@fluidframework/azure-service-utils 2.0.0-internal.7.2.2 → 2.0.0-internal.7.4.0

package/.attw.json

@@ -0,0 +1,3 @@
+{
+	"ignoreRules": ["false-cjs"]
+}

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @fluidframework/azure-service-utils
 
+## 2.0.0-internal.7.4.0
+
+Dependency updates only.
+
+## 2.0.0-internal.7.3.0
+
+Dependency updates only.
+
 ## 2.0.0-internal.7.2.0
 
 Dependency updates only.

package/README.md

@@ -82,8 +82,7 @@ Thank you!
 
 This project may contain Microsoft trademarks or logos for Microsoft projects, products, or services.
 
-Use of these trademarks or logos must follow Microsoft's [Trademark & Brand
-Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
+Use of these trademarks or logos must follow Microsoft's [Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
 
 Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
 

package/api-extractor-lint.json

@@ -0,0 +1,13 @@
+{
+	"$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
+	"extends": "../../../common/build/build-common/api-extractor-lint.json",
+	"messages": {
+		"extractorMessageReporting": {
+			// TODO: remove once base config has this enabled as an error
+			"ae-incompatible-release-tags": {
+				"logLevel": "error",
+				"addToApiReportFile": false
+			}
+		}
+	}
+}

package/api-extractor.json

@@ -1,4 +1,4 @@
 {
 	"$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
-	"extends": "@fluidframework/build-common/api-extractor-base.json"
+	"extends": "../../../common/build/build-common/api-extractor-base.json"
 }

package/api-report/azure-service-utils.api.md

@@ -7,7 +7,7 @@
 import { IUser } from '@fluidframework/protocol-definitions';
 import { ScopeType } from '@fluidframework/protocol-definitions';
 
-// @public
+// @internal
 export function generateToken(tenantId: string, key: string, scopes: ScopeType[], documentId?: string, user?: IUser, lifetime?: number, ver?: string): string;
 
 export { IUser }

package/dist/azure-service-utils-alpha.d.ts

@@ -0,0 +1,21 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/* Excluded from this release type: generateToken */
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/dist/azure-service-utils-beta.d.ts

@@ -0,0 +1,21 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/* Excluded from this release type: generateToken */
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/dist/azure-service-utils-public.d.ts

@@ -0,0 +1,21 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/* Excluded from this release type: generateToken */
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/dist/azure-service-utils-untrimmed.d.ts

@@ -0,0 +1,63 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/**
+ * IMPORTANT: This function is duplicated in ./packages/runtime/test-runtime-utils/src/generateToken.ts. There is no
+ * need for different implementations, so they should be kept in sync if changes are needed.
+ *
+ * The reason they are duplicated is because we don't want the core Fluid libraries depending on the Azure libraries
+ * (enforced by layer-check), but both need to expose this function. The test-runtime-utils library is a test lib, which
+ * layer-check (correctly) reuires only be used as a dev dependency. But in the azure case, we want the function
+ * exported, so it needs to be sourced from either the package itself or a non-dev dependency.
+ *
+ * The previous solution to this was to import the function from azure-service-utils into test-runtime-utils, but that
+ * no longer works because the azure packages are in a separate release group.
+ *
+ * If a token needs to be generated on the client side, you should re-use this function. If you need service-side token
+ * generation, you should use the function available in the server-services-client package in order to avoid
+ * interdependencies between service and client packages.
+ */
+/**
+ * Generates a {@link https://en.wikipedia.org/wiki/JSON_Web_Token | JSON Web Token} (JWT)
+ * to authorize access to a Routerlicious-based Fluid service.
+ *
+ * @remarks Note: this function uses a browser friendly auth library
+ * ({@link https://www.npmjs.com/package/jsrsasign | jsrsasign}) and may only be used in client (browser) context.
+ * It is **not** Node.js-compatible.
+ *
+ * @param tenantId - See {@link @fluidframework/protocol-definitions#ITokenClaims.tenantId}
+ * @param key - API key to authenticate user. Must be {@link https://en.wikipedia.org/wiki/UTF-8 | UTF-8}-encoded.
+ * @param scopes - See {@link @fluidframework/protocol-definitions#ITokenClaims.scopes}
+ * @param documentId - See {@link @fluidframework/protocol-definitions#ITokenClaims.documentId}.
+ * If not specified, the token will not be associated with a document, and an empty string will be used.
+ * @param user - User with whom generated tokens will be associated.
+ * If not specified, the token will not be associated with a user, and a randomly generated mock user will be
+ * used instead.
+ * See {@link @fluidframework/protocol-definitions#ITokenClaims.user}
+ * @param lifetime - Used to generate the {@link @fluidframework/protocol-definitions#ITokenClaims.exp | expiration}.
+ * Expiration = now + lifetime.
+ * Expressed in seconds.
+ * Default: 3600 (1 hour).
+ * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.
+ * Default: `1.0`.
+ * @internal
+ */
+export declare function generateToken(tenantId: string, key: string, scopes: ScopeType[], documentId?: string, user?: IUser, lifetime?: number, ver?: string): string;
+
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/dist/{generateToken.js → generateToken.cjs}

@@ -46,8 +46,7 @@ const uuid_1 = require("uuid");
  * Default: 3600 (1 hour).
  * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.
  * Default: `1.0`.
- *
- * @public
+ * @internal
  */
 function generateToken(tenantId, key, scopes, documentId, user, lifetime = 60 * 60, 
 // Naming intended to match `ITokenClaims.ver`
@@ -91,4 +90,4 @@ function generateUser() {
     return randomUser;
 }
 exports.generateUser = generateUser;
-//# sourceMappingURL=generateToken.js.map
+//# sourceMappingURL=generateToken.cjs.map

