAQ,GAAE;;kDACS;AASpB;IAPC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,gGAAgG;QAC7G,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,IAAA,0BAAa,GAAE;IACf,IAAA,0BAAQ,GAAE;;gDACO;AAGtB
|
|
1
|
+
{"version":3,"file":"auth.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAmE;AACnE,qDAA+E;AAC/E,yDAAyC;AACzC,+CAA2C;AAC3C,0CAA2C;AAC3C,qCAA8C;AAC9C,oCAAoC;AAEpC,iDAAiD;AAEjD;;;;;GAKG;AACH,MAAa,cAAc;IAQvB,UAAU,CAAU;IASpB,QAAQ,CAAU;CACrB;AAlBD,wCAkBC;AAVG;IAPC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,sGAAsG;QACnH,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,IAAA,0BAAa,GAAE;IACf,IAAA,0BAAQ,GAAE;;kDACS;AASpB;IAPC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,gGAAgG;QAC7G,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,IAAA,0BAAa,GAAE;IACf,IAAA,0BAAQ,GAAE;;gDACO;AAGtB;;;;;;;;;;;GAWG;AACH,MAAa,qBAAqB;IAe9B,SAAS,CAAU;IAQnB,QAAQ,GAAsB,uBAAgB,CAAC,IAAI,CAAC;IASpD,OAAO,CAAkB;IAQzB,YAAY,CAAuB;CACtC;AAzCD,sDAyCC;AA1BG;IAdC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE;;;;;;;sFAOiE;QAC9E,OAAO,EAAE,mNAAmN;QAC5N,IAAI,EAAE,MAAM;KACf,CAAC;IACD,IAAA,0BAAa,GAAE;IACf,IAAA,0BAAQ,GAAE;;wDACQ;AAQnB;IANC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,iFAAiF;QAC9F,IAAI,EAAE,uBAAgB;KACzB,CAAC;IACD,IAAA,0BAAa,GAAE;IACf,IAAA,wBAAM,EAAC,uBAAgB,CAAC;;uDAC2B;AASpD;IAPC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,oHAAoH;QACjI,IAAI,EAAE,GAAG,EAAE,CAAC,cAAc;KAC7B,CAAC;IACD,IAAA,0BAAa,GAAE;IACf,IAAA,gCAAc,GAAE;IAChB,IAAA,wBAAI,EAAC,GAAG,EAAE,CAAC,cAAc,CAAC;8BACjB,cAAc;sDAAC;AAQzB;IANC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,uQAAuQ;QACpR,OAAO,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;QACnG,IAAI,EAAE,MAAM;KACf,CAAC;IACD,IAAA,0BAAa,GAAE;;2DACmB;AAIvC,MAAa,sBAAsB;IAO/B,YAAY,CAAU;CACzB;AARD,wDAQC;AADG;IANC,IAAA,qBAAW,EAAC;QACT,WAAW,EAAE,eAAe;QAC5B,OAAO,EAAE,sJAAsJ;KAClK,CAAC;IACD,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,GAAE;;4DACW;AAI1B,MAAa,sBAAuB,SAAQ,sBAAsB;IAQ9D,WAAW,GAAW,EAAE,CAAC;CAExB;AAVL,wDAUK;AAFD;IAPC,IAAA,qBAAW,EACR;QACI,WAAW,EAAE,uKAAuK;KACvL,CACJ;IACA,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,GAAE;;2DACc;AAI7B,MAAa,6BAA8B,SAAQ,sBAAsB;IAKrE,KAAK,CAAY;IAMjB,IAAI,CAAW;IAMf,QAAQ,CAAe;IAQvB,AADA,4BAA4B;IAC5B,QAAQ,GAAqB,uBAAgB,CAAC,IAAI,CAAC;CACtD;AA1BD,sEA0BC;AArBG;IAJC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,yCAAyC;QACtD,IAAI,EAAE,GAAG,EAAE,CAAC,gBAAQ;KACvB,CAAC;8BACM,gBAAQ;4DAAC;AAMjB;IAJC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,uCAAuC;QACpD,IAAI,EAAE,GAAG,EAAE,CAAC,kBAAO;KACtB,CAAC;8BACK,kBAAO;2DAAC;AAMf;IAJC,IAAA,6BAAmB,EAAC;QACjB,WAAW,EAAE,+CAA+C;QAC5D,IAAI,EAAE,GAAG,EAAE,CAAC,sBAAW;KAC1B,CAAC;8BACS,sBAAW;+DAAC;AAQvB;IANC,IAAA,qBAAW,EAAC;QACT,WAAW,EAAE,iFAAiF;QAC9F,0BAA0B;QAC1B,IAAI,EAAE,uBAAgB;KACzB,CAAC;IACF,4BAA4B;;;+DACuB"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { WalletManagementType } from "../../enum/wallet.enum";
|
|
2
|
+
import { ExternalTokenIssuerConfig } from "../../interfaces/external-token-issuer.interface";
|
|
2
3
|
export declare class TenantPublicDTO {
|
|
3
4
|
projectName: string;
|
|
4
5
|
acronym: string;
|
|
@@ -20,5 +21,6 @@ export declare class TenantDTO extends TenantPublicDTO {
|
|
|
20
21
|
defaultWalletManagementType: WalletManagementType;
|
|
21
22
|
ipfsGatewayDomain: string;
|
|
22
23
|
googleApiKey?: string;
|
|
24
|
+
allowedTokenIssuers: ExternalTokenIssuerConfig[];
|
|
23
25
|
}
|
|
24
26
|
//# sourceMappingURL=tenant.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenant.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"tenant.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAE7F,qBAAa,eAAe;IAK1B,WAAW,EAAE,MAAM,CAAM;IAMzB,OAAO,EAAE,MAAM,CAAM;IAMrB,EAAE,EAAE,MAAM,CAAM;IAMhB,SAAS,EAAE,IAAI,CAAa;IAM5B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAM3B,cAAc,CAAC,EAAE,MAAM,CAAA;IAMvB,YAAY,CAAC,EAAE,MAAM,CAAA;IAMrB,eAAe,CAAC,EAAE,MAAM,CAAA;IAMtB,aAAa,EAAE,MAAM,CAAK;CAC7B;AAED,qBAAa,SAAU,SAAQ,eAAe;IAQ1C,oBAAoB,EAAE,MAAM,CAAK;IAMjC,YAAY,CAAC,EAAE,MAAM,CAAA;IAMrB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAM5B,UAAU,CAAC,EAAE,MAAM,CAAA;IAMnB,+BAA+B,EAAE,OAAO,CAAQ;IAGhD,gBAAgB,CAAC,EAAE,MAAM,CAAA;IA2BzB,2BAA2B,EAAE,oBAAoB,CAAiC;IAQlF,iBAAiB,EAAE,MAAM,CAAwB;IAMjD,YAAY,CAAC,EAAE,MAAM,CAAA;IAMrB,mBAAmB,EAAE,yBAAyB,EAAE,CAAK;CACtD"}
|
|
@@ -12,6 +12,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
12
12
|
exports.TenantDTO = exports.TenantPublicDTO = void 0;
|
|
13
13
|
const swagger_1 = require("@nestjs/swagger");
|
|
14
14
|
const wallet_enum_1 = require("../../enum/wallet.enum");
|
|
15
|
+
const tenantUpdate_request_dto_1 = require("./tenantUpdate.request.dto");
|
|
15
16
|
class TenantPublicDTO {
|
|
16
17
|
projectName = '';
|
|
17
18
|
acronym = '';
|
|
@@ -113,6 +114,7 @@ class TenantDTO extends TenantPublicDTO {
|
|
|
113
114
|
defaultWalletManagementType = wallet_enum_1.WalletManagementType.CUSTODIAL;
|
|
114
115
|
ipfsGatewayDomain = 'pers.mypinata.cloud';
|
|
115
116
|
googleApiKey;
|
|
117
|
+
allowedTokenIssuers = [];
|
|
116
118
|
}
|
|
117
119
|
exports.TenantDTO = TenantDTO;
|
|
118
120
|
__decorate([
|
|
@@ -179,4 +181,11 @@ __decorate([
|
|
|
179
181
|
}),
|
|
180
182
|
__metadata("design:type", String)
|
|
181
183
|
], TenantDTO.prototype, "googleApiKey", void 0);
|
|
184
|
+
__decorate([
|
|
185
|
+
(0, swagger_1.ApiPropertyOptional)({
|
|
186
|
+
description: 'List of allowed external JWT token issuers for this tenant.',
|
|
187
|
+
type: [tenantUpdate_request_dto_1.ExternalTokenIssuerConfigDTO]
|
|
188
|
+
}),
|
|
189
|
+
__metadata("design:type", Array)
|
|
190
|
+
], TenantDTO.prototype, "allowedTokenIssuers", void 0);
|
|
182
191
|
//# sourceMappingURL=tenant.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenant.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAmE;AACnE,wDAA8D;
|
|
1
|
+
