@fonoster/identity 0.8.43 → 0.8.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +3 -7
  2. package/package.json +5 -5
package/README.md CHANGED
@@ -18,7 +18,7 @@ The Fonoster Identity Module provides the cornerstone for secure user management
18
18
 
19
19
  This module offers comprehensive identity management functionality, including creating, reading, updating, and deleting user and workspace entities. Users may represent individual accounts or service accounts. Workspaces provide a way to organize users and streamline permission administration logically. A user can belong to multiple workspaces.
20
20
 
21
- The Identity module ensures secure authentication by employing industry-standard JSON Web Tokens (JWTs). It supports a variety of authentication mechanisms, including username and password, Multi-Factor Authentication (MFA) for added security, OAuth2 for integration with external identity providers, and seamless token exchange to accommodate diverse scenarios.
21
+ The Identity module ensures secure authentication by employing industry-standard JSON Web Tokens (JWTs). It supports a variety of authentication mechanisms, including username and password, Multi-Factor Authentication (MFA) for added security, OAuth2 for integration with external identity providers, and token exchange to accommodate diverse scenarios.
22
22
 
23
23
  Authorization is implemented through a Role-Based Access Control (RBAC) model, allowing for granular control over user and service actions. Predefined roles offer convenience, while the option to create custom roles provides maximum flexibility.
24
24
 
@@ -145,15 +145,11 @@ The Identity Module simplifies the renewal process for expired access tokens. Us
145
145
 
146
146
  ## Refresh-Token Rotation Policy
147
147
 
148
- A well-defined refresh token rotation policy is crucial for maintaining security. Fonoster Identity will provide a time-based refresh token, which means a refresh token will expire after a fixed amount of time.
149
-
150
- Along with the rotation policy, the Identity module will provide a mechanism to invalidate existing refresh tokens to address scenarios like compromised devices or accounts.
148
+ Fonoster Identity uses a time-based refresh token, which means a refresh token will expire after a fixed amount of time. The Identity service must provide a mechanism to invalidate existing refresh tokens to address scenarios like compromised devices or accounts.
151
149
 
152
150
  ## Token Verification
153
151
 
154
- The Identity module employs the RS256 algorithm to sign JWTs, guaranteeing their authenticity and integrity. A system can retrieve the public key from the issuer's JSON Web Key Set (JWKS) endpoint and use it to validate a token.
155
-
156
- A client application may build the URL by appending the issuer's URL with the `/.well-known/jwks.json `endpoint. For example, if the issuer is `https://identity-global.fonoster.com`, the client application will build the URL `https://identity-global.fonoster.com/.well-known/jwks.json`.
152
+ The Identity module employs the RS256 algorithm to sign JWTs, guaranteeing their authenticity and integrity. A system can retrieve the public key from the issuer's `fonoster.identity.v1beta2.Identity.GetPublicKey` gRPC endpoint and use it to validate a token.
157
153
 
158
154
  The verification process involves two steps: first, confirming the token's signature using the correct private key, and second, validating claims such as the issuer, intended audience, and expiration time to establish the token's overall validity.
159
155
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@fonoster/identity",
3
- "version": "0.8.43",
3
+ "version": "0.8.45",
4
4
  "description": "Identity service for Fonoster",
5
5
  "author": "Pedro Sanders <psanders@fonoster.com>",
6
6
  "homepage": "https://github.com/fonoster/fonoster#readme",
@@ -20,9 +20,9 @@
20
20
  "fonoster": "./dist/index.js"
21
21
  },
22
22
  "dependencies": {
23
- "@fonoster/common": "^0.8.43",
24
- "@fonoster/logger": "^0.8.43",
25
- "@fonoster/types": "^0.8.43",
23
+ "@fonoster/common": "^0.8.45",
24
+ "@fonoster/logger": "^0.8.45",
25
+ "@fonoster/types": "^0.8.45",
26
26
  "@grpc/grpc-js": "~1.10.6",
27
27
  "@prisma/client": "^6.0.1",
28
28
  "jsonwebtoken": "^9.0.2",
@@ -48,5 +48,5 @@
48
48
  "devDependencies": {
49
49
  "@types/jsonwebtoken": "^9.0.6"
50
50
  },
51
- "gitHead": "b6971e5e184c3deb7d2f133bf99abaa70cc6ccaa"
51
+ "gitHead": "5aabc6054bebd038f165d8614a2fd843dafdc1bb"
52
52
  }