package/dist/{generateToken.js.map → generateToken.cjs.map}

@@ -1 +1 @@
-{"version":3,"file":"generateToken.js","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,yCAA8C;AAC9C,+BAAkC;AAIlC;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,SAAgB,aAAa,CAC5B,QAAgB,EAChB,GAAW,EACX,MAAmB,EACnB,UAAmB,EACnB,IAAY,EACZ,WAAmB,EAAE,GAAG,EAAE;AAC1B,8CAA8C;AAC9C,yDAAyD;AACzD,MAAc,KAAK;IAEnB,IAAI,SAAS,GAAG,IAAI,IAAI,YAAY,EAAE,CAAC;IACvC,IAAI,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,SAAS,CAAC,EAAE,KAAK,SAAS,EAAE;QACtD,SAAS,GAAG,YAAY,EAAE,CAAC;KAC3B;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAmC;QAC9C,UAAU,EAAE,UAAU,IAAI,EAAE;QAC5B,MAAM;QACN,QAAQ;QACR,IAAI,EAAE,SAAS;QACf,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,QAAQ;QACnB,GAAG;QACH,sGAAsG;QACtG,GAAG,EAAE,IAAA,SAAI,GAAE;KACX,CAAC;IAEF,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAE9B,OAAO,gBAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;IAC5B,yBAAyB;IACzB,2CAA2C;IAC3C,IAAI,EACJ,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAC5C,MAAM,EACN,OAAO,CACP,CAAC;AACH,CAAC;AAzCD,sCAyCC;AAED;;;GAGG;AACH,SAAgB,YAAY;IAC3B,MAAM,UAAU,GAAG;QAClB,sGAAsG;QACtG,EAAE,EAAE,IAAA,SAAI,GAAE;QACV,sGAAsG;QACtG,IAAI,EAAE,IAAA,SAAI,GAAE;KACZ,CAAC;IAEF,OAAO,UAAU,CAAC;AACnB,CAAC;AATD,oCASC","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\nimport { KJUR as jsrsasign } from \"jsrsasign\";\nimport { v4 as uuid } from \"uuid\";\n\nimport type { ITokenClaims, IUser, ScopeType } from \"@fluidframework/protocol-definitions\";\n\n/**\n * IMPORTANT: This function is duplicated in ./packages/runtime/test-runtime-utils/src/generateToken.ts. There is no\n * need for different implementations, so they should be kept in sync if changes are needed.\n *\n * The reason they are duplicated is because we don't want the core Fluid libraries depending on the Azure libraries\n * (enforced by layer-check), but both need to expose this function. The test-runtime-utils library is a test lib, which\n * layer-check (correctly) reuires only be used as a dev dependency. But in the azure case, we want the function\n * exported, so it needs to be sourced from either the package itself or a non-dev dependency.\n *\n * The previous solution to this was to import the function from azure-service-utils into test-runtime-utils, but that\n * no longer works because the azure packages are in a separate release group.\n *\n * If a token needs to be generated on the client side, you should re-use this function. If you need service-side token\n * generation, you should use the function available in the server-services-client package in order to avoid\n * interdependencies between service and client packages.\n */\n\n/**\n * Generates a {@link https://en.wikipedia.org/wiki/JSON_Web_Token | JSON Web Token} (JWT)\n * to authorize access to a Routerlicious-based Fluid service.\n *\n * @remarks Note: this function uses a browser friendly auth library\n * ({@link https://www.npmjs.com/package/jsrsasign | jsrsasign}) and may only be used in client (browser) context.\n * It is **not** Node.js-compatible.\n *\n * @param tenantId - See {@link @fluidframework/protocol-definitions#ITokenClaims.tenantId}\n * @param key - API key to authenticate user. Must be {@link https://en.wikipedia.org/wiki/UTF-8 | UTF-8}-encoded.\n * @param scopes - See {@link @fluidframework/protocol-definitions#ITokenClaims.scopes}\n * @param documentId - See {@link @fluidframework/protocol-definitions#ITokenClaims.documentId}.\n * If not specified, the token will not be associated with a document, and an empty string will be used.\n * @param user - User with whom generated tokens will be associated.\n * If not specified, the token will not be associated with a user, and a randomly generated mock user will be\n * used instead.\n * See {@link @fluidframework/protocol-definitions#ITokenClaims.user}\n * @param lifetime - Used to generate the {@link @fluidframework/protocol-definitions#ITokenClaims.exp | expiration}.\n * Expiration = now + lifetime.\n * Expressed in seconds.\n * Default: 3600 (1 hour).\n * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.\n * Default: `1.0`.\n *\n * @public\n */\nexport function generateToken(\n\ttenantId: string,\n\tkey: string,\n\tscopes: ScopeType[],\n\tdocumentId?: string,\n\tuser?: IUser,\n\tlifetime: number = 60 * 60,\n\t// Naming intended to match `ITokenClaims.ver`\n\t// eslint-disable-next-line unicorn/prevent-abbreviations\n\tver: string = \"1.0\",\n): string {\n\tlet userClaim = user ?? generateUser();\n\tif (userClaim.id === \"\" || userClaim.id === undefined) {\n\t\tuserClaim = generateUser();\n\t}\n\n\t// Current time in seconds\n\tconst now = Math.round(Date.now() / 1000);\n\n\tconst claims: ITokenClaims & { jti: string } = {\n\t\tdocumentId: documentId ?? \"\",\n\t\tscopes,\n\t\ttenantId,\n\t\tuser: userClaim,\n\t\tiat: now,\n\t\texp: now + lifetime,\n\t\tver,\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tjti: uuid(),\n\t};\n\n\tconst utf8Key = { utf8: key };\n\n\treturn jsrsasign.jws.JWS.sign(\n\t\t// External API uses null\n\t\t// eslint-disable-next-line unicorn/no-null\n\t\tnull,\n\t\tJSON.stringify({ alg: \"HS256\", typ: \"JWT\" }),\n\t\tclaims,\n\t\tutf8Key,\n\t);\n}\n\n/**\n * Generates an arbitrary (\"random\") {@link @fluidframework/protocol-definitions#IUser} by generating a\n * random UUID for its {@link @fluidframework/protocol-definitions#IUser.id} and `name` properties.\n */\nexport function generateUser(): IUser {\n\tconst randomUser = {\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tid: uuid(),\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tname: uuid(),\n\t};\n\n\treturn randomUser;\n}\n"]}