{"version":3,"file":"tenant.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAmE;AACnE,wDAA8D;AAE9D,yEAA0E;AAC1E,MAAa,eAAe;IAK1B,WAAW,GAAW,EAAE,CAAC;IAMzB,OAAO,GAAW,EAAE,CAAC;IAMrB,EAAE,GAAW,EAAE,CAAC;IAMhB,SAAS,GAAS,IAAI,IAAI,EAAE,CAAA;IAM5B,kBAAkB,CAAS;IAM3B,cAAc,CAAS;IAMvB,YAAY,CAAS;IAMrB,eAAe,CAAS;IAMtB,aAAa,GAAW,EAAE,CAAA;CAC7B;AAtDD,0CAsDC;AAjDC;IAJC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,qBAAqB;QAClC,IAAI,EAAE,MAAM;KACb,CAAC;;oDACuB;AAMzB;IAJC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,wBAAwB;QACrC,IAAI,EAAE,MAAM;KACb,CAAC;;gDACmB;AAMrB;IAJC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,qGAAqG;QAClH,IAAI,EAAE,MAAM;KACb,CAAC;;2CACc;AAMhB;IAJC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,+BAA+B;QAC5C,IAAI,EAAE,IAAI;KACX,CAAC;8BACS,IAAI;kDAAa;AAM5B;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,4BAA4B;QACzC,IAAI,EAAE,MAAM;KACb,CAAC;;2DACyB;AAM3B;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,wBAAwB;QACrC,IAAI,EAAE,MAAM;KACb,CAAC;;uDACqB;AAMvB;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,sBAAsB;QACnC,IAAI,EAAE,MAAM;KACb,CAAC;;qDACmB;AAMrB;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,0BAA0B;QACvC,IAAI,EAAE,MAAM;KACb,CAAC;;wDACsB;AAMtB;IAJD,IAAA,qBAAW,EAAC;QACT,WAAW,EAAE,qGAAqG;QAClH,IAAI,EAAE,MAAM;KACb,CAAC;;sDACwB;AAG9B,MAAa,SAAU,SAAQ,eAAe;IAQ1C,oBAAoB,GAAW,EAAE,CAAA;IAMjC,YAAY,CAAS;IAMrB,mBAAmB,CAAS;IAM5B,UAAU,CAAS;IAMnB,+BAA+B,GAAY,KAAK,CAAA;IAGhD,gBAAgB,CAAS;IAEzB;+BAC2B;IAE3B;;;;;;mBAMe;IAEf;;;;;;6BAMyB;IAQzB,2BAA2B,GAAyB,kCAAoB,CAAC,SAAS,CAAA;IAQlF,iBAAiB,GAAW,qBAAqB,CAAA;IAMjD,YAAY,CAAS;IAMrB,mBAAmB,GAAgC,EAAE,CAAA;CACtD;AAnFH,8BAmFG;AA3EC;IAJC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,sEAAsE;QACnF,IAAI,EAAE,MAAM;KACb,CAAC;;uDAC+B;AAMjC;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,4DAA4D;QACzE,IAAI,EAAE,MAAM;KACb,CAAC;;+CACmB;AAMrB;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,mEAAmE;QAChF,IAAI,EAAE,MAAM;KACb,CAAC;;sDAC0B;AAM5B;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,4EAA4E;QACzF,IAAI,EAAE,MAAM;KACb,CAAC;;6CACiB;AAMnB;IAJC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,4EAA4E;QACzF,IAAI,EAAE,OAAO;KACd,CAAC;;kEAC8C;AAGhD;IADC,IAAA,6BAAmB,GAAE;;mDACG;AA2BzB;IANC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,+QAA+Q;QAC5R,IAAI,EAAE,kCAAoB;QAC1B,OAAO,EAAE,kCAAoB,CAAC,SAAS;QACvC,IAAI,EAAE,MAAM;KACb,CAAC;;8DACgF;AAQlF;IANC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,gFAAgF;QAC7F,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,qBAAqB;QAC9B,OAAO,EAAE,qBAAqB;KAC/B,CAAC;;oDAC+C;AAMjD;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,sEAAsE;QACnF,IAAI,EAAE,MAAM;KACb,CAAC;;+CACmB;AAMrB;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,6DAA6D;QAC1E,IAAI,EAAE,CAAC,uDAA4B,CAAC;KACrC,CAAC;;sDACmD"}
|
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Validated External Token Issuer Config for API requests
|
|
3
|
+
*/
|
|
4
|
+
export declare class ExternalTokenIssuerConfigDTO {
|
|
5
|
+
issuer: string;
|
|
6
|
+
publicKey?: string;
|
|
7
|
+
jwksUri?: string;
|
|
8
|
+
allowUnverified?: boolean;
|
|
9
|
+
allowExpired?: boolean;
|
|
10
|
+
}
|
|
1
11
|
export declare class TenantUpdateRequestDTO {
|
|
2
12
|
projectName?: string;
|
|
3
13
|
projectDescription?: string;
|
|
@@ -10,5 +20,6 @@ export declare class TenantUpdateRequestDTO {
|
|
|
10
20
|
projectWebsite?: string;
|
|
11
21
|
projectEmail?: string;
|
|
12
22
|
projectImageUrl?: string;
|
|
23
|
+
allowedTokenIssuers?: ExternalTokenIssuerConfigDTO[];
|
|
13
24
|
}
|
|
14
25
|
//# sourceMappingURL=tenantUpdate.request.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenantUpdate.request.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tenantUpdate.request.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,qBAAa,4BAA4B;IAMrC,MAAM,EAAG,MAAM,CAAC;IAQhB,SAAS,CAAC,EAAE,MAAM,CAAC;IAQnB,OAAO,CAAC,EAAE,MAAM,CAAC;IAQjB,eAAe,CAAC,EAAE,OAAO,CAAC;IAQ1B,YAAY,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,qBAAa,sBAAsB;IAO/B,WAAW,CAAC,EAAE,MAAM,CAAA;IAMpB,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAI3B,YAAY,CAAC,EAAE,MAAM,CAAA;IAIrB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAI5B,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAI7B,UAAU,CAAC,EAAE,MAAM,CAAA;IAQnB,+BAA+B,CAAC,EAAE,OAAO,CAAA;IAIzC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAWzB,cAAc,CAAC,EAAE,MAAM,CAAA;IAKvB,YAAY,CAAC,EAAE,MAAM,CAAA;IAKrB,eAAe,CAAC,EAAE,MAAM,CAAA;IAUxB,mBAAmB,CAAC,EAAE,4BAA4B,EAAE,CAAA;CACrD"}
|
|
@@ -9,10 +9,66 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.TenantUpdateRequestDTO = void 0;
|
|
12
|
+
exports.TenantUpdateRequestDTO = exports.ExternalTokenIssuerConfigDTO = void 0;
|
|
13
13
|
const swagger_1 = require("@nestjs/swagger");
|
|
14
14
|
const class_validator_1 = require("class-validator");
|
|
15
|
+
const class_transformer_1 = require("class-transformer");
|
|
15
16
|
const decorators_1 = require("../../decorators");
|
|
17
|
+
/**
|
|
18
|
+
* Validated External Token Issuer Config for API requests
|
|
19
|
+
*/
|
|
20
|
+
class ExternalTokenIssuerConfigDTO {
|
|
21
|
+
issuer;
|
|
22
|
+
publicKey;
|
|
23
|
+
jwksUri;
|
|
24
|
+
allowUnverified;
|
|
25
|
+
allowExpired;
|
|
26
|
+
}
|
|
27
|
+
exports.ExternalTokenIssuerConfigDTO = ExternalTokenIssuerConfigDTO;
|
|
28
|
+
__decorate([
|
|
29
|
+
(0, swagger_1.ApiProperty)({
|
|
30
|
+
description: 'Issuer URL (must match token iss claim)',
|
|
31
|
+
example: 'https://login.example.com/tenant-id/v2.0/'
|
|
32
|
+
}),
|
|
33
|
+
(0, class_validator_1.IsString)(),
|
|
34
|
+
__metadata("design:type", String)
|
|
35
|
+
], ExternalTokenIssuerConfigDTO.prototype, "issuer", void 0);
|
|
36
|
+
__decorate([
|
|
37
|
+
(0, swagger_1.ApiPropertyOptional)({
|
|
38
|
+
description: 'PEM-encoded public key (skip JWKS fetch)',
|
|
39
|
+
example: '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----'
|
|
40
|
+
}),
|
|
41
|
+
(0, class_validator_1.IsOptional)(),
|
|
42
|
+
(0, class_validator_1.IsString)(),
|
|
43
|
+
__metadata("design:type", String)
|
|
44
|
+
], ExternalTokenIssuerConfigDTO.prototype, "publicKey", void 0);
|
|
45
|
+
__decorate([
|
|
46
|
+
(0, swagger_1.ApiPropertyOptional)({
|
|
47
|
+
description: 'Custom JWKS URI (override default discovery)',
|
|
48
|
+
example: 'https://login.example.com/.well-known/jwks.json'
|
|
49
|
+
}),
|
|
50
|
+
(0, class_validator_1.IsOptional)(),
|
|
51
|
+
(0, class_validator_1.IsUrl)(),
|
|
52
|
+
__metadata("design:type", String)
|
|
53
|
+
], ExternalTokenIssuerConfigDTO.prototype, "jwksUri", void 0);
|
|
54
|
+
__decorate([
|
|
55
|
+
(0, swagger_1.ApiPropertyOptional)({
|
|
56
|
+
description: 'Skip signature verification - use only for dev/testing',
|
|
57
|
+
default: false
|
|
58
|
+
}),
|
|
59
|
+
(0, class_validator_1.IsOptional)(),
|
|
60
|
+
(0, class_validator_1.IsBoolean)(),
|
|
61
|
+
__metadata("design:type", Boolean)
|
|
62
|
+
], ExternalTokenIssuerConfigDTO.prototype, "allowUnverified", void 0);
|
|
63
|
+
__decorate([
|
|
64
|
+
(0, swagger_1.ApiPropertyOptional)({
|
|
65
|
+
description: 'Allow expired tokens - use only for dev/testing',
|
|
