@go-mondo/identity-sdk 0.0.2-beta.74 → 0.0.2-beta.76
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.release-please-manifest.json +1 -1
- package/.tsbuildinfo/cjs.json +1 -1
- package/.tsbuildinfo/esm.json +1 -1
- package/CHANGELOG.md +14 -0
- package/dist/cjs/app/authorization/schema.d.ts +14 -23
- package/dist/cjs/app/authorization/schema.d.ts.map +1 -1
- package/dist/cjs/app/authorization/schema.js +5 -3
- package/dist/cjs/app/authorization/schema.test.js +26 -0
- package/dist/cjs/common/schema/jwt.d.ts +0 -6
- package/dist/cjs/common/schema/jwt.d.ts.map +1 -1
- package/dist/cjs/common/schema/jwt.js +0 -3
- package/dist/cjs/common/schema/jwt.test.js +0 -8
- package/dist/cjs/workspace/authorization/schema.d.ts +0 -9
- package/dist/cjs/workspace/authorization/schema.d.ts.map +1 -1
- package/dist/esm/app/authorization/schema.d.ts +14 -23
- package/dist/esm/app/authorization/schema.d.ts.map +1 -1
- package/dist/esm/app/authorization/schema.js +5 -3
- package/dist/esm/app/authorization/schema.test.js +26 -0
- package/dist/esm/common/schema/jwt.d.ts +0 -6
- package/dist/esm/common/schema/jwt.d.ts.map +1 -1
- package/dist/esm/common/schema/jwt.js +0 -3
- package/dist/esm/common/schema/jwt.test.js +0 -8
- package/dist/esm/workspace/authorization/schema.d.ts +0 -9
- package/dist/esm/workspace/authorization/schema.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/action/schema/operations/sign-up-verification.test.ts.bak +0 -163
- package/src/action/schema/operations/sign-up.test.ts.bak +0 -203
- package/src/action/schema/operations/user-attribute-verification.test.ts.bak +0 -148
- package/src/activity/schema/base.test.ts.bak +0 -291
- package/src/activity/schema/schema.test.ts.bak +0 -392
- package/src/activity/schema/types/authentication.test.ts.bak +0 -337
- package/src/activity/schema/types/authorization.test.ts.bak +0 -379
- package/src/activity/schema/types/note.test.ts.bak +0 -367
- package/src/activity/schema/types/operation.test.ts.bak +0 -379
- package/src/activity/schema/types/unknown.test.ts.bak +0 -304
- package/src/app/authorization/schema.test.ts.bak +0 -412
- package/src/app/oidc/schema.test.ts.bak +0 -117
- package/src/app/registration/schema.test.ts.bak +0 -308
- package/src/app/schema.test.ts.bak +0 -221
- package/src/association/schema.test.ts.bak +0 -148
- package/src/authentication/factors/schema.test.ts.bak +0 -174
- package/src/authentication/settings/schema.test.ts.bak +0 -91
- package/src/authorization/permissions/schema.test.ts.bak +0 -267
- package/src/authorization/roles/schema.test.ts.bak +0 -283
- package/src/common/schema/aggregate.test.ts.bak +0 -89
- package/src/common/schema/collection.test.ts.bak +0 -116
- package/src/common/schema/dates.test.ts.bak +0 -49
- package/src/common/schema/id.test.ts.bak +0 -149
- package/src/common/schema/jwt.test.ts.bak +0 -61
- package/src/common/schema/metadata.test.ts.bak +0 -141
- package/src/common/schema/pagination.test.ts.bak +0 -80
- package/src/common/schema/schema.test.ts.bak +0 -41
- package/src/customer/users/schema.test.ts.bak +0 -138
- package/src/identity/schema.test.ts.bak +0 -48
- package/src/oauth/token/schema/schema.test.ts.bak +0 -142
- package/src/workspace/settings/schema.test.ts.bak +0 -88
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [0.0.2-beta.76](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.75...identity-sdk-v0.0.2-beta.76) (2026-05-06)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* allow null auth values for removal ([067e3e9](https://github.com/go-mondo/identity-node-sdk/commit/067e3e9404506dbf1f9548d879523bf58b1480ba))
|
|
9
|
+
|
|
10
|
+
## [0.0.2-beta.75](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.74...identity-sdk-v0.0.2-beta.75) (2026-05-06)
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
### Bug Fixes
|
|
14
|
+
|
|
15
|
+