+{"version":3,"file":"generateToken.cjs","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,yCAA8C;AAC9C,+BAAkC;AAIlC;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,SAAgB,aAAa,CAC5B,QAAgB,EAChB,GAAW,EACX,MAAmB,EACnB,UAAmB,EACnB,IAAY,EACZ,WAAmB,EAAE,GAAG,EAAE;AAC1B,8CAA8C;AAC9C,yDAAyD;AACzD,MAAc,KAAK;IAEnB,IAAI,SAAS,GAAG,IAAI,IAAI,YAAY,EAAE,CAAC;IACvC,IAAI,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,SAAS,CAAC,EAAE,KAAK,SAAS,EAAE;QACtD,SAAS,GAAG,YAAY,EAAE,CAAC;KAC3B;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAmC;QAC9C,UAAU,EAAE,UAAU,IAAI,EAAE;QAC5B,MAAM;QACN,QAAQ;QACR,IAAI,EAAE,SAAS;QACf,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,QAAQ;QACnB,GAAG;QACH,sGAAsG;QACtG,GAAG,EAAE,IAAA,SAAI,GAAE;KACX,CAAC;IAEF,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAE9B,OAAO,gBAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;IAC5B,yBAAyB;IACzB,2CAA2C;IAC3C,IAAI,EACJ,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAC5C,MAAM,EACN,OAAO,CACP,CAAC;AACH,CAAC;AAzCD,sCAyCC;AAED;;;GAGG;AACH,SAAgB,YAAY;IAC3B,MAAM,UAAU,GAAG;QAClB,sGAAsG;QACtG,EAAE,EAAE,IAAA,SAAI,GAAE;QACV,sGAAsG;QACtG,IAAI,EAAE,IAAA,SAAI,GAAE;KACZ,CAAC;IAEF,OAAO,UAAU,CAAC;AACnB,CAAC;AATD,oCASC","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\nimport { KJUR as jsrsasign } from \"jsrsasign\";\nimport { v4 as uuid } from \"uuid\";\n\nimport type { ITokenClaims, IUser, ScopeType } from \"@fluidframework/protocol-definitions\";\n\n/**\n * IMPORTANT: This function is duplicated in ./packages/runtime/test-runtime-utils/src/generateToken.ts. There is no\n * need for different implementations, so they should be kept in sync if changes are needed.\n *\n * The reason they are duplicated is because we don't want the core Fluid libraries depending on the Azure libraries\n * (enforced by layer-check), but both need to expose this function. The test-runtime-utils library is a test lib, which\n * layer-check (correctly) reuires only be used as a dev dependency. But in the azure case, we want the function\n * exported, so it needs to be sourced from either the package itself or a non-dev dependency.\n *\n * The previous solution to this was to import the function from azure-service-utils into test-runtime-utils, but that\n * no longer works because the azure packages are in a separate release group.\n *\n * If a token needs to be generated on the client side, you should re-use this function. If you need service-side token\n * generation, you should use the function available in the server-services-client package in order to avoid\n * interdependencies between service and client packages.\n */\n\n/**\n * Generates a {@link https://en.wikipedia.org/wiki/JSON_Web_Token | JSON Web Token} (JWT)\n * to authorize access to a Routerlicious-based Fluid service.\n *\n * @remarks Note: this function uses a browser friendly auth library\n * ({@link https://www.npmjs.com/package/jsrsasign | jsrsasign}) and may only be used in client (browser) context.\n * It is **not** Node.js-compatible.\n *\n * @param tenantId - See {@link @fluidframework/protocol-definitions#ITokenClaims.tenantId}\n * @param key - API key to authenticate user. Must be {@link https://en.wikipedia.org/wiki/UTF-8 | UTF-8}-encoded.\n * @param scopes - See {@link @fluidframework/protocol-definitions#ITokenClaims.scopes}\n * @param documentId - See {@link @fluidframework/protocol-definitions#ITokenClaims.documentId}.\n * If not specified, the token will not be associated with a document, and an empty string will be used.\n * @param user - User with whom generated tokens will be associated.\n * If not specified, the token will not be associated with a user, and a randomly generated mock user will be\n * used instead.\n * See {@link @fluidframework/protocol-definitions#ITokenClaims.user}\n * @param lifetime - Used to generate the {@link @fluidframework/protocol-definitions#ITokenClaims.exp | expiration}.\n * Expiration = now + lifetime.\n * Expressed in seconds.\n * Default: 3600 (1 hour).\n * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.\n * Default: `1.0`.\n * @internal\n */\nexport function generateToken(\n\ttenantId: string,\n\tkey: string,\n\tscopes: ScopeType[],\n\tdocumentId?: string,\n\tuser?: IUser,\n\tlifetime: number = 60 * 60,\n\t// Naming intended to match `ITokenClaims.ver`\n\t// eslint-disable-next-line unicorn/prevent-abbreviations\n\tver: string = \"1.0\",\n): string {\n\tlet userClaim = user ?? generateUser();\n\tif (userClaim.id === \"\" || userClaim.id === undefined) {\n\t\tuserClaim = generateUser();\n\t}\n\n\t// Current time in seconds\n\tconst now = Math.round(Date.now() / 1000);\n\n\tconst claims: ITokenClaims & { jti: string } = {\n\t\tdocumentId: documentId ?? \"\",\n\t\tscopes,\n\t\ttenantId,\n\t\tuser: userClaim,\n\t\tiat: now,\n\t\texp: now + lifetime,\n\t\tver,\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tjti: uuid(),\n\t};\n\n\tconst utf8Key = { utf8: key };\n\n\treturn jsrsasign.jws.JWS.sign(\n\t\t// External API uses null\n\t\t// eslint-disable-next-line unicorn/no-null\n\t\tnull,\n\t\tJSON.stringify({ alg: \"HS256\", typ: \"JWT\" }),\n\t\tclaims,\n\t\tutf8Key,\n\t);\n}\n\n/**\n * Generates an arbitrary (\"random\") {@link @fluidframework/protocol-definitions#IUser} by generating a\n * random UUID for its {@link @fluidframework/protocol-definitions#IUser.id} and `name` properties.\n */\nexport function generateUser(): IUser {\n\tconst randomUser = {\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tid: uuid(),\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tname: uuid(),\n\t};\n\n\treturn randomUser;\n}\n"]}