66
|
+
default: false
|
|
67
|
+
}),
|
|
68
|
+
(0, class_validator_1.IsOptional)(),
|
|
69
|
+
(0, class_validator_1.IsBoolean)(),
|
|
70
|
+
__metadata("design:type", Boolean)
|
|
71
|
+
], ExternalTokenIssuerConfigDTO.prototype, "allowExpired", void 0);
|
|
16
72
|
class TenantUpdateRequestDTO {
|
|
17
73
|
projectName;
|
|
18
74
|
projectDescription;
|
|
@@ -29,6 +85,7 @@ class TenantUpdateRequestDTO {
|
|
|
29
85
|
projectWebsite;
|
|
30
86
|
projectEmail;
|
|
31
87
|
projectImageUrl;
|
|
88
|
+
allowedTokenIssuers;
|
|
32
89
|
}
|
|
33
90
|
exports.TenantUpdateRequestDTO = TenantUpdateRequestDTO;
|
|
34
91
|
__decorate([
|
|
@@ -98,4 +155,15 @@ __decorate([
|
|
|
98
155
|
(0, class_validator_1.IsUrl)(),
|
|
99
156
|
__metadata("design:type", String)
|
|
100
157
|
], TenantUpdateRequestDTO.prototype, "projectImageUrl", void 0);
|
|
158
|
+
__decorate([
|
|
159
|
+
(0, swagger_1.ApiPropertyOptional)({
|
|
160
|
+
description: 'List of allowed external JWT token issuers for this tenant. Each object must have an issuer URL.',
|
|
161
|
+
type: [ExternalTokenIssuerConfigDTO]
|
|
162
|
+
}),
|
|
163
|
+
(0, decorators_1.OptionalNullify)(),
|
|
164
|
+
(0, class_validator_1.IsArray)(),
|
|
165
|
+
(0, class_validator_1.ValidateNested)({ each: true }),
|
|
166
|
+
(0, class_transformer_1.Type)(() => ExternalTokenIssuerConfigDTO),
|
|
167
|
+
__metadata("design:type", Array)
|
|
168
|
+
], TenantUpdateRequestDTO.prototype, "allowedTokenIssuers", void 0);
|
|
101
169
|
//# sourceMappingURL=tenantUpdate.request.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenantUpdate.request.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"tenantUpdate.request.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAkE;AAClE,qDAA2G;AAC3G,yDAAyC;AACzC,iDAAmD;AAEnD;;GAEG;AACH,MAAa,4BAA4B;IAMrC,MAAM,CAAU;IAQhB,SAAS,CAAU;IAQnB,OAAO,CAAU;IAQjB,eAAe,CAAW;IAQ1B,YAAY,CAAW;CAC1B;AAvCD,oEAuCC;AAjCG;IALC,IAAA,qBAAW,EAAC;QACX,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,2CAA2C;KACrD,CAAC;IACD,IAAA,0BAAQ,GAAE;;4DACK;AAQhB;IANC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,2DAA2D;KACrE,CAAC;IACD,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,GAAE;;+DACQ;AAQnB;IANC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,8CAA8C;QAC3D,OAAO,EAAE,iDAAiD;KAC3D,CAAC;IACD,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,GAAE;;6DACS;AAQjB;IANC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,KAAK;KACf,CAAC;IACD,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,GAAE;;qEACc;AAQ1B;IANC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,iDAAiD;QAC9D,OAAO,EAAE,KAAK;KACf,CAAC;IACD,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,GAAE;;kEACW;AAG3B,MAAa,sBAAsB;IAO/B,WAAW,CAAS;IAMpB,kBAAkB,CAAS;IAI3B,YAAY,CAAS;IAIrB,mBAAmB,CAAS;IAI5B,oBAAoB,CAAS;IAI7B,UAAU,CAAS;IAQnB,+BAA+B,CAAU;IAIzC,gBAAgB,CAAS;IAEzB;kCAC8B;IAE9B;kCAC8B;IAK9B,cAAc,CAAS;IAKvB,YAAY,CAAS;IAKrB,eAAe,CAAS;IAUxB,mBAAmB,CAAiC;CACrD;AAzEH,wDAyEG;AAlEC;IALC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,kBAAkB;QAC/B,OAAO,EAAE,YAAY;KACtB,CAAC;IACD,IAAA,4BAAe,GAAE;;2DACE;AAMpB;IAJC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,yBAAyB;KACvC,CAAC;IACD,IAAA,4BAAe,GAAE;;kEACS;AAI3B;IAFC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;;4DACG;AAIrB;IAFC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;;mEACU;AAI5B;IAFC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;;oEACW;AAI7B;IAFC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;;0DACC;AAQnB;IANC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,4EAA4E;QACzF,IAAI,EAAE,OAAO;KACd,CAAC;IACD,IAAA,4BAAe,GAAE;IACjB,IAAA,2BAAS,GAAE;;+EAC6B;AAIzC;IAFC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;;gEACO;AAWzB;IAHC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;IACjB,IAAA,uBAAK,GAAE;;8DACe;AAKvB;IAHC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;IACjB,IAAA,yBAAO,GAAE;;4DACW;AAKrB;IAHC,IAAA,6BAAmB,GAAE;IACrB,IAAA,4BAAe,GAAE;IACjB,IAAA,uBAAK,GAAE;;+DACgB;AAUxB;IARC,IAAA,6BAAmB,EAAC;QACnB,WAAW,EAAE,kGAAkG;QAC/G,IAAI,EAAE,CAAC,4BAA4B,CAAC;KACrC,CAAC;IACD,IAAA,4BAAe,GAAE;IACjB,IAAA,yBAAO,GAAE;IACT,IAAA,gCAAc,EAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAA,wBAAI,EAAC,GAAG,EAAE,CAAC,4BAA4B,CAAC;;mEACW"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { BaseJwtClaims } from './jwt.payload.interface';
|
|
2
|
+
/**
|
|
3
|
+
* External Token Issuer Configuration
|
|
4
|
+
*
|
|
5
|
+
* Supports federated authentication with external identity providers (e.g., Azure AD B2C, Auth0, Okta).
|
|
6
|
+
*
|
|
7
|
+
* Verification priority:
|
|
8
|
+
* 1. If `allowUnverified` is true → Skip signature verification (⚠️ dev/testing only)
|
|
9
|
+
* 2. If `publicKey` is set → Use stored key directly (no network call)
|
|
10
|
+
* 3. If `jwksUri` is set → Fetch from custom JWKS endpoint
|
|
11
|
+
* 4. Else → Fetch from `{issuer}/.well-known/openid-configuration/jwks`
|
|
12
|
+
*
|
|
13
|
+
* @example Simple JWKS auto-discovery
|
|
14
|
+
* ```typescript
|
|
15
|
+
* { issuer: 'https://login.example.com/tenant-id/v2.0/' }
|
|
16
|
+
* ```
|
|
17
|
+
*
|
|
18
|
+
* @example With stored public key (no network call)
|
|
19
|
+
* ```typescript
|
|
20
|
+
* {
|
|
21
|
+
* issuer: 'https://internal-idp.example.com',
|
|
22
|
+
* publicKey: '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----'
|
|
23
|
+
* }
|
|
24
|
+
* ```
|
|
25
|
+
*
|
|
26
|
+
* @example Dev/testing only (skip verification)
|
|
27
|
+
* ```typescript
|
|
28
|
+
* {
|
|
29
|
+
* issuer: 'https://dev-idp.example.com',
|
|
30
|
+
* allowUnverified: true // ⚠️ NEVER use in production
|
|
31
|
+
* }
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
export interface ExternalTokenIssuerConfig {
|
|
35
|
+
/** Required: Issuer URL (must match token's `iss` claim) */
|
|
36
|
+
issuer: string;
|
|
37
|
+
/** Optional: PEM-encoded public key (skip JWKS fetch) */
|
|
38
|
+
publicKey?: string;
|
|
39
|
+
/** Optional: Custom JWKS URI (override default discovery) */
|
|
40
|
+
jwksUri?: string;
|
|
41
|
+
/** Optional: Skip signature verification - ⚠️ use only for dev/testing */
|
|
42
|
+
allowUnverified?: boolean;
|
|
43
|
+
/** Optional: Allow expired tokens - ⚠️ use only for dev/testing */
|
|
44
|
+
allowExpired?: boolean;
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* External JWT Payload interface for third-party tokens (e.g., Azure B2C, Auth0, Okta)
|
|
48
|
+
*
|
|
49
|
+
* Extends BaseJwtClaims with common external provider claims.