* remove symmetric algos ([e020d2c](https://github.com/go-mondo/identity-node-sdk/commit/e020d2c2e917a2fc49761731abb96bfdf067132d))
|
|
16
|
+
|
|
3
17
|
## [0.0.2-beta.74](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.73...identity-sdk-v0.0.2-beta.74) (2026-05-06)
|
|
4
18
|
|
|
5
19
|
|
|
@@ -18,9 +18,6 @@ export declare const AuthorizationSchema: z.ZodObject<{
|
|
|
18
18
|
refreshTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
19
19
|
accessTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
20
20
|
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodEnum<{
|
|
21
|
-
HS256: "HS256";
|
|
22
|
-
HS384: "HS384";
|
|
23
|
-
HS512: "HS512";
|
|
24
21
|
RS256: "RS256";
|
|
25
22
|
RS384: "RS384";
|
|
26
23
|
RS512: "RS512";
|
|
@@ -52,9 +49,6 @@ export declare const AuthorizationPayloadSchema: z.ZodObject<{
|
|
|
52
49
|
refreshTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
53
50
|
accessTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
54
51
|
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodEnum<{
|
|
55
|
-
HS256: "HS256";
|
|
56
|
-
HS384: "HS384";
|
|
57
|
-
HS512: "HS512";
|
|
58
52
|
RS256: "RS256";
|
|
59
53
|
RS384: "RS384";
|
|
60
54
|
RS512: "RS512";
|
|
@@ -69,22 +63,10 @@ export declare const AuthorizationPayloadSchema: z.ZodObject<{
|
|
|
69
63
|
export type AuthorizationPayload = z.output<typeof AuthorizationPayloadSchema>;
|
|
70
64
|
export declare const UpsertAuthorizationPayloadSchema: z.ZodObject<{
|
|
71
65
|
metadata: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodNull, z.ZodCustom<Map<string, string | number | boolean>, Map<string, string | number | boolean>>, z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean]>>]>, z.ZodTransform<Record<string, string | number | boolean> | null | undefined, Record<string, string | number | boolean> | Map<string, string | number | boolean> | null | undefined>>>;
|
|
72
|
-
loginUri: z.ZodOptional<z.ZodUnion<readonly [z.ZodUnion<[z.ZodPipe<z.ZodCustom<URL, URL>, z.ZodTransform<string, URL>>, z.ZodURL]>, z.ZodUndefined]>>;
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
client_credentials: "client_credentials";
|
|
77
|
-
authorization_code: "authorization_code";
|
|
78
|
-
implicit: "implicit";
|
|
79
|
-
refresh_token: "refresh_token";
|
|
80
|
-
}>>, z.ZodCustom<Set<AnyGrantType>, Set<AnyGrantType>>]>, z.ZodTransform<("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined, Set<AnyGrantType> | ("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined>>>;
|
|
81
|
-
defaultAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodUndefined]>>;
|
|
82
|
-
refreshTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
83
|
-
accessTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
84
|
-
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodEnum<{
|
|
85
|
-
HS256: "HS256";
|
|
86
|
-
HS384: "HS384";
|
|
87
|
-
HS512: "HS512";
|
|
66
|
+
loginUri: z.ZodOptional<z.ZodUnion<readonly [z.ZodUnion<[z.ZodPipe<z.ZodCustom<URL, URL>, z.ZodTransform<string, URL>>, z.ZodURL]>, z.ZodNull, z.ZodUndefined]>>;
|
|
67
|
+
refreshTokenDuration: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
68
|
+
accessTokenDuration: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
69
|
+
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
88
70
|
RS256: "RS256";
|
|
89
71
|
RS384: "RS384";
|
|
90
72
|
RS512: "RS512";
|
|
@@ -94,7 +76,16 @@ export declare const UpsertAuthorizationPayloadSchema: z.ZodObject<{
|
|
|
94
76
|
PS256: "PS256";
|
|
95
77
|
PS384: "PS384";
|
|
96
78
|
PS512: "PS512";
|
|
97
|
-
}
|
|
79
|
+
}>>>;
|
|
80
|
+
callbackUrls: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodPipe<z.ZodArray<z.ZodUnion<[z.ZodPipe<z.ZodURL, z.ZodTransform<URL, string>>, z.ZodCustom<URL, URL>]>>, z.ZodTransform<URL[], URL[]>>, z.ZodCustom<Set<URL>, Set<URL>>]>, z.ZodTransform<string[] | undefined, Set<URL> | URL[] | undefined>>>;