package/dist/generateToken.d.ts

@@ -38,8 +38,7 @@ import type { IUser, ScopeType } from "@fluidframework/protocol-definitions";
  * Default: 3600 (1 hour).
  * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.
  * Default: `1.0`.
- *
- * @public
+ * @internal
  */
 export declare function generateToken(tenantId: string, key: string, scopes: ScopeType[], documentId?: string, user?: IUser, lifetime?: number, ver?: string): string;
 /**

package/dist/generateToken.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generateToken.d.ts","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAgB,KAAK,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AAE3F;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,aAAa,CAC5B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,UAAU,CAAC,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,KAAK,EACZ,QAAQ,GAAE,MAAgB,EAG1B,GAAG,GAAE,MAAc,GACjB,MAAM,CA+BR;AAED;;;GAGG;AACH,wBAAgB,YAAY,IAAI,KAAK,CASpC"}
+{"version":3,"file":"generateToken.d.ts","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAgB,KAAK,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AAE3F;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,aAAa,CAC5B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,UAAU,CAAC,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,KAAK,EACZ,QAAQ,GAAE,MAAgB,EAG1B,GAAG,GAAE,MAAc,GACjB,MAAM,CA+BR;AAED;;;GAGG;AACH,wBAAgB,YAAY,IAAI,KAAK,CASpC"}

package/dist/{index.js → index.cjs}

@@ -7,6 +7,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.generateToken = exports.ScopeType = void 0;
 var protocol_definitions_1 = require("@fluidframework/protocol-definitions");
 Object.defineProperty(exports, "ScopeType", { enumerable: true, get: function () { return protocol_definitions_1.ScopeType; } });
-var generateToken_1 = require("./generateToken");
+var generateToken_1 = require("./generateToken.cjs");
 Object.defineProperty(exports, "generateToken", { enumerable: true, get: function () { return generateToken_1.generateToken; } });
-//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAeH,6EAAiE;AAAxD,iHAAA,SAAS,OAAA;AAClB,qDAAgD;AAAvC,8GAAA,aAAa,OAAA","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * A set of helper utilities for building backend APIs for use with\n * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.\n *\n * @remarks\n * Note that this library's primary entry-point ({@link generateToken}) is only intended\n * to be run in a browser context.\n * It is **not** Node.js-compatible.\n *\n * @packageDocumentation\n */\n\nexport type { IUser } from \"@fluidframework/protocol-definitions\";\nexport { ScopeType } from \"@fluidframework/protocol-definitions\";\nexport { generateToken } from \"./generateToken\";\n"]}

package/dist/tsdoc-metadata.json

@@ -5,7 +5,7 @@
   "toolPackages": [
     {
       "packageName": "@microsoft/api-extractor",
-      "packageVersion": "7.38.0"
+      "packageVersion": "7.38.3"
     }
   ]
 }

package/lib/azure-service-utils-alpha.d.ts

@@ -0,0 +1,21 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/* Excluded from this release type: generateToken */
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/lib/azure-service-utils-beta.d.ts

@@ -0,0 +1,21 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/* Excluded from this release type: generateToken */
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/lib/azure-service-utils-public.d.ts

@@ -0,0 +1,21 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/* Excluded from this release type: generateToken */
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/lib/azure-service-utils-untrimmed.d.ts

@@ -0,0 +1,63 @@
+/**
+ * A set of helper utilities for building backend APIs for use with
+ * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
+ *
+ * @remarks
+ * Note that this library's primary entry-point ({@link generateToken}) is only intended
+ * to be run in a browser context.
+ * It is **not** Node.js-compatible.
+ *
+ * @packageDocumentation
+ */
+
+import { IUser } from '@fluidframework/protocol-definitions';
+import { ScopeType } from '@fluidframework/protocol-definitions';
+
+/**
+ * IMPORTANT: This function is duplicated in ./packages/runtime/test-runtime-utils/src/generateToken.ts. There is no
+ * need for different implementations, so they should be kept in sync if changes are needed.
+ *
+ * The reason they are duplicated is because we don't want the core Fluid libraries depending on the Azure libraries
+ * (enforced by layer-check), but both need to expose this function. The test-runtime-utils library is a test lib, which
+ * layer-check (correctly) reuires only be used as a dev dependency. But in the azure case, we want the function
+ * exported, so it needs to be sourced from either the package itself or a non-dev dependency.
+ *
+ * The previous solution to this was to import the function from azure-service-utils into test-runtime-utils, but that
+ * no longer works because the azure packages are in a separate release group.
+ *
+ * If a token needs to be generated on the client side, you should re-use this function. If you need service-side token
+ * generation, you should use the function available in the server-services-client package in order to avoid
+ * interdependencies between service and client packages.
+ */
+/**
+ * Generates a {@link https://en.wikipedia.org/wiki/JSON_Web_Token | JSON Web Token} (JWT)
+ * to authorize access to a Routerlicious-based Fluid service.
+ *
+ * @remarks Note: this function uses a browser friendly auth library
+ * ({@link https://www.npmjs.com/package/jsrsasign | jsrsasign}) and may only be used in client (browser) context.
+ * It is **not** Node.js-compatible.
+ *
+ * @param tenantId - See {@link @fluidframework/protocol-definitions#ITokenClaims.tenantId}
+ * @param key - API key to authenticate user. Must be {@link https://en.wikipedia.org/wiki/UTF-8 | UTF-8}-encoded.
+ * @param scopes - See {@link @fluidframework/protocol-definitions#ITokenClaims.scopes}
+ * @param documentId - See {@link @fluidframework/protocol-definitions#ITokenClaims.documentId}.
+ * If not specified, the token will not be associated with a document, and an empty string will be used.
+ * @param user - User with whom generated tokens will be associated.
+ * If not specified, the token will not be associated with a user, and a randomly generated mock user will be
+ * used instead.
+ * See {@link @fluidframework/protocol-definitions#ITokenClaims.user}
+ * @param lifetime - Used to generate the {@link @fluidframework/protocol-definitions#ITokenClaims.exp | expiration}.
+ * Expiration = now + lifetime.
+ * Expressed in seconds.
+ * Default: 3600 (1 hour).
+ * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.
+ * Default: `1.0`.
+ * @internal
+ */
+export declare function generateToken(tenantId: string, key: string, scopes: ScopeType[], documentId?: string, user?: IUser, lifetime?: number, ver?: string): string;
+
+export { IUser }
+
+export { ScopeType }
+
+export { }