|
|
50
|
+
*/
|
|
51
|
+
export interface ExternalJwtPayload extends BaseJwtClaims {
|
|
52
|
+
email?: string;
|
|
53
|
+
emails?: string[];
|
|
54
|
+
name?: string;
|
|
55
|
+
given_name?: string;
|
|
56
|
+
family_name?: string;
|
|
57
|
+
preferred_username?: string;
|
|
58
|
+
oid?: string;
|
|
59
|
+
tid?: string;
|
|
60
|
+
firstName?: string;
|
|
61
|
+
lastName?: string;
|
|
62
|
+
externalId?: string;
|
|
63
|
+
[key: string]: any;
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=external-token-issuer.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"external-token-issuer.interface.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/external-token-issuer.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,WAAW,yBAAyB;IACxC,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IAEf,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,0EAA0E;IAC1E,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,mEAAmE;IACnE,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,kBAAmB,SAAQ,aAAa;IAEvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IAGb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"external-token-issuer.interface.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/external-token-issuer.interface.ts"],"names":[],"mappings":""}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":"AACA,cAAc,kCAAkC,CAAC;AACjD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,0CAA0C,CAAC;AACzD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,kCAAkC,CAAC;AAEjD,cAAc,yBAAyB,CAAC;AAExC,cAAc,4CAA4C,CAAC;AAE3D,cAAc,YAAY,CAAC;AAE3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AAEnD,cAAc,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":"AACA,cAAc,kCAAkC,CAAC;AACjD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,0CAA0C,CAAC;AACzD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,kCAAkC,CAAC;AAEjD,cAAc,yBAAyB,CAAC;AAExC,cAAc,4CAA4C,CAAC;AAE3D,cAAc,YAAY,CAAC;AAE3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AAEjC,cAAc,mCAAmC,CAAC"}
|
|
@@ -37,4 +37,5 @@ __exportStar(require("./campaign"), exports);
|
|
|
37
37
|
__exportStar(require("./ai-prompt-config.interface"), exports);
|
|
38
38
|
__exportStar(require("./balance-filter-options.interface"), exports);
|
|
39
39
|
__exportStar(require("./ws-relay.types"), exports);
|
|
40
|
+
__exportStar(require("./external-token-issuer.interface"), exports);
|
|
40
41
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAAkD;AAClD,mEAAiD;AACjD,uEAAqD;AACrD,iEAA+C;AAC/C,iEAA+C;AAC/C,0DAAwC;AACxC,+DAA6C;AAC7C,2EAAyD;AACzD,iEAA+C;AAC/C,qDAAmC;AACnC,gEAA8C;AAC9C,kEAAgD;AAChD,sEAAoD;AACpD,8DAA4C;AAC5C,kEAAgD;AAChD,4EAA0D;AAC1D,mEAAiD;AAEjD,0DAAwC;AAExC,6EAA2D;AAE3D,6CAA2B;AAE3B,+DAA6C;AAC7C,qEAAmD;AAEnD,mDAAiC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAAkD;AAClD,mEAAiD;AACjD,uEAAqD;AACrD,iEAA+C;AAC/C,iEAA+C;AAC/C,0DAAwC;AACxC,+DAA6C;AAC7C,2EAAyD;AACzD,iEAA+C;AAC/C,qDAAmC;AACnC,gEAA8C;AAC9C,kEAAgD;AAChD,sEAAoD;AACpD,8DAA4C;AAC5C,kEAAgD;AAChD,4EAA0D;AAC1D,mEAAiD;AAEjD,0DAAwC;AAExC,6EAA2D;AAE3D,6CAA2B;AAE3B,+DAA6C;AAC7C,qEAAmD;AAEnD,mDAAiC;AAEjC,oEAAkD"}
|
|
@@ -28,6 +28,19 @@ export interface PasskeyTokenPayload {
|
|
|
28
28
|
exp?: number;
|
|
29
29
|
[key: string]: any;
|
|
30
30
|
}
|
|
31
|
+
/**
|
|
32
|
+
* Base JWT claims (RFC 7519) - all optional for maximum flexibility
|
|
33
|
+
* Use this as base for external/third-party token payloads
|
|
34
|
+
*/
|
|
35
|
+
export interface BaseJwtClaims {
|
|
36
|
+
iss?: string;
|
|
37
|
+
sub?: string;
|
|
38
|
+
aud?: string | string[];
|
|
39
|
+
exp?: number;
|
|
40
|
+
iat?: number;
|
|
41
|
+
nbf?: number;
|
|
42
|
+
jti?: string;
|
|
43
|
+
}
|
|
31
44
|
interface BaseJWTPayload {
|
|
32
45
|
iss?: string;
|
|
33
46
|
aud?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.payload.interface.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACpH,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,cAAc,GAAG,cAAc,GAAG,mBAAmB,GAAG,iBAAiB,CAAC;AAE5G,UAAU,iBAAkB,SAAQ,cAAc;IAC9C,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KAClB,CAAC;IACF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAEH,UAAU,cAAc;IAEpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAGD,UAAU,kBAAmB,SAAQ,cAAc;IAE/C,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;CACtB;AAGD,MAAM,WAAW,cAAe,SAAQ,kBAAkB;IACtD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,GAAG,qBAAqB,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAC;IAIxB,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAK1B,IAAI,CAAC,EAAE,cAAc,CAAC;IAOtB,GAAG,CAAC,EAAE,MAAM,CAAC;IAGb,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,GAAG,CAAC,EAAE;QACF,GAAG,EAAE,MAAM,CAAC;KACf,CAAC;CACL;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAA;IAEvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,oBAAoB,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAG/B,WAAW,EAAE,MAAM,EAAE,CAAC;CACzB;AAGD,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC,oBAAoB,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IAGjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACvB;AAOD,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,iBAAiB,CAAC;AAO9G,wBAAgB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,cAAc,CAEhF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,iBAAiB,CAEtF;AAGD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,IAAI,cAAc,CAExE"}
|
|
1
|
+
{"version":3,"file":"jwt.payload.interface.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACpH,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,cAAc,GAAG,cAAc,GAAG,mBAAmB,GAAG,iBAAiB,CAAC;AAE5G,UAAU,iBAAkB,SAAQ,cAAc;IAC9C,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KAClB,CAAC;IACF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAEH;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,cAAc;IAEpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAGD,UAAU,kBAAmB,SAAQ,cAAc;IAE/C,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;CACtB;AAGD,MAAM,WAAW,cAAe,SAAQ,kBAAkB;IACtD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,GAAG,qBAAqB,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAC;IAIxB,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAK1B,IAAI,CAAC,EAAE,cAAc,CAAC;IAOtB,GAAG,CAAC,EAAE,MAAM,CAAC;IAGb,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,GAAG,CAAC,EAAE;QACF,GAAG,EAAE,MAAM,CAAC;KACf,CAAC;CACL;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAA;IAEvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,oBAAoB,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAG/B,WAAW,EAAE,MAAM,EAAE,CAAC;CACzB;AAGD,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC,oBAAoB,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IAGjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACvB;AAOD,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,iBAAiB,CAAC;AAO9G,wBAAgB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,cAAc,CAEhF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,iBAAiB,CAEtF;AAGD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,IAAI,cAAc,CAExE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.payload.interface.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"jwt.payload.interface.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":";;AAoJA,sCAEC;AAED,kDAEC;AAED,kDAEC;AAED,4CAEC;AAGD,4CAEC;AAxBD,8CAA8C;AAC9C,0BAA0B;AAC1B,8CAA8C;AAE9C,uBAAuB;AACvB,SAAgB,aAAa,CAAC,OAAuB;IACjD,OAAO,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,IAAI,OAAO,CAAC,CAAC;AACrG,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAAuB;IACvD,OAAO,eAAe,IAAI,OAAO,IAAI,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC,CAAC;AACrE,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAAuB;IACvD,OAAO,aAAa,IAAI,OAAO,CAAC;AACpC,CAAC;AAED,SAAgB,gBAAgB,CAAC,OAAuB;IACpD,OAAO,WAAW,IAAI,OAAO,IAAI,WAAW,IAAI,OAAO,CAAC;AAC5D,CAAC;AAED,uCAAuC;AACvC,SAAgB,gBAAgB,CAAC,OAAY;IACzC,OAAO,MAAM,IAAI,OAAO,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC;AACjE,CAAC"}
|
|
@@ -18,6 +18,12 @@ export declare class AuthContextDTO implements AuthContext {
|
|
|
18
18
|
*
|
|
19
19
|
* Use the nested `context` object for explicit context selection
|
|
20
20
|
* when users have multiple memberships.
|
|
21
|
+
*
|
|
22
|
+
* THIRD-PARTY JWT REQUIREMENTS:
|
|
23
|
+
* When providing authToken from external providers, the JWT must include:
|
|
24
|
+
* - Header: kid (Key ID), alg (Algorithm: RS256/ES256/EdDSA)
|
|
25
|
+
* - Payload: iss (Issuer URL), sub (Subject), aud (Audience), exp, iat
|
|
26
|
+
* - Provider must expose JWKS at: {issuer}/.well-known/jwks.json
|
|
21
27
|
*/
|
|
22
28
|
export declare class SessionAuthRequestDTO {
|
|
23
29
|
authToken?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAG,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,iDAAiD,CAAC;AAG9E;;;;;GAKG;AACH,qBAAa,cAAe,YAAW,WAAW;IAQ9C,UAAU,CAAC,EAAE,MAAM,CAAC;IASpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED
|
|
1
|
+
{"version":3,"file":"auth.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAG,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,iDAAiD,CAAC;AAG9E;;;;;GAKG;AACH,qBAAa,cAAe,YAAW,WAAW;IAQ9C,UAAU,CAAC,EAAE,MAAM,CAAC;IASpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,qBAAqB;IAe9B,SAAS,CAAC,EAAE,MAAM,CAAC;IAQnB,QAAQ,CAAC,EAAE,gBAAgB,CAAyB;IASpD,OAAO,CAAC,EAAE,cAAc,CAAC;IAQzB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACtC;AAGD,qBAAa,sBAAsB;IAO/B,YAAY,EAAG,MAAM,CAAC;CACzB;AAGD,qBAAa,sBAAuB,SAAQ,sBAAsB;IAQ9D,WAAW,EAAE,MAAM,CAAM;CAExB;AAEL,qBAAa,6BAA8B,SAAQ,sBAAsB;IAKrE,KAAK,CAAC,EAAE,QAAQ,CAAC;IAMjB,IAAI,CAAC,EAAE,OAAO,CAAC;IAMf,QAAQ,CAAC,EAAE,WAAW,CAAC;IAQvB,QAAQ,EAAE,gBAAgB,CAAyB;CACtD"}
|
|
@@ -45,6 +45,12 @@ __decorate([
|
|
|
45
45
|
*
|
|
46
46
|
* Use the nested `context` object for explicit context selection
|
|
47
47
|
* when users have multiple memberships.
