npm - @jmlq/auth-plugin-jose - Versions diffs - 0.0.1-alpha.6 → 0.0.1-alpha.7 - Mend

@jmlq/auth-plugin-jose 0.0.1-alpha.6 → 0.0.1-alpha.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/dist/application/factories/create-jose-token-service.d.ts CHANGED Viewed

@@ -1,15 +1,13 @@
-import type { ITokenServicePort } from "@jmlq/auth";
+import { type ITokenServicePort } from "@jmlq/auth";
 import type { CreateAuthErrorFn } from "../../infrastructure/services/types";
 import { JoseTokenServiceOptions } from "../types";
 /**
  * Factory para construir un `ITokenServicePort` basado en `jose`.
  *
- * Responsabilidades de esta factory:
- * - Validar configuración mínima (keys, defaults requeridos).
- * - Normalizar opciones (issuer/audience/clockSkew/defaultExpiresIn).
- * - Garantizar política acordada: getExpirationPolicy = "verify-first".
- *
- * @returns Instancia que cumple `ITokenServicePort`.
+ * Clean Architecture (decisión del proyecto):
+ * - Esta capa NO debe usar helpers del core (@jmlq/auth) (estandarización).
+ * - La normalización estándar se hace en infraestructura (JoseTokenService),
+ *   usando utilidades compartidas del core.
  */
 export declare function createJoseTokenService(options: JoseTokenServiceOptions, deps: {
     createAuthError: CreateAuthErrorFn;

package/dist/application/factories/create-jose-token-service.js CHANGED Viewed

@@ -1,38 +1,33 @@
 "use strict";
-//src/application/factories/create-jose-token-service.ts
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createJoseTokenService = createJoseTokenService;
+const auth_1 = require("@jmlq/auth");
 const services_1 = require("../../infrastructure/services");
 const internal_1 = require("./internal");
 const types_1 = require("../types");
-const internal_2 = require("../../shared/internal");
 /**
  * Factory para construir un `ITokenServicePort` basado en `jose`.
  *
- * Responsabilidades de esta factory:
- * - Validar configuración mínima (keys, defaults requeridos).
- * - Normalizar opciones (issuer/audience/clockSkew/defaultExpiresIn).
- * - Garantizar política acordada: getExpirationPolicy = "verify-first".
- *
- * @returns Instancia que cumple `ITokenServicePort`.
+ * Clean Architecture (decisión del proyecto):
+ * - Esta capa NO debe usar helpers del core (@jmlq/auth) (estandarización).
+ * - La normalización estándar se hace en infraestructura (JoseTokenService),
+ *   usando utilidades compartidas del core.
  */
 function createJoseTokenService(options, deps) {
-    // 1) Validaciones de shape/config mínima
     (0, internal_1.assert)(options, "JoseTokenServiceOptions is required");
     (0, internal_1.assert)(deps?.createAuthError, "createAuthError dependency is required");
-    // 2) Validación/normalización de key material
     const keyMaterial = (0, internal_1.validateKeyMaterial)(options.keyMaterial);
-    // 3) Normalizaciones (responsabilidad de esta factory)
-    const issuer = (0, internal_2.normalizeOptionalNonEmptyString)(options.issuer);
-    const audience = (0, internal_2.normalizeAudienceForFactory)(options.audience);
-    const defaultExpiresIn = (0, internal_1.normalizeDefaultExpiresIn)(options.defaultExpiresIn);
-    const clockSkewSeconds = (0, internal_1.normalizeClockSkewSeconds)(options.clockSkewSeconds);
-    // 5) Construcción del adapter
+    // Normalización mínima local (string trim -> undefined) OK en application
+    const issuer = (0, auth_1.readNonEmptyString)(options.issuer);
+    // IMPORTANTE:
+    // - clockSkewSeconds y defaultExpiresIn se delegan a infraestructura para
+    //   aplicar normalización estándar desde @jmlq/auth.
+    const clockSkewSeconds = options.clockSkewSeconds;
+    const defaultExpiresIn = options.defaultExpiresIn;
     return new services_1.JoseTokenService({
         options: {
             keyMaterial,
             issuer,
-            audience,
             clockSkewSeconds,
             defaultExpiresIn,
             getExpirationPolicy: types_1.DEFAULT_GET_EXPIRATION_POLICY,

package/dist/application/factories/index.js CHANGED Viewed

@@ -14,5 +14,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-//src/application/factories/index.ts
 __exportStar(require("./create-jose-token-service"), exports);