package/lib/generateToken.d.ts

@@ -38,8 +38,7 @@ import type { IUser, ScopeType } from "@fluidframework/protocol-definitions";
  * Default: 3600 (1 hour).
  * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.
  * Default: `1.0`.
- *
- * @public
+ * @internal
  */
 export declare function generateToken(tenantId: string, key: string, scopes: ScopeType[], documentId?: string, user?: IUser, lifetime?: number, ver?: string): string;
 /**

package/lib/generateToken.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generateToken.d.ts","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAgB,KAAK,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AAE3F;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,aAAa,CAC5B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,UAAU,CAAC,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,KAAK,EACZ,QAAQ,GAAE,MAAgB,EAG1B,GAAG,GAAE,MAAc,GACjB,MAAM,CA+BR;AAED;;;GAGG;AACH,wBAAgB,YAAY,IAAI,KAAK,CASpC"}
+{"version":3,"file":"generateToken.d.ts","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":"OAOO,KAAK,EAAgB,KAAK,EAAE,SAAS,EAAE,MAAM,sCAAsC;AAE1F;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,aAAa,CAC5B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,UAAU,CAAC,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,KAAK,EACZ,QAAQ,GAAE,MAAgB,EAG1B,GAAG,GAAE,MAAc,GACjB,MAAM,CA+BR;AAED;;;GAGG;AACH,wBAAgB,YAAY,IAAI,KAAK,CASpC"}

package/lib/{generateToken.js → generateToken.mjs}

@@ -1,7 +1,3 @@
-/*!
- * Copyright (c) Microsoft Corporation and contributors. All rights reserved.
- * Licensed under the MIT License.
- */
 import { KJUR as jsrsasign } from "jsrsasign";
 import { v4 as uuid } from "uuid";
 /**
@@ -43,8 +39,7 @@ import { v4 as uuid } from "uuid";
  * Default: 3600 (1 hour).
  * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.
  * Default: `1.0`.
- *
- * @public
+ * @internal
  */
 export function generateToken(tenantId, key, scopes, documentId, user, lifetime = 60 * 60, 
 // Naming intended to match `ITokenClaims.ver`
@@ -86,4 +81,4 @@ export function generateUser() {
     };
     return randomUser;
 }
-//# sourceMappingURL=generateToken.js.map
+//# sourceMappingURL=generateToken.mjs.map

package/lib/generateToken.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"generateToken.mjs","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":"OAIO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,WAAW;OACtC,EAAE,EAAE,IAAI,IAAI,EAAE,MAAM,MAAM;AAIjC;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,aAAa,CAC5B,QAAgB,EAChB,GAAW,EACX,MAAmB,EACnB,UAAmB,EACnB,IAAY,EACZ,WAAmB,EAAE,GAAG,EAAE;AAC1B,8CAA8C;AAC9C,yDAAyD;AACzD,MAAc,KAAK;IAEnB,IAAI,SAAS,GAAG,IAAI,IAAI,YAAY,EAAE,CAAC;IACvC,IAAI,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,SAAS,CAAC,EAAE,KAAK,SAAS,EAAE;QACtD,SAAS,GAAG,YAAY,EAAE,CAAC;KAC3B;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAmC;QAC9C,UAAU,EAAE,UAAU,IAAI,EAAE;QAC5B,MAAM;QACN,QAAQ;QACR,IAAI,EAAE,SAAS;QACf,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,QAAQ;QACnB,GAAG;QACH,sGAAsG;QACtG,GAAG,EAAE,IAAI,EAAE;KACX,CAAC;IAEF,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAE9B,OAAO,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;IAC5B,yBAAyB;IACzB,2CAA2C;IAC3C,IAAI,EACJ,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAC5C,MAAM,EACN,OAAO,CACP,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC3B,MAAM,UAAU,GAAG;QAClB,sGAAsG;QACtG,EAAE,EAAE,IAAI,EAAE;QACV,sGAAsG;QACtG,IAAI,EAAE,IAAI,EAAE;KACZ,CAAC;IAEF,OAAO,UAAU,CAAC;AACnB,CAAC","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\nimport { KJUR as jsrsasign } from \"jsrsasign\";\nimport { v4 as uuid } from \"uuid\";\n\nimport type { ITokenClaims, IUser, ScopeType } from \"@fluidframework/protocol-definitions\";\n\n/**\n * IMPORTANT: This function is duplicated in ./packages/runtime/test-runtime-utils/src/generateToken.ts. There is no\n * need for different implementations, so they should be kept in sync if changes are needed.\n *\n * The reason they are duplicated is because we don't want the core Fluid libraries depending on the Azure libraries\n * (enforced by layer-check), but both need to expose this function. The test-runtime-utils library is a test lib, which\n * layer-check (correctly) reuires only be used as a dev dependency. But in the azure case, we want the function\n * exported, so it needs to be sourced from either the package itself or a non-dev dependency.\n *\n * The previous solution to this was to import the function from azure-service-utils into test-runtime-utils, but that\n * no longer works because the azure packages are in a separate release group.\n *\n * If a token needs to be generated on the client side, you should re-use this function. If you need service-side token\n * generation, you should use the function available in the server-services-client package in order to avoid\n * interdependencies between service and client packages.\n */\n\n/**\n * Generates a {@link https://en.wikipedia.org/wiki/JSON_Web_Token | JSON Web Token} (JWT)\n * to authorize access to a Routerlicious-based Fluid service.\n *\n * @remarks Note: this function uses a browser friendly auth library\n * ({@link https://www.npmjs.com/package/jsrsasign | jsrsasign}) and may only be used in client (browser) context.\n * It is **not** Node.js-compatible.\n *\n * @param tenantId - See {@link @fluidframework/protocol-definitions#ITokenClaims.tenantId}\n * @param key - API key to authenticate user. Must be {@link https://en.wikipedia.org/wiki/UTF-8 | UTF-8}-encoded.\n * @param scopes - See {@link @fluidframework/protocol-definitions#ITokenClaims.scopes}\n * @param documentId - See {@link @fluidframework/protocol-definitions#ITokenClaims.documentId}.\n * If not specified, the token will not be associated with a document, and an empty string will be used.\n * @param user - User with whom generated tokens will be associated.\n * If not specified, the token will not be associated with a user, and a randomly generated mock user will be\n * used instead.\n * See {@link @fluidframework/protocol-definitions#ITokenClaims.user}\n * @param lifetime - Used to generate the {@link @fluidframework/protocol-definitions#ITokenClaims.exp | expiration}.\n * Expiration = now + lifetime.\n * Expressed in seconds.\n * Default: 3600 (1 hour).\n * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.\n * Default: `1.0`.\n * @internal\n */\nexport function generateToken(\n\ttenantId: string,\n\tkey: string,\n\tscopes: ScopeType[],\n\tdocumentId?: string,\n\tuser?: IUser,\n\tlifetime: number = 60 * 60,\n\t// Naming intended to match `ITokenClaims.ver`\n\t// eslint-disable-next-line unicorn/prevent-abbreviations\n\tver: string = \"1.0\",\n): string {\n\tlet userClaim = user ?? generateUser();\n\tif (userClaim.id === \"\" || userClaim.id === undefined) {\n\t\tuserClaim = generateUser();\n\t}\n\n\t// Current time in seconds\n\tconst now = Math.round(Date.now() / 1000);\n\n\tconst claims: ITokenClaims & { jti: string } = {\n\t\tdocumentId: documentId ?? \"\",\n\t\tscopes,\n\t\ttenantId,\n\t\tuser: userClaim,\n\t\tiat: now,\n\t\texp: now + lifetime,\n\t\tver,\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tjti: uuid(),\n\t};\n\n\tconst utf8Key = { utf8: key };\n\n\treturn jsrsasign.jws.JWS.sign(\n\t\t// External API uses null\n\t\t// eslint-disable-next-line unicorn/no-null\n\t\tnull,\n\t\tJSON.stringify({ alg: \"HS256\", typ: \"JWT\" }),\n\t\tclaims,\n\t\tutf8Key,\n\t);\n}\n\n/**\n * Generates an arbitrary (\"random\") {@link @fluidframework/protocol-definitions#IUser} by generating a\n * random UUID for its {@link @fluidframework/protocol-definitions#IUser.id} and `name` properties.\n */\nexport function generateUser(): IUser {\n\tconst randomUser = {\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tid: uuid(),\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tname: uuid(),\n\t};\n\n\treturn randomUser;\n}\n"]}