|
|
48
|
+
*
|
|
49
|
+
* THIRD-PARTY JWT REQUIREMENTS:
|
|
50
|
+
* When providing authToken from external providers, the JWT must include:
|
|
51
|
+
* - Header: kid (Key ID), alg (Algorithm: RS256/ES256/EdDSA)
|
|
52
|
+
* - Payload: iss (Issuer URL), sub (Subject), aud (Audience), exp, iat
|
|
53
|
+
* - Provider must expose JWKS at: {issuer}/.well-known/jwks.json
|
|
48
54
|
*/
|
|
49
55
|
export class SessionAuthRequestDTO {
|
|
50
56
|
authToken;
|
|
@@ -54,8 +60,15 @@ export class SessionAuthRequestDTO {
|
|
|
54
60
|
}
|
|
55
61
|
__decorate([
|
|
56
62
|
ApiPropertyOptional({
|
|
57
|
-
description:
|
|
58
|
-
|
|
63
|
+
description: `Authentication token from identity provider (WebAuthn, DFNS, Firebase, Auth0, etc.).
|
|
64
|
+
|
|
65
|
+
**Third-Party JWT Requirements:**
|
|
66
|
+
- **Header**: \`kid\` (Key ID matching JWKS), \`alg\` (RS256/ES256/EdDSA)
|
|
67
|
+
- **Payload Claims**: \`iss\` (issuer URL), \`sub\` (user ID), \`aud\` (audience), \`exp\`, \`iat\`
|
|
68
|
+
- **Provider Requirement**: Must expose JWKS at \`{issuer}/.well-known/jwks.json\`
|
|
69
|
+
|
|
70
|
+
PERS will automatically discover and fetch the issuer's public keys for verification.`,
|
|
71
|
+
example: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIn0.eyJpc3MiOiJodHRwczovL2lkcC5leGFtcGxlLmNvbSIsInN1YiI6InVzZXItMTIzIiwiYXVkIjoieW91ci1jbGllbnQtaWQiLCJleHAiOjE3MzM0MDAwMDAsImlhdCI6MTczMzM5NjQwMH0.signature',
|
|
59
72
|
type: String
|
|
60
73
|
}),
|
|
61
74
|
OptionalStrip(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAG,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEpC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IAQvB,UAAU,CAAU;IASpB,QAAQ,CAAU;CACrB;AAVG;IAPC,mBAAmB,CAAC;QACjB,WAAW,EAAE,sGAAsG;QACnH,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,aAAa,EAAE;IACf,QAAQ,EAAE;kDACS;AASpB;IAPC,mBAAmB,CAAC;QACjB,WAAW,EAAE,gGAAgG;QAC7G,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,aAAa,EAAE;IACf,QAAQ,EAAE;gDACO;AAGtB
|
|
1
|
+
{"version":3,"file":"auth.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/auth/auth.dto.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAG,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEpC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IAQvB,UAAU,CAAU;IASpB,QAAQ,CAAU;CACrB;AAVG;IAPC,mBAAmB,CAAC;QACjB,WAAW,EAAE,sGAAsG;QACnH,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,aAAa,EAAE;IACf,QAAQ,EAAE;kDACS;AASpB;IAPC,mBAAmB,CAAC;QACjB,WAAW,EAAE,gGAAgG;QAC7G,OAAO,EAAE,sCAAsC;QAC/C,IAAI,EAAE,MAAM;KACf,CAAC;IACD,aAAa,EAAE;IACf,QAAQ,EAAE;gDACO;AAGtB;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,qBAAqB;IAe9B,SAAS,CAAU;IAQnB,QAAQ,GAAsB,gBAAgB,CAAC,IAAI,CAAC;IASpD,OAAO,CAAkB;IAQzB,YAAY,CAAuB;CACtC;AA1BG;IAdC,mBAAmB,CAAC;QACjB,WAAW,EAAE;;;;;;;sFAOiE;QAC9E,OAAO,EAAE,mNAAmN;QAC5N,IAAI,EAAE,MAAM;KACf,CAAC;IACD,aAAa,EAAE;IACf,QAAQ,EAAE;wDACQ;AAQnB;IANC,mBAAmB,CAAC;QACjB,WAAW,EAAE,iFAAiF;QAC9F,IAAI,EAAE,gBAAgB;KACzB,CAAC;IACD,aAAa,EAAE;IACf,MAAM,CAAC,gBAAgB,CAAC;uDAC2B;AASpD;IAPC,mBAAmB,CAAC;QACjB,WAAW,EAAE,oHAAoH;QACjI,IAAI,EAAE,GAAG,EAAE,CAAC,cAAc;KAC7B,CAAC;IACD,aAAa,EAAE;IACf,cAAc,EAAE;IAChB,IAAI,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC;sDACF;AAQzB;IANC,mBAAmB,CAAC;QACjB,WAAW,EAAE,uQAAuQ;QACpR,OAAO,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;QACnG,IAAI,EAAE,MAAM;KACf,CAAC;IACD,aAAa,EAAE;2DACmB;AAIvC,MAAM,OAAO,sBAAsB;IAO/B,YAAY,CAAU;CACzB;AADG;IANC,WAAW,CAAC;QACT,WAAW,EAAE,eAAe;QAC5B,OAAO,EAAE,sJAAsJ;KAClK,CAAC;IACD,UAAU,EAAE;IACZ,QAAQ,EAAE;4DACW;AAI1B,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAQ9D,WAAW,GAAW,EAAE,CAAC;CAExB;AAFD;IAPC,WAAW,CACR;QACI,WAAW,EAAE,uKAAuK;KACvL,CACJ;IACA,UAAU,EAAE;IACZ,QAAQ,EAAE;2DACc;AAI7B,MAAM,OAAO,6BAA8B,SAAQ,sBAAsB;IAKrE,KAAK,CAAY;IAMjB,IAAI,CAAW;IAMf,QAAQ,CAAe;IAQvB,AADA,4BAA4B;IAC5B,QAAQ,GAAqB,gBAAgB,CAAC,IAAI,CAAC;CACtD;AArBG;IAJC,mBAAmB,CAAC;QACjB,WAAW,EAAE,yCAAyC;QACtD,IAAI,EAAE,GAAG,EAAE,CAAC,QAAQ;KACvB,CAAC;4DACe;AAMjB;IAJC,mBAAmB,CAAC;QACjB,WAAW,EAAE,uCAAuC;QACpD,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO;KACtB,CAAC;2DACa;AAMf;IAJC,mBAAmB,CAAC;QACjB,WAAW,EAAE,+CAA+C;QAC5D,IAAI,EAAE,GAAG,EAAE,CAAC,WAAW;KAC1B,CAAC;+DACqB;AAQvB;IANC,WAAW,CAAC;QACT,WAAW,EAAE,iFAAiF;QAC9F,0BAA0B;QAC1B,IAAI,EAAE,gBAAgB;KACzB,CAAC;IACF,4BAA4B;+DACuB"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { WalletManagementType } from "../../enum/wallet.enum";
|
|
2
|
+
import { ExternalTokenIssuerConfig } from "../../interfaces/external-token-issuer.interface";
|
|
2
3
|
export declare class TenantPublicDTO {
|
|
3
4
|
projectName: string;
|
|
4
5
|
acronym: string;
|
|
@@ -20,5 +21,6 @@ export declare class TenantDTO extends TenantPublicDTO {
|
|
|
20
21
|
defaultWalletManagementType: WalletManagementType;
|
|
21
22
|
ipfsGatewayDomain: string;
|
|
22
23
|
googleApiKey?: string;
|
|
24
|
+
allowedTokenIssuers: ExternalTokenIssuerConfig[];
|
|
23
25
|
}
|
|
24
26
|
//# sourceMappingURL=tenant.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenant.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"tenant.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAE7F,qBAAa,eAAe;IAK1B,WAAW,EAAE,MAAM,CAAM;IAMzB,OAAO,EAAE,MAAM,CAAM;IAMrB,EAAE,EAAE,MAAM,CAAM;IAMhB,SAAS,EAAE,IAAI,CAAa;IAM5B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAM3B,cAAc,CAAC,EAAE,MAAM,CAAA;IAMvB,YAAY,CAAC,EAAE,MAAM,CAAA;IAMrB,eAAe,CAAC,EAAE,MAAM,CAAA;IAMtB,aAAa,EAAE,MAAM,CAAK;CAC7B;AAED,qBAAa,SAAU,SAAQ,eAAe;IAQ1C,oBAAoB,EAAE,MAAM,CAAK;IAMjC,YAAY,CAAC,EAAE,MAAM,CAAA;IAMrB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAM5B,UAAU,CAAC,EAAE,MAAM,CAAA;IAMnB,+BAA+B,EAAE,OAAO,CAAQ;IAGhD,gBAAgB,CAAC,EAAE,MAAM,CAAA;IA2BzB,2BAA2B,EAAE,oBAAoB,CAAiC;IAQlF,iBAAiB,EAAE,MAAM,CAAwB;IAMjD,YAAY,CAAC,EAAE,MAAM,CAAA;IAMrB,mBAAmB,EAAE,yBAAyB,EAAE,CAAK;CACtD"}
|
|
@@ -6,6 +6,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
6
6
|
};
|
|
7
7
|
import { ApiProperty, ApiPropertyOptional } from "@nestjs/swagger";
