@idp.global/interfaces 1.1.0 → 1.2.0

package/changelog.md

@@ -1,7 +1,12 @@
 # Changelog
 
-## Pending
+## 2026-06-10 - 1.2.0
 
+### Features
+
+- add backend token to JWT blocklist request (request/jwt)
+  - Added optional backendToken support for authenticated GET blocklist retrieval.
+  - Documented that backendToken is omitted for PUSH requests to avoid sending the secret to clients.
 
 ## 2026-05-19 - 1.1.0
 

package/dist_ts/00_commitinfo_data.js

@@ -3,7 +3,7 @@
  */
 export const commitinfo = {
     name: '@idp.global/interfaces',
-    version: '1.1.0',
+    version: '1.2.0',
     description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
 };
 //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSx3QkFBd0I7SUFDOUIsT0FBTyxFQUFFLE9BQU87SUFDaEIsV0FBVyxFQUFFLHVGQUF1RjtDQUNyRyxDQUFBIn0=

package/dist_ts/request/jwt.d.ts

@@ -44,6 +44,7 @@ export interface IReq_PushPublicKeyForValidation extends plugins.typedRequestInt
  *
  * **For GET (client fires):**
  * - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
+ * - Include `backendToken` to authenticate as a backend service
  * - Response contains the complete list of blocked JWT IDs
  * - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
  *
@@ -55,6 +56,13 @@ export interface IReq_PushPublicKeyForValidation extends plugins.typedRequestInt
 export interface IReq_PushOrGetJwtIdBlocklist extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_PushOrGetJwtIdBlocklist> {
     method: 'pushOrGetJwtIdBlocklist';
     request: {
+        /**
+         * Authenticates the requesting backend service in the GET direction
+         * (Client → idp.global). Required by the idp.global handler.
+         * Omitted in the PUSH direction (idp.global → Client) so the secret
+         * never travels to connected clients.
+         */
+        backendToken?: string;
         blockedJwtIds?: string[];
     };
     response: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@idp.global/interfaces",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "private": false,
   "description": "Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.",
   "exports": {
@@ -14,11 +14,11 @@
     "@tsclass/tsclass": "^9.5.1"
   },
   "devDependencies": {
-    "@git.zone/tsbuild": "^4.4.1",
-    "@git.zone/tsdoc": "^2.0.5",
+    "@git.zone/tsbuild": "^4.4.2",
+    "@git.zone/tsdoc": "^2.0.6",
     "@git.zone/tsrun": "^2.0.4",
     "@git.zone/tstest": "^3.6.6",
-    "@types/node": "^25.9.0"
+    "@types/node": "^25.9.2"
   },
   "files": [
     "ts/**/*",

package/ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@idp.global/interfaces',
-  version: '1.1.0',
+  version: '1.2.0',
   description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
 }

package/ts/request/jwt.ts

@@ -56,6 +56,7 @@ export interface IReq_PushPublicKeyForValidation
  *
  * **For GET (client fires):**
  * - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
+ * - Include `backendToken` to authenticate as a backend service
  * - Response contains the complete list of blocked JWT IDs
  * - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
  *
@@ -71,6 +72,13 @@ export interface IReq_PushOrGetJwtIdBlocklist
   > {
   method: 'pushOrGetJwtIdBlocklist';
   request: {
+    /**
+     * Authenticates the requesting backend service in the GET direction
+     * (Client → idp.global). Required by the idp.global handler.
+     * Omitted in the PUSH direction (idp.global → Client) so the secret
+     * never travels to connected clients.
+     */
+    backendToken?: string;
     blockedJwtIds?: string[];
   };
   response: {