package/dist/application/factories/internal/assert.js CHANGED Viewed

@@ -1,5 +1,4 @@
 "use strict";
-// src/application/factories/internal/assert.ts
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.assert = assert;
 /**

package/dist/application/factories/internal/index.d.ts CHANGED Viewed

@@ -1,4 +1,2 @@
 export * from "./assert";
-export * from "./normalize-clock-skew-seconds";
-export * from "./normalize-default-expires-in";
 export * from "./validate-key-material";

package/dist/application/factories/internal/index.js CHANGED Viewed

@@ -14,8 +14,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-// src/application/factories/internal/index.ts
 __exportStar(require("./assert"), exports);
-__exportStar(require("./normalize-clock-skew-seconds"), exports);
-__exportStar(require("./normalize-default-expires-in"), exports);
 __exportStar(require("./validate-key-material"), exports);

package/dist/application/factories/internal/validate-key-material.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { JoseKeyMaterial } from "../../types";
+import type { JoseKeyMaterial } from "../../types";
 /**
  * Valida y normaliza el key material requerido por el plugin.
  * - Trim de strings

package/dist/application/factories/internal/validate-key-material.js CHANGED Viewed

@@ -1,8 +1,7 @@
 "use strict";
-// src/application/factories/internal/validate-key-material.ts
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateKeyMaterial = validateKeyMaterial;
-const normalize_audience_1 = require("../../../shared/internal/normalize-audience");
+const auth_1 = require("@jmlq/auth");
 const assert_1 = require("./assert");
 /**
  * Valida y normaliza el key material requerido por el plugin.
@@ -15,14 +14,14 @@ const assert_1 = require("./assert");
 function validateKeyMaterial(value) {
     (0, assert_1.assert)(value, "keyMaterial is required");
     // Normaliza alg (si viene con espacios, evitamos falsos negativos)
-    const alg = (0, normalize_audience_1.normalizeOptionalNonEmptyString)(value.alg);
+    const alg = (0, auth_1.readNonEmptyString)(value.alg);
     (0, assert_1.assert)(alg, "keyMaterial.alg is required");
     // Normaliza campos potenciales
-    const secret = (0, normalize_audience_1.normalizeOptionalNonEmptyString)("secret" in value ? value.secret : undefined);
-    const privateKey = (0, normalize_audience_1.normalizeOptionalNonEmptyString)("privateKey" in value
+    const secret = (0, auth_1.readNonEmptyString)("secret" in value ? value.secret : undefined);
+    const privateKey = (0, auth_1.readNonEmptyString)("privateKey" in value
         ? value.privateKey
         : undefined);
-    const publicKey = (0, normalize_audience_1.normalizeOptionalNonEmptyString)("publicKey" in value
+    const publicKey = (0, auth_1.readNonEmptyString)("publicKey" in value
         ? value.publicKey
         : undefined);
     // Validación por algoritmo
@@ -33,7 +32,7 @@ function validateKeyMaterial(value) {
             secret,
         };
     }
-    // RS256 / ES256 (según tus types)
+    // RS256 / ES256
     (0, assert_1.assert)(privateKey, "keyMaterial.privateKey is required for RS256/ES256");
     (0, assert_1.assert)(publicKey, "keyMaterial.publicKey is required for RS256/ES256");
     return {

package/dist/application/types/index.js CHANGED Viewed

@@ -15,7 +15,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DEFAULT_GET_EXPIRATION_POLICY = void 0;
-//src/application/types/index.ts
 __exportStar(require("./jose-token-service-options.type"), exports);
 __exportStar(require("./jose-key-material.type"), exports);
 __exportStar(require("./default-expires-in.type"), exports);

package/dist/application/types/jose-token-service-options.type.d.ts CHANGED Viewed

@@ -8,7 +8,6 @@ import type { GetExpirationPolicy } from "./get-expiration-policy.type";
 export interface JoseTokenServiceOptions {
     keyMaterial: JoseKeyMaterial;
     issuer?: string;
-    audience?: string | string[];
     /**
      * Clock skew en segundos para validaciones temporales (iat/nbf/exp).
      */