package/lib/index.d.ts

@@ -2,18 +2,7 @@
  * Copyright (c) Microsoft Corporation and contributors. All rights reserved.
  * Licensed under the MIT License.
  */
-/**
- * A set of helper utilities for building backend APIs for use with
- * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.
- *
- * @remarks
- * Note that this library's primary entry-point ({@link generateToken}) is only intended
- * to be run in a browser context.
- * It is **not** Node.js-compatible.
- *
- * @packageDocumentation
- */
 export type { IUser } from "@fluidframework/protocol-definitions";
 export { ScopeType } from "@fluidframework/protocol-definitions";
-export { generateToken } from "./generateToken";
+export { generateToken } from "./generateToken.mjs";
 //# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;;;;;;;;GAUG;AAEH,YAAY,EAAE,KAAK,EAAE,MAAM,sCAAsC,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;YAcS,EAAE,KAAK,EAAE,MAAM,sCAAsC;OAC1D,EAAE,SAAS,EAAE,MAAM,sCAAsC;OACzD,EAAE,aAAa,EAAE"}

package/lib/{index.js → index.mjs}

@@ -3,5 +3,5 @@
  * Licensed under the MIT License.
  */
 export { ScopeType } from "@fluidframework/protocol-definitions";
-export { generateToken } from "./generateToken";
-//# sourceMappingURL=index.js.map
+export { generateToken } from "./generateToken.mjs";
+//# sourceMappingURL=index.mjs.map