|
|
81
|
+
availableAudiences: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodPipe<z.ZodArray<z.ZodString>, z.ZodTransform<string[], string[]>>, z.ZodSet<z.ZodString>]>, z.ZodTransform<string[] | undefined, Set<string> | string[] | undefined>>>;
|
|
82
|
+
availableGrants: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodArray<z.ZodEnum<{
|
|
83
|
+
client_credentials: "client_credentials";
|
|
84
|
+
authorization_code: "authorization_code";
|
|
85
|
+
implicit: "implicit";
|
|
86
|
+
refresh_token: "refresh_token";
|
|
87
|
+
}>>, z.ZodCustom<Set<AnyGrantType>, Set<AnyGrantType>>]>, z.ZodTransform<("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined, Set<AnyGrantType> | ("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined>>>;
|
|
88
|
+
defaultAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNull, z.ZodUndefined]>>;
|
|
98
89
|
}, z.core.$strip>;
|
|
99
90
|
export type UpsertAuthorizationInput = z.input<typeof UpsertAuthorizationPayloadSchema>;
|
|
100
91
|
export type UpsertAuthorizationPayload = z.output<typeof UpsertAuthorizationPayloadSchema>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/app/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAyB5B,OAAO,EAAE,KAAK,YAAY,EAAa,MAAM,8BAA8B,CAAC;AA4B5E,eAAO,MAAM,mBAAmB
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/app/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAyB5B,OAAO,EAAE,KAAK,YAAY,EAAa,MAAM,8BAA8B,CAAC;AA4B5E,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAW9B,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAC1E,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEjE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAWrC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE/E,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;iBAU3C,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAC5C,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAC/C,OAAO,gCAAgC,CACxC,CAAC"}
|
|
@@ -86,11 +86,13 @@ exports.AuthorizationPayloadSchema = z.object({
|
|
|
86
86
|
...metadata_js_1.MetadataPayloadPropertySchema.shape,
|
|
87
87
|
});
|
|
88
88
|
exports.UpsertAuthorizationPayloadSchema = z.object({
|
|
89
|
-
|
|
90
|
-
|
|
89
|
+
loginUri: z.union([url_js_1.WebUrlStringSchema, z.null(), z.undefined()]).optional(),
|
|
90
|
+
refreshTokenDuration: z.number().nullish(),
|
|
91
|
+
accessTokenDuration: z.number().nullish(),
|
|
92
|
+
accessTokenSignatureAlgorithm: jwt_js_1.AlgorithmSchema.nullish(),
|
|
91
93
|
callbackUrls: url_js_1.UniqueWebUrlStringArraySchema.optional(),
|
|
92
94
|
availableAudiences: AudienceArraySchema.optional(),
|
|
93
95
|
availableGrants: AvailableGrantArraySchema.optional(),
|
|
94
|
-
defaultAudience: z.union([z.string(), z.undefined()]).optional(),
|
|
96
|
+
defaultAudience: z.union([z.string(), z.null(), z.undefined()]).optional(),
|
|
95
97
|
...metadata_js_1.UpsertMetadataPropertyPayloadSchema.shape,
|
|
96
98
|
});
|
|
@@ -145,6 +145,18 @@ const schema_js_1 = require("./schema.js");
|
|
|
145
145
|
const result = schema_js_1.AuthorizationSchema.safeParse(authorization);
|
|
146
146
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
147
147
|
});
|
|
148
|
+
(0, vitest_1.test)('should reject null values for removable fields', () => {
|
|
149
|
+
const authorization = {
|
|
150
|
+
loginUri: null,
|
|
151
|
+
refreshTokenDuration: null,
|
|
152
|
+
accessTokenDuration: null,
|
|
153
|
+
accessTokenSignatureAlgorithm: null,
|
|
154
|
+
defaultAudience: null,
|
|
155
|
+
metadata: {},
|
|
156
|
+
};
|
|
157
|
+
const result = schema_js_1.AuthorizationSchema.safeParse(authorization);
|
|
158
|
+
(0, vitest_1.expect)(result.success).toBe(false);
|
|
159
|
+
});
|
|
148
160
|
});
|
|
149
161
|
(0, vitest_1.describe)('AuthorizationPayloadSchema', () => {
|
|
150
162
|
(0, vitest_1.test)('should accept complete authorization payload', () => {