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,4 @@
 "use strict";
-// src/index.ts
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createJoseTokenService = void 0;
 /**
  * Public API del plugin `@jmlq/auth-plugin-jose`.
  *
@@ -10,5 +7,7 @@ exports.createJoseTokenService = void 0;
  *   desde una configuración neutral.
  * - Exportar SOLO lo necesario (y exportar types con `export type`).
  */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createJoseTokenService = void 0;
 var create_jose_token_service_1 = require("./application/factories/create-jose-token-service");
 Object.defineProperty(exports, "createJoseTokenService", { enumerable: true, get: function () { return create_jose_token_service_1.createJoseTokenService; } });

package/dist/infrastructure/mappers/index.js CHANGED Viewed

@@ -14,6 +14,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-//src/infrastructure/mappers/index.ts
 __exportStar(require("./jose-error.mapper"), exports);
 __exportStar(require("./types"), exports);

package/dist/infrastructure/mappers/jose-error.mapper.d.ts CHANGED Viewed

@@ -1,17 +1,5 @@
-import { JoseErrorContext, MappedAuthError } from "./types";
-/**
- * Mapea un error técnico a un código estable del core.
- *
- * Estrategia conservadora:
- * - Mapeo por `err.name` (más estable en `jose`)
- * - Heurísticas por `message` como fallback
- * - Catch-all: JWT_ERROR
- */
+import type { JoseErrorContext, MappedAuthError } from "./types";
 export declare function mapJoseErrorToAuthError(err: unknown, ctx: JoseErrorContext): MappedAuthError;
-/**
- * Convierte un error técnico a un Error del core (AuthDomainError u otro),
- * sin acoplar el plugin a una implementación concreta.
- */
 export declare function toAuthDomainError<TAuthError extends Error>(createAuthError: (args: {
     code: MappedAuthError["code"];
     message: string;