package/lib/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;OAeI,EAAE,SAAS,EAAE,MAAM,sCAAsC;OACzD,EAAE,aAAa,EAAE","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * A set of helper utilities for building backend APIs for use with\n * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.\n *\n * @remarks\n * Note that this library's primary entry-point ({@link generateToken}) is only intended\n * to be run in a browser context.\n * It is **not** Node.js-compatible.\n *\n * @packageDocumentation\n */\n\nexport type { IUser } from \"@fluidframework/protocol-definitions\";\nexport { ScopeType } from \"@fluidframework/protocol-definitions\";\nexport { generateToken } from \"./generateToken\";\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fluidframework/azure-service-utils",
-  "version": "2.0.0-internal.7.2.2",
+  "version": "2.0.0-internal.7.4.0",
   "description": "Helper service-side utilities for connecting to Azure Fluid Relay service",
   "homepage": "https://fluidframework.com",
   "repository": {
@@ -15,16 +15,16 @@
     ".": {
       "import": {
         "types": "./lib/index.d.ts",
-        "default": "./lib/index.js"
+        "default": "./lib/index.mjs"
       },
       "require": {
         "types": "./dist/index.d.ts",
-        "default": "./dist/index.js"
+        "default": "./dist/index.cjs"
       }
     }
   },
-  "main": "dist/index.js",
-  "module": "lib/index.js",
+  "main": "dist/index.cjs",
+  "module": "lib/index.mjs",
   "types": "dist/index.d.ts",
   "dependencies": {
     "@fluidframework/protocol-definitions": "^3.0.0",
@@ -32,40 +32,60 @@
     "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "@fluid-tools/build-cli": "^0.26.1",
-    "@fluidframework/azure-service-utils-previous": "npm:@fluidframework/azure-service-utils@2.0.0-internal.7.2.1",
+    "@arethetypeswrong/cli": "^0.13.3",
+    "@fluid-tools/build-cli": "^0.28.0",
+    "@fluidframework/azure-service-utils-previous": "npm:@fluidframework/azure-service-utils@2.0.0-internal.7.2.0",
     "@fluidframework/build-common": "^2.0.3",
-    "@fluidframework/build-tools": "^0.26.1",
-    "@fluidframework/eslint-config-fluid": "^3.0.0",
-    "@microsoft/api-extractor": "^7.37.0",
+    "@fluidframework/build-tools": "^0.28.0",
+    "@fluidframework/eslint-config-fluid": "^3.1.0",
+    "@microsoft/api-extractor": "^7.38.3",
     "@types/jsrsasign": "^8.0.8",
+    "copyfiles": "^2.4.1",
     "eslint": "~8.50.0",
     "eslint-config-prettier": "~9.0.0",
     "prettier": "~3.0.3",
     "rimraf": "^4.4.0",
+    "tsc-multi": "^1.1.0",
     "typescript": "~5.1.6"
   },
+  "fluidBuild": {
+    "tasks": {
+      "build:docs": {
+        "dependsOn": [
+          "...",
+          "api-extractor:commonjs",
+          "api-extractor:esnext"
+        ],
+        "script": false
+      }
+    }
+  },
   "typeValidation": {
     "broken": {}
   },
   "scripts": {
+    "api": "fluid-build . --task api",
+    "api-extractor:commonjs": "api-extractor run --local",
+    "api-extractor:esnext": "copyfiles -u 1 \"dist/**/*-@(alpha|beta|public|untrimmed).d.ts\" lib",
     "build": "fluid-build . --task build",
     "build:commonjs": "fluid-build . --task commonjs",
     "build:compile": "fluid-build . --task compile",
-    "build:docs": "api-extractor run --local",
-    "build:esnext": "tsc --project ./tsconfig.esnext.json",
-    "build:test": "tsc --project ./src/test/tsconfig.json",
+    "build:docs": "fluid-build . --task api",
+    "build:esnext": "tsc-multi --config ../../../common/build/build-common/tsc-multi.esm.json",
+    "build:test": "tsc-multi --config ./tsc-multi.test.json",
+    "check:are-the-types-wrong": "attw --pack",
+    "check:release-tags": "api-extractor run --local --config ./api-extractor-lint.json",
     "ci:build:docs": "api-extractor run",
-    "clean": "rimraf --glob dist lib \"*.tsbuildinfo\" \"*.build.log\" _api-extractor-temp",
+    "clean": "rimraf --glob dist lib \"**/*.tsbuildinfo\" \"**/*.build.log\" _api-extractor-temp",
     "eslint": "eslint --format stylish src",
     "eslint:fix": "eslint --format stylish src --fix --fix-type problem,suggestion,layout",
     "format": "npm run prettier:fix",
-    "lint": "npm run prettier && npm run eslint",
+    "lint": "npm run prettier && npm run check:release-tags && npm run eslint",
     "lint:fix": "npm run prettier:fix && npm run eslint:fix",
-    "prettier": "prettier --check . --ignore-path ../../../.prettierignore",
-    "prettier:fix": "prettier --write . --ignore-path ../../../.prettierignore",
+    "prettier": "prettier --check . --cache --ignore-path ../../../.prettierignore",
+    "prettier:fix": "prettier --write . --cache --ignore-path ../../../.prettierignore",
     "test": "echo \"Error: no test specified\" && exit 1",
-    "tsc": "tsc",
+    "tsc": "tsc-multi --config ../../../common/build/build-common/tsc-multi.cjs.json",
     "typetests:gen": "fluid-type-test-generator",
     "typetests:prepare": "flub typetests --dir . --reset --previous --normalize"
   }

package/src/generateToken.ts

@@ -47,8 +47,7 @@ import type { ITokenClaims, IUser, ScopeType } from "@fluidframework/protocol-de
  * Default: 3600 (1 hour).
  * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.
  * Default: `1.0`.
- *
- * @public
+ * @internal
  */
 export function generateToken(
 	tenantId: string,

package/tsc-multi.test.json

@@ -0,0 +1,4 @@
+{
+	"targets": [{ "extname": ".cjs", "module": "CommonJS", "moduleResolution": "Node10" }],
+	"projects": ["./tsconfig.json", "./src/test/tsconfig.json"]
+}

package/tsconfig.json

@@ -1,11 +1,12 @@
 {
-	"extends": "@fluidframework/build-common/ts-common-config.json",
+	"extends": [
+		"../../../common/build/build-common/tsconfig.base.json",
+		"../../../common/build/build-common/tsconfig.cjs.json",
+	],
+	"include": ["src/**/*"],
 	"exclude": ["src/test/**/*"],
 	"compilerOptions": {
-		"strictNullChecks": true,
 		"rootDir": "./src",
 		"outDir": "./dist",
-		"composite": true,
 	},
-	"include": ["src/**/*"],
 }

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAeH,6EAAiE;AAAxD,iHAAA,SAAS,OAAA;AAClB,iDAAgD;AAAvC,8GAAA,aAAa,OAAA","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * A set of helper utilities for building backend APIs for use with\n * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.\n *\n * @remarks\n * Note that this library's primary entry-point ({@link generateToken}) is only intended\n * to be run in a browser context.\n * It is **not** Node.js-compatible.\n *\n * @packageDocumentation\n */\n\nexport type { IUser } from \"@fluidframework/protocol-definitions\";\nexport { ScopeType } from \"@fluidframework/protocol-definitions\";\nexport { generateToken } from \"./generateToken\";\n"]}