|
|
@@ -318,6 +330,20 @@ const schema_js_1 = require("./schema.js");
|
|
|
318
330
|
const result = schema_js_1.UpsertAuthorizationPayloadSchema.safeParse(payload);
|
|
319
331
|
(0, vitest_1.expect)(result.success).toBe(true);
|
|
320
332
|
});
|
|
333
|
+
(0, vitest_1.test)('should accept upsert with null values for removable fields', () => {
|
|
334
|
+
const payload = {
|
|
335
|
+
loginUri: null,
|
|
336
|
+
refreshTokenDuration: null,
|
|
337
|
+
accessTokenDuration: null,
|
|
338
|
+
accessTokenSignatureAlgorithm: null,
|
|
339
|
+
defaultAudience: null,
|
|
340
|
+
metadata: {
|
|
341
|
+
reset_fields: 'loginUri,refreshTokenDuration,accessTokenDuration,accessTokenSignatureAlgorithm,defaultAudience',
|
|
342
|
+
},
|
|
343
|
+
};
|
|
344
|
+
const result = schema_js_1.UpsertAuthorizationPayloadSchema.safeParse(payload);
|
|
345
|
+
(0, vitest_1.expect)(result.success).toBe(true);
|
|
346
|
+
});
|
|
321
347
|
(0, vitest_1.test)('should accept empty metadata upsert', () => {
|
|
322
348
|
const payload = {
|
|
323
349
|
refreshTokenDuration: 7200,
|
|
@@ -3,9 +3,6 @@ import * as z from 'zod/v4';
|
|
|
3
3
|
* Ref: https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
|
|
4
4
|
*/
|
|
5
5
|
export declare const Algorithm: {
|
|
6
|
-
readonly HS256: "HS256";
|
|
7
|
-
readonly HS384: "HS384";
|
|
8
|
-
readonly HS512: "HS512";
|
|
9
6
|
readonly RS256: "RS256";
|
|
10
7
|
readonly RS384: "RS384";
|
|
11
8
|
readonly RS512: "RS512";
|
|
@@ -19,9 +16,6 @@ export declare const Algorithm: {
|
|
|
19
16
|
export type AnyAlgorithm = (typeof Algorithm)[keyof typeof Algorithm];
|
|
20
17
|
export declare const DEFAULT_ALGORITHM: "RS256";
|
|
21
18
|
export declare const AlgorithmSchema: z.ZodEnum<{
|
|
22
|
-
HS256: "HS256";
|
|
23
|
-
HS384: "HS384";
|
|
24
|
-
HS512: "HS512";
|
|
25
19
|
RS256: "RS256";
|
|
26
20
|
RS384: "RS384";
|
|
27
21
|
RS512: "RS512";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../src/common/schema/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B;;GAEG;AACH,eAAO,MAAM,SAAS
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../src/common/schema/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B;;GAEG;AACH,eAAO,MAAM,SAAS;;;;;;;;;;CAUZ,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEtE,eAAO,MAAM,iBAAiB,SAAkB,CAAC;AAEjD,eAAO,MAAM,eAAe;;;;;;;;;;EAEO,CAAC"}
|
|
@@ -5,9 +5,6 @@ const jwt_js_1 = require("./jwt.js");
|
|
|
5
5
|
(0, vitest_1.describe)('Common Schema - JWT', () => {
|
|
6
6
|
(0, vitest_1.describe)('Algorithm constants', () => {
|
|
7
7
|
(0, vitest_1.test)('should have correct algorithm values', () => {
|
|
8
|
-
(0, vitest_1.expect)(jwt_js_1.Algorithm.HS256).toBe('HS256');
|
|
9
|
-
(0, vitest_1.expect)(jwt_js_1.Algorithm.HS384).toBe('HS384');
|
|
10
|
-
(0, vitest_1.expect)(jwt_js_1.Algorithm.HS512).toBe('HS512');
|
|
11
8
|
(0, vitest_1.expect)(jwt_js_1.Algorithm.RS256).toBe('RS256');
|
|
12
9
|
(0, vitest_1.expect)(jwt_js_1.Algorithm.RS384).toBe('RS384');
|
|
13
10
|
(0, vitest_1.expect)(jwt_js_1.Algorithm.RS512).toBe('RS512');
|
|
@@ -20,11 +17,6 @@ const jwt_js_1 = require("./jwt.js");
|
|
|
20
17
|
});
|
|
21
18
|
});
|
|
22
19
|
(0, vitest_1.describe)('AlgorithmSchema', () => {
|
|
23
|
-
(0, vitest_1.test)('should accept valid HMAC algorithms', () => {
|
|
24
|
-
(0, vitest_1.expect)(jwt_js_1.AlgorithmSchema.safeParse('HS256').success).toBe(true);
|
|
25
|
-
(0, vitest_1.expect)(jwt_js_1.AlgorithmSchema.safeParse('HS384').success).toBe(true);
|
|
26
|
-
(0, vitest_1.expect)(jwt_js_1.AlgorithmSchema.safeParse('HS512').success).toBe(true);
|
|
27
|
-
});
|
|
28
20
|
(0, vitest_1.test)('should accept valid RSA algorithms', () => {
|
|
29
21
|
(0, vitest_1.expect)(jwt_js_1.AlgorithmSchema.safeParse('RS256').success).toBe(true);
|
|
30
22
|
(0, vitest_1.expect)(jwt_js_1.AlgorithmSchema.safeParse('RS384').success).toBe(true);