|
|
8
8
|
import { WalletManagementType } from "../../enum/wallet.enum.js";
|
|
9
|
+
import { ExternalTokenIssuerConfigDTO } from "./tenantUpdate.request.dto.js";
|
|
9
10
|
export class TenantPublicDTO {
|
|
10
11
|
projectName = '';
|
|
11
12
|
acronym = '';
|
|
@@ -97,6 +98,7 @@ export class TenantDTO extends TenantPublicDTO {
|
|
|
97
98
|
defaultWalletManagementType = WalletManagementType.CUSTODIAL;
|
|
98
99
|
ipfsGatewayDomain = 'pers.mypinata.cloud';
|
|
99
100
|
googleApiKey;
|
|
101
|
+
allowedTokenIssuers = [];
|
|
100
102
|
}
|
|
101
103
|
__decorate([
|
|
102
104
|
ApiProperty({
|
|
@@ -153,4 +155,10 @@ __decorate([
|
|
|
153
155
|
type: String
|
|
154
156
|
})
|
|
155
157
|
], TenantDTO.prototype, "googleApiKey", void 0);
|
|
158
|
+
__decorate([
|
|
159
|
+
ApiPropertyOptional({
|
|
160
|
+
description: 'List of allowed external JWT token issuers for this tenant.',
|
|
161
|
+
type: [ExternalTokenIssuerConfigDTO]
|
|
162
|
+
})
|
|
163
|
+
], TenantDTO.prototype, "allowedTokenIssuers", void 0);
|
|
156
164
|
//# sourceMappingURL=tenant.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenant.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"tenant.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenant.dto.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAE9D,OAAO,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAC1E,MAAM,OAAO,eAAe;IAK1B,WAAW,GAAW,EAAE,CAAC;IAMzB,OAAO,GAAW,EAAE,CAAC;IAMrB,EAAE,GAAW,EAAE,CAAC;IAMhB,SAAS,GAAS,IAAI,IAAI,EAAE,CAAA;IAM5B,kBAAkB,CAAS;IAM3B,cAAc,CAAS;IAMvB,YAAY,CAAS;IAMrB,eAAe,CAAS;IAMtB,aAAa,GAAW,EAAE,CAAA;CAC7B;AAjDC;IAJC,WAAW,CAAC;QACX,WAAW,EAAE,qBAAqB;QAClC,IAAI,EAAE,MAAM;KACb,CAAC;oDACuB;AAMzB;IAJC,WAAW,CAAC;QACX,WAAW,EAAE,wBAAwB;QACrC,IAAI,EAAE,MAAM;KACb,CAAC;gDACmB;AAMrB;IAJC,WAAW,CAAC;QACX,WAAW,EAAE,qGAAqG;QAClH,IAAI,EAAE,MAAM;KACb,CAAC;2CACc;AAMhB;IAJC,WAAW,CAAC;QACX,WAAW,EAAE,+BAA+B;QAC5C,IAAI,EAAE,IAAI;KACX,CAAC;kDAC0B;AAM5B;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,4BAA4B;QACzC,IAAI,EAAE,MAAM;KACb,CAAC;2DACyB;AAM3B;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,wBAAwB;QACrC,IAAI,EAAE,MAAM;KACb,CAAC;uDACqB;AAMvB;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,sBAAsB;QACnC,IAAI,EAAE,MAAM;KACb,CAAC;qDACmB;AAMrB;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,0BAA0B;QACvC,IAAI,EAAE,MAAM;KACb,CAAC;wDACsB;AAMtB;IAJD,WAAW,CAAC;QACT,WAAW,EAAE,qGAAqG;QAClH,IAAI,EAAE,MAAM;KACb,CAAC;sDACwB;AAG9B,MAAM,OAAO,SAAU,SAAQ,eAAe;IAQ1C,oBAAoB,GAAW,EAAE,CAAA;IAMjC,YAAY,CAAS;IAMrB,mBAAmB,CAAS;IAM5B,UAAU,CAAS;IAMnB,+BAA+B,GAAY,KAAK,CAAA;IAGhD,gBAAgB,CAAS;IAEzB;+BAC2B;IAE3B;;;;;;mBAMe;IAEf;;;;;;6BAMyB;IAQzB,2BAA2B,GAAyB,oBAAoB,CAAC,SAAS,CAAA;IAQlF,iBAAiB,GAAW,qBAAqB,CAAA;IAMjD,YAAY,CAAS;IAMrB,mBAAmB,GAAgC,EAAE,CAAA;CACtD;AA3EC;IAJC,WAAW,CAAC;QACX,WAAW,EAAE,sEAAsE;QACnF,IAAI,EAAE,MAAM;KACb,CAAC;uDAC+B;AAMjC;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,4DAA4D;QACzE,IAAI,EAAE,MAAM;KACb,CAAC;+CACmB;AAMrB;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,mEAAmE;QAChF,IAAI,EAAE,MAAM;KACb,CAAC;sDAC0B;AAM5B;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,4EAA4E;QACzF,IAAI,EAAE,MAAM;KACb,CAAC;6CACiB;AAMnB;IAJC,WAAW,CAAC;QACX,WAAW,EAAE,4EAA4E;QACzF,IAAI,EAAE,OAAO;KACd,CAAC;kEAC8C;AAGhD;IADC,mBAAmB,EAAE;mDACG;AA2BzB;IANC,WAAW,CAAC;QACX,WAAW,EAAE,+QAA+Q;QAC5R,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,oBAAoB,CAAC,SAAS;QACvC,IAAI,EAAE,MAAM;KACb,CAAC;8DACgF;AAQlF;IANC,WAAW,CAAC;QACX,WAAW,EAAE,gFAAgF;QAC7F,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,qBAAqB;QAC9B,OAAO,EAAE,qBAAqB;KAC/B,CAAC;oDAC+C;AAMjD;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,sEAAsE;QACnF,IAAI,EAAE,MAAM;KACb,CAAC;+CACmB;AAMrB;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,6DAA6D;QAC1E,IAAI,EAAE,CAAC,4BAA4B,CAAC;KACrC,CAAC;sDACmD"}
|
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Validated External Token Issuer Config for API requests
|
|
3
|
+
*/
|
|
4
|
+
export declare class ExternalTokenIssuerConfigDTO {
|
|
5
|
+
issuer: string;
|
|
6
|
+
publicKey?: string;
|
|
7
|
+
jwksUri?: string;
|
|
8
|
+
allowUnverified?: boolean;
|
|
9
|
+
allowExpired?: boolean;
|
|
10
|
+
}
|
|
1
11
|
export declare class TenantUpdateRequestDTO {
|
|
2
12
|
projectName?: string;
|
|
3
13
|
projectDescription?: string;
|
|
@@ -10,5 +20,6 @@ export declare class TenantUpdateRequestDTO {
|
|
|
10
20
|
projectWebsite?: string;
|
|
11
21
|
projectEmail?: string;
|
|
12
22
|
projectImageUrl?: string;
|
|
23
|
+
allowedTokenIssuers?: ExternalTokenIssuerConfigDTO[];
|
|
13
24
|
}
|
|
14
25
|
//# sourceMappingURL=tenantUpdate.request.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenantUpdate.request.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tenantUpdate.request.dto.d.ts","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,qBAAa,4BAA4B;IAMrC,MAAM,EAAG,MAAM,CAAC;IAQhB,SAAS,CAAC,EAAE,MAAM,CAAC;IAQnB,OAAO,CAAC,EAAE,MAAM,CAAC;IAQjB,eAAe,CAAC,EAAE,OAAO,CAAC;IAQ1B,YAAY,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,qBAAa,sBAAsB;IAO/B,WAAW,CAAC,EAAE,MAAM,CAAA;IAMpB,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAI3B,YAAY,CAAC,EAAE,MAAM,CAAA;IAIrB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAI5B,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAI7B,UAAU,CAAC,EAAE,MAAM,CAAA;IAQnB,+BAA+B,CAAC,EAAE,OAAO,CAAA;IAIzC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAWzB,cAAc,CAAC,EAAE,MAAM,CAAA;IAKvB,YAAY,CAAC,EAAE,MAAM,CAAA;IAKrB,eAAe,CAAC,EAAE,MAAM,CAAA;IAUxB,mBAAmB,CAAC,EAAE,4BAA4B,EAAE,CAAA;CACrD"}
|
|
@@ -4,9 +4,59 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
4
4
|
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
5
|
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
6
|
};
|
|
7
|
-
import { ApiPropertyOptional } from "@nestjs/swagger";
|
|
8
|
-
import { IsBoolean, IsUrl, IsEmail } from 'class-validator';
|
|
7
|
+