package/lib/generateToken.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"generateToken.js","sourceRoot":"","sources":["../src/generateToken.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,MAAM,MAAM,CAAC;AAIlC;;;;;;;;;;;;;;;GAeG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,aAAa,CAC5B,QAAgB,EAChB,GAAW,EACX,MAAmB,EACnB,UAAmB,EACnB,IAAY,EACZ,WAAmB,EAAE,GAAG,EAAE;AAC1B,8CAA8C;AAC9C,yDAAyD;AACzD,MAAc,KAAK;IAEnB,IAAI,SAAS,GAAG,IAAI,IAAI,YAAY,EAAE,CAAC;IACvC,IAAI,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,SAAS,CAAC,EAAE,KAAK,SAAS,EAAE;QACtD,SAAS,GAAG,YAAY,EAAE,CAAC;KAC3B;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAmC;QAC9C,UAAU,EAAE,UAAU,IAAI,EAAE;QAC5B,MAAM;QACN,QAAQ;QACR,IAAI,EAAE,SAAS;QACf,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,QAAQ;QACnB,GAAG;QACH,sGAAsG;QACtG,GAAG,EAAE,IAAI,EAAE;KACX,CAAC;IAEF,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAE9B,OAAO,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;IAC5B,yBAAyB;IACzB,2CAA2C;IAC3C,IAAI,EACJ,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAC5C,MAAM,EACN,OAAO,CACP,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC3B,MAAM,UAAU,GAAG;QAClB,sGAAsG;QACtG,EAAE,EAAE,IAAI,EAAE;QACV,sGAAsG;QACtG,IAAI,EAAE,IAAI,EAAE;KACZ,CAAC;IAEF,OAAO,UAAU,CAAC;AACnB,CAAC","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\nimport { KJUR as jsrsasign } from \"jsrsasign\";\nimport { v4 as uuid } from \"uuid\";\n\nimport type { ITokenClaims, IUser, ScopeType } from \"@fluidframework/protocol-definitions\";\n\n/**\n * IMPORTANT: This function is duplicated in ./packages/runtime/test-runtime-utils/src/generateToken.ts. There is no\n * need for different implementations, so they should be kept in sync if changes are needed.\n *\n * The reason they are duplicated is because we don't want the core Fluid libraries depending on the Azure libraries\n * (enforced by layer-check), but both need to expose this function. The test-runtime-utils library is a test lib, which\n * layer-check (correctly) reuires only be used as a dev dependency. But in the azure case, we want the function\n * exported, so it needs to be sourced from either the package itself or a non-dev dependency.\n *\n * The previous solution to this was to import the function from azure-service-utils into test-runtime-utils, but that\n * no longer works because the azure packages are in a separate release group.\n *\n * If a token needs to be generated on the client side, you should re-use this function. If you need service-side token\n * generation, you should use the function available in the server-services-client package in order to avoid\n * interdependencies between service and client packages.\n */\n\n/**\n * Generates a {@link https://en.wikipedia.org/wiki/JSON_Web_Token | JSON Web Token} (JWT)\n * to authorize access to a Routerlicious-based Fluid service.\n *\n * @remarks Note: this function uses a browser friendly auth library\n * ({@link https://www.npmjs.com/package/jsrsasign | jsrsasign}) and may only be used in client (browser) context.\n * It is **not** Node.js-compatible.\n *\n * @param tenantId - See {@link @fluidframework/protocol-definitions#ITokenClaims.tenantId}\n * @param key - API key to authenticate user. Must be {@link https://en.wikipedia.org/wiki/UTF-8 | UTF-8}-encoded.\n * @param scopes - See {@link @fluidframework/protocol-definitions#ITokenClaims.scopes}\n * @param documentId - See {@link @fluidframework/protocol-definitions#ITokenClaims.documentId}.\n * If not specified, the token will not be associated with a document, and an empty string will be used.\n * @param user - User with whom generated tokens will be associated.\n * If not specified, the token will not be associated with a user, and a randomly generated mock user will be\n * used instead.\n * See {@link @fluidframework/protocol-definitions#ITokenClaims.user}\n * @param lifetime - Used to generate the {@link @fluidframework/protocol-definitions#ITokenClaims.exp | expiration}.\n * Expiration = now + lifetime.\n * Expressed in seconds.\n * Default: 3600 (1 hour).\n * @param ver - See {@link @fluidframework/protocol-definitions#ITokenClaims.ver}.\n * Default: `1.0`.\n *\n * @public\n */\nexport function generateToken(\n\ttenantId: string,\n\tkey: string,\n\tscopes: ScopeType[],\n\tdocumentId?: string,\n\tuser?: IUser,\n\tlifetime: number = 60 * 60,\n\t// Naming intended to match `ITokenClaims.ver`\n\t// eslint-disable-next-line unicorn/prevent-abbreviations\n\tver: string = \"1.0\",\n): string {\n\tlet userClaim = user ?? generateUser();\n\tif (userClaim.id === \"\" || userClaim.id === undefined) {\n\t\tuserClaim = generateUser();\n\t}\n\n\t// Current time in seconds\n\tconst now = Math.round(Date.now() / 1000);\n\n\tconst claims: ITokenClaims & { jti: string } = {\n\t\tdocumentId: documentId ?? \"\",\n\t\tscopes,\n\t\ttenantId,\n\t\tuser: userClaim,\n\t\tiat: now,\n\t\texp: now + lifetime,\n\t\tver,\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tjti: uuid(),\n\t};\n\n\tconst utf8Key = { utf8: key };\n\n\treturn jsrsasign.jws.JWS.sign(\n\t\t// External API uses null\n\t\t// eslint-disable-next-line unicorn/no-null\n\t\tnull,\n\t\tJSON.stringify({ alg: \"HS256\", typ: \"JWT\" }),\n\t\tclaims,\n\t\tutf8Key,\n\t);\n}\n\n/**\n * Generates an arbitrary (\"random\") {@link @fluidframework/protocol-definitions#IUser} by generating a\n * random UUID for its {@link @fluidframework/protocol-definitions#IUser.id} and `name` properties.\n */\nexport function generateUser(): IUser {\n\tconst randomUser = {\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tid: uuid(),\n\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call\n\t\tname: uuid(),\n\t};\n\n\treturn randomUser;\n}\n"]}

package/lib/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAeH,OAAO,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC","sourcesContent":["/*!\n * Copyright (c) Microsoft Corporation and contributors. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * A set of helper utilities for building backend APIs for use with\n * {@link https://docs.microsoft.com/en-us/azure/azure-fluid-relay/overview/overview | Azure Fluid Relay}.\n *\n * @remarks\n * Note that this library's primary entry-point ({@link generateToken}) is only intended\n * to be run in a browser context.\n * It is **not** Node.js-compatible.\n *\n * @packageDocumentation\n */\n\nexport type { IUser } from \"@fluidframework/protocol-definitions\";\nexport { ScopeType } from \"@fluidframework/protocol-definitions\";\nexport { generateToken } from \"./generateToken\";\n"]}

package/tsconfig.esnext.json

@@ -1,7 +0,0 @@
-{
-	"extends": "./tsconfig.json",
-	"compilerOptions": {
-		"outDir": "./lib",
-		"module": "esnext",
-	},
-}