|
|
@@ -11,9 +11,6 @@ export declare const AuthorizationSchema: z.ZodObject<{
|
|
|
11
11
|
refreshTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
12
12
|
accessTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
13
13
|
accessTokenSignatureAlgorithm: z.ZodDefault<z.ZodEnum<{
|
|
14
|
-
HS256: "HS256";
|
|
15
|
-
HS384: "HS384";
|
|
16
|
-
HS512: "HS512";
|
|
17
14
|
RS256: "RS256";
|
|
18
15
|
RS384: "RS384";
|
|
19
16
|
RS512: "RS512";
|
|
@@ -36,9 +33,6 @@ export declare const AuthorizationPayloadSchema: z.ZodObject<{
|
|
|
36
33
|
refreshTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
37
34
|
accessTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
38
35
|
accessTokenSignatureAlgorithm: z.ZodDefault<z.ZodEnum<{
|
|
39
|
-
HS256: "HS256";
|
|
40
|
-
HS384: "HS384";
|
|
41
|
-
HS512: "HS512";
|
|
42
36
|
RS256: "RS256";
|
|
43
37
|
RS384: "RS384";
|
|
44
38
|
RS512: "RS512";
|
|
@@ -57,9 +51,6 @@ export declare const UpsertAuthorizationPayloadSchema: z.ZodObject<{
|
|
|
57
51
|
refreshTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
58
52
|
accessTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
59
53
|
accessTokenSignatureAlgorithm: z.ZodDefault<z.ZodEnum<{
|
|
60
|
-
HS256: "HS256";
|
|
61
|
-
HS384: "HS384";
|
|
62
|
-
HS512: "HS512";
|
|
63
54
|
RS256: "RS256";
|
|
64
55
|
RS384: "RS384";
|
|
65
56
|
RS512: "RS512";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/workspace/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAe5B,eAAO,MAAM,wBAAwB,QAAc,CAAC;AACpD,eAAO,MAAM,8BAA8B,QAAoB,CAAC;AAChE,eAAO,MAAM,6BAA6B,QAAc,CAAC;AASzD,eAAO,MAAM,mBAAmB
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/workspace/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAe5B,eAAO,MAAM,wBAAwB,QAAc,CAAC;AACpD,eAAO,MAAM,8BAA8B,QAAoB,CAAC;AAChE,eAAO,MAAM,6BAA6B,QAAc,CAAC;AASzD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;iBAM9B,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAC1E,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEjE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;iBAMrC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE/E,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;iBAG3C,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAC/C,OAAO,gCAAgC,CACxC,CAAC"}
|
|
@@ -18,9 +18,6 @@ export declare const AuthorizationSchema: z.ZodObject<{
|
|
|
18
18
|
refreshTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
19
19
|
accessTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
20
20
|
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodEnum<{
|
|
21
|
-
HS256: "HS256";
|
|
22
|
-
HS384: "HS384";
|
|
23
|
-
HS512: "HS512";
|
|
24
21
|
RS256: "RS256";
|
|
25
22
|
RS384: "RS384";
|
|
26
23
|
RS512: "RS512";
|
|
@@ -52,9 +49,6 @@ export declare const AuthorizationPayloadSchema: z.ZodObject<{
|
|
|
52
49
|
refreshTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
53
50
|
accessTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
54
51
|
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodEnum<{
|
|
55
|
-
HS256: "HS256";
|
|
56
|
-
HS384: "HS384";
|
|
57
|
-
HS512: "HS512";
|
|
58
52
|
RS256: "RS256";
|
|
59
53
|
RS384: "RS384";
|
|
60
54
|
RS512: "RS512";
|
|
@@ -69,22 +63,10 @@ export declare const AuthorizationPayloadSchema: z.ZodObject<{
|
|
|
69
63
|
export type AuthorizationPayload = z.output<typeof AuthorizationPayloadSchema>;
|
|
70
64
|
export declare const UpsertAuthorizationPayloadSchema: z.ZodObject<{
|
|
71
65
|
metadata: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodNull, z.ZodCustom<Map<string, string | number | boolean>, Map<string, string | number | boolean>>, z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean]>>]>, z.ZodTransform<Record<string, string | number | boolean> | null | undefined, Record<string, string | number | boolean> | Map<string, string | number | boolean> | null | undefined>>>;