package/dist/infrastructure/mappers/jose-error.mapper.js CHANGED Viewed

@@ -3,211 +3,88 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.mapJoseErrorToAuthError = mapJoseErrorToAuthError;
 exports.toAuthDomainError = toAuthDomainError;
+const auth_1 = require("@jmlq/auth");
 /**
  * Mapper de errores de `jose` → error “entendible” por el core (@jmlq/auth).
  *
- * Características clave:
- * - NO lanza errores: solo traduce un error recibido a un código estable del core.
- * - NO expone datos sensibles (no incluye token ni material de claves).
- * - Incluye `meta` mínima para troubleshooting (issuer/audience/alg/operación).
- *
- * Objetivo:
- * Evitar acoplamiento de la aplicación al detalle de `jose`.
- */
-/**
- * Extrae el "name" del error de forma segura.
- * En `jose` el `name` suele identificar clases como JWTExpired, JWTInvalid, etc.
- */
-function getErrorName(err) {
-    if (err &&
-        typeof err === "object" &&
-        "name" in err &&
-        typeof err.name === "string") {
-        return err.name;
-    }
-    return "UnknownError";
-}
-/**
- * Extrae el "message" del error de forma segura.
+ * - No usa heurísticas por message.
+ * - Mapea por err.name (estable).
+ * - Meta mínima (sin audience).
  */
-function getErrorMessage(err) {
-    // Caso común: throw "algo"
-    if (typeof err === "string")
-        return err;
-    if (err &&
-        typeof err === "object" &&
-        "message" in err &&
-        typeof err.message === "string") {
-        return err.message;
-    }
-    return "Unexpected token error";
+function hasStringProp(err, prop) {
+    if (!err || typeof err !== "object")
+        return false;
+    const rec = err;
+    return typeof rec[prop] === "string";
 }
-/**
- * Define si el mensaje corresponde a errores de shape/normalización del payload
- * (no provienen de `jose`, sino de validaciones internas).
- *
- * Se usa un set explícito para:
- * - evitar regex frágiles
- * - facilitar mantenimiento
- * - mantenerlo determinista
- */
-function isInvalidPayloadShapeMessage(lowerMsg) {
-    const msg = lowerMsg.trim();
-    const known = new Set([
-        "sid is required",
-        "sub is required",
-        "jti is required",
-        "iat must be a number",
-        "exp must be a number",
-    ]);
-    return known.has(msg);
+function getErrorName(err) {
+    return hasStringProp(err, "name") ? err.name : "UnknownError";
 }
-/**
- * Construye metadatos mínimos para debugging.
- * Importante: no se incluyen tokens ni claves.
- */
 function buildSafeMeta(joseErrorName, ctx) {
     return {
         joseErrorName,
         operation: ctx.operation,
         tokenKind: ctx.tokenKind ?? "unknown",
         issuer: ctx.issuer,
-        audience: ctx.audience,
         alg: ctx.alg,
     };
 }
+const JOSE_NAME_TO_AUTH_CODE = {
+    JWTExpired: "TOKEN_EXPIRED",
+    JWTNotBefore: "TOKEN_NOT_YET_VALID",
+    JWTNotYetValid: "TOKEN_NOT_YET_VALID",
+    JWSSignatureVerificationFailed: "SIGNATURE_INVALID",
+    JWSInvalid: "SIGNATURE_INVALID",
+    JWSError: "SIGNATURE_INVALID",
+    JWTClaimValidationFailed: "CLAIMS_VALIDATION_ERROR",
+    JWTInvalid: "TOKEN_INVALID",
+    JWTMalformed: "TOKEN_MALFORMED",
+    JWSMalformed: "TOKEN_MALFORMED",
+    JOSEError: "TOKEN_MALFORMED",
+    JOSENotSupported: "ALGORITHM_UNSUPPORTED",
+    JWTAlgorithmNotAllowed: "ALGORITHM_UNSUPPORTED",
+    JWKInvalid: "KEY_MISMATCH",
+    JWKInvalidFormat: "KEY_MISMATCH",
+};
 /**
- * Mapea un error técnico a un código estable del core.
+ * Mensajes técnicos estables por código.
  *
- * Estrategia conservadora:
- * - Mapeo por `err.name` (más estable en `jose`)
- * - Heurísticas por `message` como fallback
- * - Catch-all: JWT_ERROR
+ * Importante:
+ * - Este mapper SOLO usa códigos de JWT/keys.
+ * - Por eso es Partial<Record<AuthErrorCode, string>> + fallback.
  */
+const AUTH_CODE_TO_MESSAGE = {
+    TOKEN_INVALID: "Token is invalid",
+    TOKEN_EXPIRED: "Token has expired",
+    TOKEN_MALFORMED: "Token is malformed",
+    SIGNATURE_INVALID: "Token signature is invalid",
+    CLAIMS_VALIDATION_ERROR: "Token claims validation failed",
+    TOKEN_NOT_YET_VALID: "Token is not yet valid",
+    ALGORITHM_UNSUPPORTED: "Token algorithm is not supported",
+    KEY_MISMATCH: "Key material is invalid or does not match the algorithm",
+    KEY_NOT_FOUND: "Key not found for token verification",
+    JWT_ERROR: "JWT operation failed",
+    AUTHENTICATION_FAILED: "Authentication failed",
+    JWT_PAYLOAD_INVALID: "Invalid JWT payload",
+};
 function mapJoseErrorToAuthError(err, ctx) {
     const name = getErrorName(err);
-    const msg = getErrorMessage(err);
     const meta = buildSafeMeta(name, ctx);
-    // ---------------------------------------------------------------------------
-    // Errores de normalización (contrato del core) -> token inválido
-    // ---------------------------------------------------------------------------
-    const lowerMsg = msg.toLowerCase();
-    if (isInvalidPayloadShapeMessage(lowerMsg)) {
-        return {
-            code: "TOKEN_INVALID",
-            message: "Token is invalid",
-            meta: { ...meta, reason: msg },
-            cause: err,
-        };
-    }
-    // ---------------------------------------------------------------------------
-    // Mapeos preferentes por "name"
-    // ---------------------------------------------------------------------------
-    if (name === "JWTExpired") {
-        return {
-            code: "TOKEN_EXPIRED",
-            message: "Token has expired",
-            meta,
-            cause: err,
-        };
-    }
-    if (name === "JWTNotBefore" || name === "JWTNotYetValid") {
-        return {
-            code: "TOKEN_NOT_YET_VALID",
-            message: "Token is not yet valid",
-            meta,
-            cause: err,
-        };
-    }
-    if (name === "JWSSignatureVerificationFailed" ||
-        name === "JWSInvalid" ||
-        name === "JWSError") {
-        return {
-            code: "SIGNATURE_INVALID",
-            message: "Token signature is invalid",
-            meta,
-            cause: err,
-        };
-    }
-    if (name === "JWTClaimValidationFailed") {
-        return {
-            code: "CLAIMS_VALIDATION_ERROR",
-            message: "Token claims validation failed",
-            meta,
-            cause: err,
-        };
-    }
-    if (name === "JWTInvalid") {
-        return {
-            code: "TOKEN_INVALID",
-            message: "Token is invalid",
-            meta,
-            cause: err,
-        };
-    }
-    if (name === "JWTMalformed" ||
-        name === "JWSMalformed" ||
-        name === "JOSEError") {
-        return {
-            code: "TOKEN_MALFORMED",
-            message: "Token is malformed",
-            meta,
-            cause: err,
-        };
-    }
-    if (name === "JOSENotSupported" || name === "JWTAlgorithmNotAllowed") {
-        return {
-            code: "ALGORITHM_UNSUPPORTED",
-            message: "Token algorithm is not supported",
-            meta,
-            cause: err,
-        };
-    }
-    if (name === "JWKInvalid" || name === "JWKInvalidFormat") {
-        return {
-            code: "KEY_MISMATCH",
-            message: "Key material is invalid or does not match the algorithm",
-            meta,
-            cause: err,
-        };
-    }
-    // ---------------------------------------------------------------------------
-    // Fallbacks por mensaje (heurísticas conservadoras)
-    // ---------------------------------------------------------------------------
-    const lower = lowerMsg;
-    if (lower.includes("key") &&
-        (lower.includes("not found") || lower.includes("missing"))) {
-        return {
-            code: "KEY_NOT_FOUND",
-            message: "Key not found for token verification",
-            meta,
-            cause: err,
-        };
-    }
-    if (lower.includes("key") &&
-        (lower.includes("mismatch") || lower.includes("invalid"))) {
-        return {
-            code: "KEY_MISMATCH",
-            message: "Key does not match token requirements",
-            meta,
-            cause: err,
-        };
-    }
-    // ---------------------------------------------------------------------------
-    // Catch-all
-    // ---------------------------------------------------------------------------
+    const code = JOSE_NAME_TO_AUTH_CODE[name] ?? "JWT_ERROR";
+    const message = AUTH_CODE_TO_MESSAGE[code] ??
+        // fallback defensivo (no dependemos de message de jose)
+        "JWT operation failed";
     return {
-        code: "JWT_ERROR",
-        message: "JWT operation failed",
+        code,
+        message,
         meta,
         cause: err,
     };
 }
-/**
- * Convierte un error técnico a un Error del core (AuthDomainError u otro),
- * sin acoplar el plugin a una implementación concreta.
- */
 function toAuthDomainError(createAuthError, err, ctx) {
+    if (auth_1.AuthDomainError.isAuthError(err)) {
+        return err;
+    }
     const mapped = mapJoseErrorToAuthError(err, ctx);
     return createAuthError({
         code: mapped.code,