import { ApiProperty, ApiPropertyOptional } from "@nestjs/swagger";
|
|
8
|
+
import { IsBoolean, IsUrl, IsEmail, IsArray, ValidateNested, IsString, IsOptional } from 'class-validator';
|
|
9
|
+
import { Type } from 'class-transformer';
|
|
9
10
|
import { OptionalNullify } from '../../decorators/index.js';
|
|
11
|
+
/**
|
|
12
|
+
* Validated External Token Issuer Config for API requests
|
|
13
|
+
*/
|
|
14
|
+
export class ExternalTokenIssuerConfigDTO {
|
|
15
|
+
issuer;
|
|
16
|
+
publicKey;
|
|
17
|
+
jwksUri;
|
|
18
|
+
allowUnverified;
|
|
19
|
+
allowExpired;
|
|
20
|
+
}
|
|
21
|
+
__decorate([
|
|
22
|
+
ApiProperty({
|
|
23
|
+
description: 'Issuer URL (must match token iss claim)',
|
|
24
|
+
example: 'https://login.example.com/tenant-id/v2.0/'
|
|
25
|
+
}),
|
|
26
|
+
IsString()
|
|
27
|
+
], ExternalTokenIssuerConfigDTO.prototype, "issuer", void 0);
|
|
28
|
+
__decorate([
|
|
29
|
+
ApiPropertyOptional({
|
|
30
|
+
description: 'PEM-encoded public key (skip JWKS fetch)',
|
|
31
|
+
example: '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----'
|
|
32
|
+
}),
|
|
33
|
+
IsOptional(),
|
|
34
|
+
IsString()
|
|
35
|
+
], ExternalTokenIssuerConfigDTO.prototype, "publicKey", void 0);
|
|
36
|
+
__decorate([
|
|
37
|
+
ApiPropertyOptional({
|
|
38
|
+
description: 'Custom JWKS URI (override default discovery)',
|
|
39
|
+
example: 'https://login.example.com/.well-known/jwks.json'
|
|
40
|
+
}),
|
|
41
|
+
IsOptional(),
|
|
42
|
+
IsUrl()
|
|
43
|
+
], ExternalTokenIssuerConfigDTO.prototype, "jwksUri", void 0);
|
|
44
|
+
__decorate([
|
|
45
|
+
ApiPropertyOptional({
|
|
46
|
+
description: 'Skip signature verification - use only for dev/testing',
|
|
47
|
+
default: false
|
|
48
|
+
}),
|
|
49
|
+
IsOptional(),
|
|
50
|
+
IsBoolean()
|
|
51
|
+
], ExternalTokenIssuerConfigDTO.prototype, "allowUnverified", void 0);
|
|
52
|
+
__decorate([
|
|
53
|
+
ApiPropertyOptional({
|
|
54
|
+
description: 'Allow expired tokens - use only for dev/testing',
|
|
55
|
+
default: false
|
|
56
|
+
}),
|
|
57
|
+
IsOptional(),
|
|
58
|
+
IsBoolean()
|
|
59
|
+
], ExternalTokenIssuerConfigDTO.prototype, "allowExpired", void 0);
|
|
10
60
|
export class TenantUpdateRequestDTO {
|
|
11
61
|
projectName;
|
|
12
62
|
projectDescription;
|
|
@@ -23,6 +73,7 @@ export class TenantUpdateRequestDTO {
|
|
|
23
73
|
projectWebsite;
|
|
24
74
|
projectEmail;
|
|
25
75
|
projectImageUrl;
|
|
76
|
+
allowedTokenIssuers;
|
|
26
77
|
}
|
|
27
78
|
__decorate([
|
|
28
79
|
ApiPropertyOptional({
|
|
@@ -80,4 +131,14 @@ __decorate([
|
|
|
80
131
|
OptionalNullify(),
|
|
81
132
|
IsUrl()
|
|
82
133
|
], TenantUpdateRequestDTO.prototype, "projectImageUrl", void 0);
|
|
134
|
+
__decorate([
|
|
135
|
+
ApiPropertyOptional({
|
|
136
|
+
description: 'List of allowed external JWT token issuers for this tenant. Each object must have an issuer URL.',
|
|
137
|
+
type: [ExternalTokenIssuerConfigDTO]
|
|
138
|
+
}),
|
|
139
|
+
OptionalNullify(),
|
|
140
|
+
IsArray(),
|
|
141
|
+
ValidateNested({ each: true }),
|
|
142
|
+
Type(() => ExternalTokenIssuerConfigDTO)
|
|
143
|
+
], TenantUpdateRequestDTO.prototype, "allowedTokenIssuers", void 0);
|
|
83
144
|
//# sourceMappingURL=tenantUpdate.request.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tenantUpdate.request.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAA;
|
|
1
|
+
{"version":3,"file":"tenantUpdate.request.dto.js","sourceRoot":"","sources":["../../../../../src/shared-lib/dto/tenant/tenantUpdate.request.dto.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAA;AAClE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC3G,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD;;GAEG;AACH,MAAM,OAAO,4BAA4B;IAMrC,MAAM,CAAU;IAQhB,SAAS,CAAU;IAQnB,OAAO,CAAU;IAQjB,eAAe,CAAW;IAQ1B,YAAY,CAAW;CAC1B;AAjCG;IALC,WAAW,CAAC;QACX,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,2CAA2C;KACrD,CAAC;IACD,QAAQ,EAAE;4DACK;AAQhB;IANC,mBAAmB,CAAC;QACnB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,2DAA2D;KACrE,CAAC;IACD,UAAU,EAAE;IACZ,QAAQ,EAAE;+DACQ;AAQnB;IANC,mBAAmB,CAAC;QACnB,WAAW,EAAE,8CAA8C;QAC3D,OAAO,EAAE,iDAAiD;KAC3D,CAAC;IACD,UAAU,EAAE;IACZ,KAAK,EAAE;6DACS;AAQjB;IANC,mBAAmB,CAAC;QACnB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,KAAK;KACf,CAAC;IACD,UAAU,EAAE;IACZ,SAAS,EAAE;qEACc;AAQ1B;IANC,mBAAmB,CAAC;QACnB,WAAW,EAAE,iDAAiD;QAC9D,OAAO,EAAE,KAAK;KACf,CAAC;IACD,UAAU,EAAE;IACZ,SAAS,EAAE;kEACW;AAG3B,MAAM,OAAO,sBAAsB;IAO/B,WAAW,CAAS;IAMpB,kBAAkB,CAAS;IAI3B,YAAY,CAAS;IAIrB,mBAAmB,CAAS;IAI5B,oBAAoB,CAAS;IAI7B,UAAU,CAAS;IAQnB,+BAA+B,CAAU;IAIzC,gBAAgB,CAAS;IAEzB;kCAC8B;IAE9B;kCAC8B;IAK9B,cAAc,CAAS;IAKvB,YAAY,CAAS;IAKrB,eAAe,CAAS;IAUxB,mBAAmB,CAAiC;CACrD;AAlEC;IALC,mBAAmB,CAAC;QACnB,WAAW,EAAE,kBAAkB;QAC/B,OAAO,EAAE,YAAY;KACtB,CAAC;IACD,eAAe,EAAE;2DACE;AAMpB;IAJC,mBAAmB,CAAC;QACnB,WAAW,EAAE,yBAAyB;KACvC,CAAC;IACD,eAAe,EAAE;kEACS;AAI3B;IAFC,mBAAmB,EAAE;IACrB,eAAe,EAAE;4DACG;AAIrB;IAFC,mBAAmB,EAAE;IACrB,eAAe,EAAE;mEACU;AAI5B;IAFC,mBAAmB,EAAE;IACrB,eAAe,EAAE;oEACW;AAI7B;IAFC,mBAAmB,EAAE;IACrB,eAAe,EAAE;0DACC;AAQnB;IANC,mBAAmB,CAAC;QACnB,WAAW,EAAE,4EAA4E;QACzF,IAAI,EAAE,OAAO;KACd,CAAC;IACD,eAAe,EAAE;IACjB,SAAS,EAAE;+EAC6B;AAIzC;IAFC,mBAAmB,EAAE;IACrB,eAAe,EAAE;gEACO;AAWzB;IAHC,mBAAmB,EAAE;IACrB,eAAe,EAAE;IACjB,KAAK,EAAE;8DACe;AAKvB;IAHC,mBAAmB,EAAE;IACrB,eAAe,EAAE;IACjB,OAAO,EAAE;4DACW;AAKrB;IAHC,mBAAmB,EAAE;IACrB,eAAe,EAAE;IACjB,KAAK,EAAE;+DACgB;AAUxB;IARC,mBAAmB,CAAC;QACnB,WAAW,EAAE,kGAAkG;QAC/G,IAAI,EAAE,CAAC,4BAA4B,CAAC;KACrC,CAAC;IACD,eAAe,EAAE;IACjB,OAAO,EAAE;IACT,cAAc,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,GAAG,EAAE,CAAC,4BAA4B,CAAC;mEACW"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { BaseJwtClaims } from './jwt.payload.interface';
|
|
2
|
+
/**
|
|
3
|
+
* External Token Issuer Configuration
|
|
4
|
+
*
|
|
5
|
+
* Supports federated authentication with external identity providers (e.g., Azure AD B2C, Auth0, Okta).