|
|
72
|
-
loginUri: z.ZodOptional<z.ZodUnion<readonly [z.ZodUnion<[z.ZodPipe<z.ZodCustom<URL, URL>, z.ZodTransform<string, URL>>, z.ZodURL]>, z.ZodUndefined]>>;
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
client_credentials: "client_credentials";
|
|
77
|
-
authorization_code: "authorization_code";
|
|
78
|
-
implicit: "implicit";
|
|
79
|
-
refresh_token: "refresh_token";
|
|
80
|
-
}>>, z.ZodCustom<Set<AnyGrantType>, Set<AnyGrantType>>]>, z.ZodTransform<("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined, Set<AnyGrantType> | ("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined>>>;
|
|
81
|
-
defaultAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodUndefined]>>;
|
|
82
|
-
refreshTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
83
|
-
accessTokenDuration: z.ZodOptional<z.ZodNumber>;
|
|
84
|
-
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodEnum<{
|
|
85
|
-
HS256: "HS256";
|
|
86
|
-
HS384: "HS384";
|
|
87
|
-
HS512: "HS512";
|
|
66
|
+
loginUri: z.ZodOptional<z.ZodUnion<readonly [z.ZodUnion<[z.ZodPipe<z.ZodCustom<URL, URL>, z.ZodTransform<string, URL>>, z.ZodURL]>, z.ZodNull, z.ZodUndefined]>>;
|
|
67
|
+
refreshTokenDuration: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
68
|
+
accessTokenDuration: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
69
|
+
accessTokenSignatureAlgorithm: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
88
70
|
RS256: "RS256";
|
|
89
71
|
RS384: "RS384";
|
|
90
72
|
RS512: "RS512";
|
|
@@ -94,7 +76,16 @@ export declare const UpsertAuthorizationPayloadSchema: z.ZodObject<{
|
|
|
94
76
|
PS256: "PS256";
|
|
95
77
|
PS384: "PS384";
|
|
96
78
|
PS512: "PS512";
|
|
97
|
-
}
|
|
79
|
+
}>>>;
|
|
80
|
+
callbackUrls: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodPipe<z.ZodArray<z.ZodUnion<[z.ZodPipe<z.ZodURL, z.ZodTransform<URL, string>>, z.ZodCustom<URL, URL>]>>, z.ZodTransform<URL[], URL[]>>, z.ZodCustom<Set<URL>, Set<URL>>]>, z.ZodTransform<string[] | undefined, Set<URL> | URL[] | undefined>>>;
|
|
81
|
+
availableAudiences: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodPipe<z.ZodArray<z.ZodString>, z.ZodTransform<string[], string[]>>, z.ZodSet<z.ZodString>]>, z.ZodTransform<string[] | undefined, Set<string> | string[] | undefined>>>;
|
|
82
|
+
availableGrants: z.ZodOptional<z.ZodPipe<z.ZodUnion<readonly [z.ZodUndefined, z.ZodArray<z.ZodEnum<{
|
|
83
|
+
client_credentials: "client_credentials";
|
|
84
|
+
authorization_code: "authorization_code";
|
|
85
|
+
implicit: "implicit";
|
|
86
|
+
refresh_token: "refresh_token";
|
|
87
|
+
}>>, z.ZodCustom<Set<AnyGrantType>, Set<AnyGrantType>>]>, z.ZodTransform<("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined, Set<AnyGrantType> | ("client_credentials" | "authorization_code" | "implicit" | "refresh_token")[] | undefined>>>;
|
|
88
|
+
defaultAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNull, z.ZodUndefined]>>;
|
|
98
89
|
}, z.core.$strip>;
|
|
99
90
|
export type UpsertAuthorizationInput = z.input<typeof UpsertAuthorizationPayloadSchema>;
|
|
100
91
|
export type UpsertAuthorizationPayload = z.output<typeof UpsertAuthorizationPayloadSchema>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/app/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAyB5B,OAAO,EAAE,KAAK,YAAY,EAAa,MAAM,8BAA8B,CAAC;AA4B5E,eAAO,MAAM,mBAAmB
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/app/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAyB5B,OAAO,EAAE,KAAK,YAAY,EAAa,MAAM,8BAA8B,CAAC;AA4B5E,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAW9B,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAC1E,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEjE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAWrC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE/E,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;iBAU3C,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAC5C,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAC/C,OAAO,gCAAgC,CACxC,CAAC"}