package/dist/infrastructure/mappers/types/index.js CHANGED Viewed

@@ -14,7 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-//src/infrastructure/mappers/types/index.ts
 __exportStar(require("./jose-error-context.type"), exports);
 __exportStar(require("./mapped-auth-error.type"), exports);
 __exportStar(require("./token-kind.type"), exports);

package/dist/infrastructure/mappers/types/jose-error-context.type.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
-import { TokenKind, TokenOperation } from ".";
+import { TokenKind } from "./token-kind.type";
+import { TokenOperation } from "./token-operation.type";
 /**
  * Contexto técnico mínimo para mapear errores de `jose` a errores del core.
  *
@@ -18,13 +19,9 @@ export interface JoseErrorContext {
     tokenKind?: TokenKind;
     /**
      * Issuer esperado/configurado (si aplica).
-     * Sirve para entender fallos de validación de claims.
+     * Sirve para entender fallos de validación de claims (issuer).
      */
     issuer?: string;
-    /**
-     * Audience esperada/configurada (si aplica).
-     */
-    audience?: string;
     /**
      * Algoritmo configurado/esperado (HS256/RS256/ES256...).
      */

package/dist/infrastructure/mappers/types/jose-error-context.type.js CHANGED Viewed

@@ -1,3 +1,2 @@
 "use strict";
-//src/infrastructure/mappers/types/jose-error-context.type.ts
 Object.defineProperty(exports, "__esModule", { value: true });

package/dist/infrastructure/mappers/types/mapped-auth-error.type.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { AuthErrorCode } from "@jmlq/auth";
 /**
  * Resultado agnóstico del mapper.
  * Representa “la forma” del error que entiende el core (por código),
@@ -7,7 +8,7 @@ export interface MappedAuthError {
     /**
      * Código de error compatible con el core (@jmlq/auth).
      */
-    code: "TOKEN_EXPIRED" | "TOKEN_NOT_YET_VALID" | "SIGNATURE_INVALID" | "TOKEN_MALFORMED" | "TOKEN_INVALID" | "CLAIMS_VALIDATION_ERROR" | "ALGORITHM_UNSUPPORTED" | "KEY_NOT_FOUND" | "KEY_MISMATCH" | "JWT_ERROR" | "AUTHENTICATION_FAILED";
+    code: AuthErrorCode;
     /**
      * Mensaje técnico simple (orientado a debugging).
      * No debe incluir datos sensibles.