|
|
6
|
+
*
|
|
7
|
+
* Verification priority:
|
|
8
|
+
* 1. If `allowUnverified` is true → Skip signature verification (⚠️ dev/testing only)
|
|
9
|
+
* 2. If `publicKey` is set → Use stored key directly (no network call)
|
|
10
|
+
* 3. If `jwksUri` is set → Fetch from custom JWKS endpoint
|
|
11
|
+
* 4. Else → Fetch from `{issuer}/.well-known/openid-configuration/jwks`
|
|
12
|
+
*
|
|
13
|
+
* @example Simple JWKS auto-discovery
|
|
14
|
+
* ```typescript
|
|
15
|
+
* { issuer: 'https://login.example.com/tenant-id/v2.0/' }
|
|
16
|
+
* ```
|
|
17
|
+
*
|
|
18
|
+
* @example With stored public key (no network call)
|
|
19
|
+
* ```typescript
|
|
20
|
+
* {
|
|
21
|
+
* issuer: 'https://internal-idp.example.com',
|
|
22
|
+
* publicKey: '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----'
|
|
23
|
+
* }
|
|
24
|
+
* ```
|
|
25
|
+
*
|
|
26
|
+
* @example Dev/testing only (skip verification)
|
|
27
|
+
* ```typescript
|
|
28
|
+
* {
|
|
29
|
+
* issuer: 'https://dev-idp.example.com',
|
|
30
|
+
* allowUnverified: true // ⚠️ NEVER use in production
|
|
31
|
+
* }
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
export interface ExternalTokenIssuerConfig {
|
|
35
|
+
/** Required: Issuer URL (must match token's `iss` claim) */
|
|
36
|
+
issuer: string;
|
|
37
|
+
/** Optional: PEM-encoded public key (skip JWKS fetch) */
|
|
38
|
+
publicKey?: string;
|
|
39
|
+
/** Optional: Custom JWKS URI (override default discovery) */
|
|
40
|
+
jwksUri?: string;
|
|
41
|
+
/** Optional: Skip signature verification - ⚠️ use only for dev/testing */
|
|
42
|
+
allowUnverified?: boolean;
|
|
43
|
+
/** Optional: Allow expired tokens - ⚠️ use only for dev/testing */
|
|
44
|
+
allowExpired?: boolean;
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* External JWT Payload interface for third-party tokens (e.g., Azure B2C, Auth0, Okta)
|
|
48
|
+
*
|
|
49
|
+
* Extends BaseJwtClaims with common external provider claims.
|
|
50
|
+
*/
|
|
51
|
+
export interface ExternalJwtPayload extends BaseJwtClaims {
|
|
52
|
+
email?: string;
|
|
53
|
+
emails?: string[];
|
|
54
|
+
name?: string;
|
|
55
|
+
given_name?: string;
|
|
56
|
+
family_name?: string;
|
|
57
|
+
preferred_username?: string;
|
|
58
|
+
oid?: string;
|
|
59
|
+
tid?: string;
|
|
60
|
+
firstName?: string;
|
|
61
|
+
lastName?: string;
|
|
62
|
+
externalId?: string;
|
|
63
|
+
[key: string]: any;
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=external-token-issuer.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"external-token-issuer.interface.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/external-token-issuer.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,WAAW,yBAAyB;IACxC,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IAEf,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,0EAA0E;IAC1E,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,mEAAmE;IACnE,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,kBAAmB,SAAQ,aAAa;IAEvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IAGb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"external-token-issuer.interface.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/external-token-issuer.interface.ts"],"names":[],"mappings":""}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":"AACA,cAAc,kCAAkC,CAAC;AACjD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,0CAA0C,CAAC;AACzD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,kCAAkC,CAAC;AAEjD,cAAc,yBAAyB,CAAC;AAExC,cAAc,4CAA4C,CAAC;AAE3D,cAAc,YAAY,CAAC;AAE3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AAEnD,cAAc,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":"AACA,cAAc,kCAAkC,CAAC;AACjD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,0CAA0C,CAAC;AACzD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,kCAAkC,CAAC;AAEjD,cAAc,yBAAyB,CAAC;AAExC,cAAc,4CAA4C,CAAC;AAE3D,cAAc,YAAY,CAAC;AAE3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AAEjC,cAAc,mCAAmC,CAAC"}
|
|
@@ -21,4 +21,5 @@ export * from './campaign/index.js';
|
|
|
21
21
|
export * from './ai-prompt-config.interface.js';
|
|
22
22
|
export * from './balance-filter-options.interface.js';
|
|
23
23
|
export * from './ws-relay.types.js';
|
|
24
|
+
export * from './external-token-issuer.interface.js';
|
|
24
25
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,cAAc,kCAAkC,CAAC;AACjD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,0CAA0C,CAAC;AACzD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,kCAAkC,CAAC;AAEjD,cAAc,yBAAyB,CAAC;AAExC,cAAc,4CAA4C,CAAC;AAE3D,cAAc,YAAY,CAAC;AAE3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AAEnD,cAAc,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/index.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,cAAc,kCAAkC,CAAC;AACjD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,0CAA0C,CAAC;AACzD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,kCAAkC,CAAC;AAEjD,cAAc,yBAAyB,CAAC;AAExC,cAAc,4CAA4C,CAAC;AAE3D,cAAc,YAAY,CAAC;AAE3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AAEjC,cAAc,mCAAmC,CAAC"}
|
|
@@ -28,6 +28,19 @@ export interface PasskeyTokenPayload {
|
|
|
28
28
|
exp?: number;
|
|
29
29
|
[key: string]: any;
|
|
30
30
|
}
|
|
31
|
+
/**
|
|
32
|
+
* Base JWT claims (RFC 7519) - all optional for maximum flexibility
|
|
33
|
+
* Use this as base for external/third-party token payloads
|
|
34
|
+
*/
|
|
35
|
+
export interface BaseJwtClaims {
|
|
36
|
+
iss?: string;
|
|
37
|
+
sub?: string;
|
|
38
|
+
aud?: string | string[];
|
|
39
|
+
exp?: number;
|
|
40
|
+
iat?: number;
|
|
41
|
+
nbf?: number;
|
|
42
|
+
jti?: string;
|
|
43
|
+
}
|
|
31
44
|
interface BaseJWTPayload {
|
|
32
45
|
iss?: string;
|
|
33
46
|
aud?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.payload.interface.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACpH,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,cAAc,GAAG,cAAc,GAAG,mBAAmB,GAAG,iBAAiB,CAAC;AAE5G,UAAU,iBAAkB,SAAQ,cAAc;IAC9C,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KAClB,CAAC;IACF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAEH,UAAU,cAAc;IAEpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAGD,UAAU,kBAAmB,SAAQ,cAAc;IAE/C,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;CACtB;AAGD,MAAM,WAAW,cAAe,SAAQ,kBAAkB;IACtD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,GAAG,qBAAqB,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAC;IAIxB,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAK1B,IAAI,CAAC,EAAE,cAAc,CAAC;IAOtB,GAAG,CAAC,EAAE,MAAM,CAAC;IAGb,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,GAAG,CAAC,EAAE;QACF,GAAG,EAAE,MAAM,CAAC;KACf,CAAC;CACL;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAA;IAEvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,oBAAoB,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAG/B,WAAW,EAAE,MAAM,EAAE,CAAC;CACzB;AAGD,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC,oBAAoB,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IAGjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACvB;AAOD,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,iBAAiB,CAAC;AAO9G,wBAAgB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,cAAc,CAEhF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,iBAAiB,CAEtF;AAGD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,IAAI,cAAc,CAExE"}
|
|
1
|
+
{"version":3,"file":"jwt.payload.interface.d.ts","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACpH,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,cAAc,GAAG,cAAc,GAAG,mBAAmB,GAAG,iBAAiB,CAAC;AAE5G,UAAU,iBAAkB,SAAQ,cAAc;IAC9C,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KAClB,CAAC;IACF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAEH;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,cAAc;IAEpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAGD,UAAU,kBAAmB,SAAQ,cAAc;IAE/C,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;CACtB;AAGD,MAAM,WAAW,cAAe,SAAQ,kBAAkB;IACtD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,GAAG,qBAAqB,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAC;IAIxB,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAK1B,IAAI,CAAC,EAAE,cAAc,CAAC;IAOtB,GAAG,CAAC,EAAE,MAAM,CAAC;IAGb,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,GAAG,CAAC,EAAE;QACF,GAAG,EAAE,MAAM,CAAC;KACf,CAAC;CACL;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,cAAc,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAA;IAEvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAGD,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,oBAAoB,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAG/B,WAAW,EAAE,MAAM,EAAE,CAAC;CACzB;AAGD,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC,oBAAoB,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IAGjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACvB;AAOD,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,iBAAiB,CAAC;AAO9G,wBAAgB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,cAAc,CAEhF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,oBAAoB,CAE5F;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,iBAAiB,CAEtF;AAGD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,IAAI,cAAc,CAExE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.payload.interface.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"jwt.payload.interface.js","sourceRoot":"","sources":["../../../../src/shared-lib/interfaces/jwt.payload.interface.ts"],"names":[],"mappings":"AA+IA,8CAA8C;AAC9C,0BAA0B;AAC1B,8CAA8C;AAE9C,uBAAuB;AACvB,MAAM,UAAU,aAAa,CAAC,OAAuB;IACjD,OAAO,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,IAAI,OAAO,CAAC,CAAC;AACrG,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAuB;IACvD,OAAO,eAAe,IAAI,OAAO,IAAI,CAAC,CAAC,aAAa,IAAI,OAAO,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAuB;IACvD,OAAO,aAAa,IAAI,OAAO,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAAuB;IACpD,OAAO,WAAW,IAAI,OAAO,IAAI,WAAW,IAAI,OAAO,CAAC;AAC5D,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,gBAAgB,CAAC,OAAY;IACzC,OAAO,MAAM,IAAI,OAAO,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC;AACjE,CAAC"}
|
package/package.json
CHANGED