|
|
@@ -50,11 +50,13 @@ export const AuthorizationPayloadSchema = z.object({
|
|
|
50
50
|
...MetadataPayloadPropertySchema.shape,
|
|
51
51
|
});
|
|
52
52
|
export const UpsertAuthorizationPayloadSchema = z.object({
|
|
53
|
-
|
|
54
|
-
|
|
53
|
+
loginUri: z.union([WebUrlStringSchema, z.null(), z.undefined()]).optional(),
|
|
54
|
+
refreshTokenDuration: z.number().nullish(),
|
|
55
|
+
accessTokenDuration: z.number().nullish(),
|
|
56
|
+
accessTokenSignatureAlgorithm: AlgorithmSchema.nullish(),
|
|
55
57
|
callbackUrls: UniqueWebUrlStringArraySchema.optional(),
|
|
56
58
|
availableAudiences: AudienceArraySchema.optional(),
|
|
57
59
|
availableGrants: AvailableGrantArraySchema.optional(),
|
|
58
|
-
defaultAudience: z.union([z.string(), z.undefined()]).optional(),
|
|
60
|
+
defaultAudience: z.union([z.string(), z.null(), z.undefined()]).optional(),
|
|
59
61
|
...UpsertMetadataPropertyPayloadSchema.shape,
|
|
60
62
|
});
|
|
@@ -143,6 +143,18 @@ describe('App Authorization - Schema', () => {
|
|
|
143
143
|
const result = AuthorizationSchema.safeParse(authorization);
|
|
144
144
|
expect(result.success).toBe(false);
|
|
145
145
|
});
|
|
146
|
+
test('should reject null values for removable fields', () => {
|
|
147
|
+
const authorization = {
|
|
148
|
+
loginUri: null,
|
|
149
|
+
refreshTokenDuration: null,
|
|
150
|
+
accessTokenDuration: null,
|
|
151
|
+
accessTokenSignatureAlgorithm: null,
|
|
152
|
+
defaultAudience: null,
|
|
153
|
+
metadata: {},
|
|
154
|
+
};
|
|
155
|
+
const result = AuthorizationSchema.safeParse(authorization);
|
|
156
|
+
expect(result.success).toBe(false);
|
|
157
|
+
});
|
|
146
158
|
});
|
|
147
159
|
describe('AuthorizationPayloadSchema', () => {
|
|
148
160
|
test('should accept complete authorization payload', () => {
|
|
@@ -316,6 +328,20 @@ describe('App Authorization - Schema', () => {
|
|
|
316
328
|
const result = UpsertAuthorizationPayloadSchema.safeParse(payload);
|
|
317
329
|
expect(result.success).toBe(true);
|
|
318
330
|
});
|
|
331
|
+
test('should accept upsert with null values for removable fields', () => {
|
|
332
|
+
const payload = {
|
|
333
|
+
loginUri: null,
|
|
334
|
+
refreshTokenDuration: null,
|
|
335
|
+
accessTokenDuration: null,
|
|
336
|
+
accessTokenSignatureAlgorithm: null,
|
|
337
|
+
defaultAudience: null,
|
|
338
|
+
metadata: {
|
|
339
|
+
reset_fields: 'loginUri,refreshTokenDuration,accessTokenDuration,accessTokenSignatureAlgorithm,defaultAudience',
|
|
340
|
+
},
|
|
341
|
+
};
|
|
342
|
+
const result = UpsertAuthorizationPayloadSchema.safeParse(payload);
|
|
343
|
+
expect(result.success).toBe(true);
|
|
344
|
+
});
|
|
319
345
|
test('should accept empty metadata upsert', () => {
|
|
320
346
|
const payload = {
|
|
321
347
|
refreshTokenDuration: 7200,
|
|
@@ -3,9 +3,6 @@ import * as z from 'zod/v4';
|
|
|
3
3
|
* Ref: https://datatracker.ietf.org/doc/html/rfc7518#section-3.1
|
|
4
4
|
*/
|
|
5
5
|
export declare const Algorithm: {
|
|
6
|
-
readonly HS256: "HS256";
|
|
7
|
-
readonly HS384: "HS384";
|
|
8
|
-
readonly HS512: "HS512";
|
|
9
6
|
readonly RS256: "RS256";
|
|
10
7
|
readonly RS384: "RS384";
|
|
11
8
|
readonly RS512: "RS512";
|
|
@@ -19,9 +16,6 @@ export declare const Algorithm: {
|
|
|
19
16
|
export type AnyAlgorithm = (typeof Algorithm)[keyof typeof Algorithm];
|
|
20
17
|
export declare const DEFAULT_ALGORITHM: "RS256";
|
|
21
18
|
export declare const AlgorithmSchema: z.ZodEnum<{
|
|
22
|
-
HS256: "HS256";
|
|
23
|
-
HS384: "HS384";
|
|
24
|
-
HS512: "HS512";
|
|
25
19
|
RS256: "RS256";
|
|
26
20
|
RS384: "RS384";
|
|
27
21
|