package/dist/infrastructure/mappers/types/mapped-auth-error.type.js CHANGED Viewed

@@ -1,3 +1,2 @@
 "use strict";
-//src/infrastructure/mappers/types/mapped-auth-error.type.ts
 Object.defineProperty(exports, "__esModule", { value: true });

package/dist/infrastructure/mappers/types/token-kind.type.js CHANGED Viewed

@@ -1,3 +1,2 @@
 "use strict";
-//src/infrastructure/mappers/types/token-kind.type.ts
 Object.defineProperty(exports, "__esModule", { value: true });

package/dist/infrastructure/mappers/types/token-operation.type.js CHANGED Viewed

@@ -1,3 +1,2 @@
 "use strict";
-//src/infrastructure/mappers/types/token-operation.type.ts
 Object.defineProperty(exports, "__esModule", { value: true });

package/dist/infrastructure/services/index.js CHANGED Viewed

@@ -14,5 +14,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-//src/infrastructure/services/index.ts
 __exportStar(require("./jose-token.service"), exports);

package/dist/infrastructure/services/internal/build-jose-ctx.d.ts CHANGED Viewed

@@ -10,6 +10,5 @@ import type { JoseErrorContext, TokenOperation } from "../../mappers/types";
  */
 export declare function buildJoseCtx(operation: TokenOperation, tokenKind: JoseErrorContext["tokenKind"], eff: {
     issuer?: string;
-    audience?: string | string[];
     alg?: string;
 }): JoseErrorContext;

package/dist/infrastructure/services/internal/build-jose-ctx.js CHANGED Viewed

@@ -1,8 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildJoseCtx = buildJoseCtx;
-//src/infrastructure/services/internal/build-jose-ctx.ts
-const internal_1 = require("../../../shared/internal");
 /**
  * Construye contexto técnico para el mapper de errores.
  *
@@ -17,7 +15,6 @@ function buildJoseCtx(operation, tokenKind, eff) {
         operation,
         tokenKind,
         issuer: eff.issuer,
-        audience: (0, internal_1.normalizeAudienceForMeta)(eff.audience),
         alg: eff.alg,
     };
 }

package/dist/infrastructure/services/internal/index.d.ts CHANGED Viewed

@@ -1,12 +1,4 @@
-export * from "./to-date-from-unix-seconds";
 export * from "./normalize-key-material";
-export * from "./create-jti";
 export * from "./jwt-expiration-reader";
-export * from "./read-expires-in";
-export * from "./read-custom-claims";
-export * from "./read-session-id";
 export * from "./get-alg-from-key-material";
-export * from "./normalize-jwt-payload";
-export * from "./resolve-expires-in";
 export * from "./build-jose-ctx";
-export * from "./is-retryable-mapped-code";

package/dist/infrastructure/services/internal/index.js CHANGED Viewed

@@ -1,5 +1,4 @@
 "use strict";
-//src/infrastructure/services/internal/index.ts
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -15,15 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./to-date-from-unix-seconds"), exports);
 __exportStar(require("./normalize-key-material"), exports);
-__exportStar(require("./create-jti"), exports);
 __exportStar(require("./jwt-expiration-reader"), exports);
-__exportStar(require("./read-expires-in"), exports);
-__exportStar(require("./read-custom-claims"), exports);
-__exportStar(require("./read-session-id"), exports);
 __exportStar(require("./get-alg-from-key-material"), exports);
-__exportStar(require("./normalize-jwt-payload"), exports);
-__exportStar(require("./resolve-expires-in"), exports);
 __exportStar(require("./build-jose-ctx"), exports);
-__exportStar(require("./is-retryable-mapped-code"), exports);

package/dist/infrastructure/services/internal/jwt-expiration-reader.js CHANGED Viewed

@@ -1,5 +1,4 @@
 "use strict";
-//src/infrastructure/services/internal/jwt-expiration-reader.ts
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.tryReadExpByDecode = tryReadExpByDecode;
 const jose_1 = require("jose");
@@ -14,7 +13,8 @@ const jose_1 = require("jose");
 function tryReadExpByDecode(token) {
     try {
         const decoded = (0, jose_1.decodeJwt)(token);
-        const exp = decoded?.exp;
+        const rec = decoded;
+        const exp = rec.exp;
         return typeof exp === "number" ? exp : null;
     }
     catch {