RS512: "RS512";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../src/common/schema/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B;;GAEG;AACH,eAAO,MAAM,SAAS
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../src/common/schema/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B;;GAEG;AACH,eAAO,MAAM,SAAS;;;;;;;;;;CAUZ,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEtE,eAAO,MAAM,iBAAiB,SAAkB,CAAC;AAEjD,eAAO,MAAM,eAAe;;;;;;;;;;EAEO,CAAC"}
|
|
@@ -3,9 +3,6 @@ import { Algorithm, AlgorithmSchema } from './jwt.js';
|
|
|
3
3
|
describe('Common Schema - JWT', () => {
|
|
4
4
|
describe('Algorithm constants', () => {
|
|
5
5
|
test('should have correct algorithm values', () => {
|
|
6
|
-
expect(Algorithm.HS256).toBe('HS256');
|
|
7
|
-
expect(Algorithm.HS384).toBe('HS384');
|
|
8
|
-
expect(Algorithm.HS512).toBe('HS512');
|
|
9
6
|
expect(Algorithm.RS256).toBe('RS256');
|
|
10
7
|
expect(Algorithm.RS384).toBe('RS384');
|
|
11
8
|
expect(Algorithm.RS512).toBe('RS512');
|
|
@@ -18,11 +15,6 @@ describe('Common Schema - JWT', () => {
|
|
|
18
15
|
});
|
|
19
16
|
});
|
|
20
17
|
describe('AlgorithmSchema', () => {
|
|
21
|
-
test('should accept valid HMAC algorithms', () => {
|
|
22
|
-
expect(AlgorithmSchema.safeParse('HS256').success).toBe(true);
|
|
23
|
-
expect(AlgorithmSchema.safeParse('HS384').success).toBe(true);
|
|
24
|
-
expect(AlgorithmSchema.safeParse('HS512').success).toBe(true);
|
|
25
|
-
});
|
|
26
18
|
test('should accept valid RSA algorithms', () => {
|
|
27
19
|
expect(AlgorithmSchema.safeParse('RS256').success).toBe(true);
|
|
28
20
|
expect(AlgorithmSchema.safeParse('RS384').success).toBe(true);
|
|
@@ -11,9 +11,6 @@ export declare const AuthorizationSchema: z.ZodObject<{
|
|
|
11
11
|
refreshTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
12
12
|
accessTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
13
13
|
accessTokenSignatureAlgorithm: z.ZodDefault<z.ZodEnum<{
|
|
14
|
-
HS256: "HS256";
|
|
15
|
-
HS384: "HS384";
|
|
16
|
-
HS512: "HS512";
|
|
17
14
|
RS256: "RS256";
|
|
18
15
|
RS384: "RS384";
|
|
19
16
|
RS512: "RS512";
|
|
@@ -36,9 +33,6 @@ export declare const AuthorizationPayloadSchema: z.ZodObject<{
|
|
|
36
33
|
refreshTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
37
34
|
accessTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
38
35
|
accessTokenSignatureAlgorithm: z.ZodDefault<z.ZodEnum<{
|
|
39
|
-
HS256: "HS256";
|
|
40
|
-
HS384: "HS384";
|
|
41
|
-
HS512: "HS512";
|
|
42
36
|
RS256: "RS256";
|
|
43
37
|
RS384: "RS384";
|
|
44
38
|
RS512: "RS512";
|
|
@@ -57,9 +51,6 @@ export declare const UpsertAuthorizationPayloadSchema: z.ZodObject<{
|
|
|
57
51
|
refreshTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
58
52
|
accessTokenDuration: z.ZodDefault<z.ZodNumber>;
|
|
59
53
|
accessTokenSignatureAlgorithm: z.ZodDefault<z.ZodEnum<{
|
|
60
|
-
HS256: "HS256";
|
|
61
|
-
HS384: "HS384";
|
|
62
|
-
HS512: "HS512";
|
|
63
54
|
RS256: "RS256";
|
|
64
55
|
RS384: "RS384";
|
|
65
56
|
RS512: "RS512";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/workspace/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAe5B,eAAO,MAAM,wBAAwB,QAAc,CAAC;AACpD,eAAO,MAAM,8BAA8B,QAAoB,CAAC;AAChE,eAAO,MAAM,6BAA6B,QAAc,CAAC;AASzD,eAAO,MAAM,mBAAmB
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/workspace/authorization/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAe5B,eAAO,MAAM,wBAAwB,QAAc,CAAC;AACpD,eAAO,MAAM,8BAA8B,QAAoB,CAAC;AAChE,eAAO,MAAM,6BAA6B,QAAc,CAAC;AASzD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;iBAM9B,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAC1E,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEjE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;iBAMrC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE/E,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;iBAG3C,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAC/C,OAAO,gCAAgC,CACxC,CAAC"}
|