@kaapi/oauth2-auth-design 0.0.14 → 0.0.16

package/lib/flows/oidc-multiple-flows.js

@@ -0,0 +1,268 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MultipleFlowsBuilder = exports.MultipleFlows = void 0;
+const tslib_1 = require("tslib");
+const kaapi_1 = require("@kaapi/kaapi");
+const common_1 = require("./common");
+const jwt_authority_1 = require("../utils/jwt-authority");
+const in_memory_key_store_1 = require("../utils/in-memory-key-store");
+class MultipleFlows extends kaapi_1.AuthDesign {
+    constructor(_a) {
+        var _b, _c, _d, _e, _f, _g;
+        var { flows, tokenEndpoint, jwksRoute, openidConfiguration, logger } = _a, props = tslib_1.__rest(_a, ["flows", "tokenEndpoint", "jwksRoute", "openidConfiguration", "logger"]);
+        super();
+        this.securitySchemeName = 'OIDC Multiple Flows';
+        this.logger = logger;
+        this.flows = [...flows];
+        this.tokenEndpoint = tokenEndpoint;
+        this.jwksRoute = jwksRoute;
+        this.openidConfiguration = openidConfiguration || {};
+        this.jwksKeyStore = (_b = props === null || props === void 0 ? void 0 : props.jwksOptions) === null || _b === void 0 ? void 0 : _b.keyStore;
+        this.jwksPublicKeyTtl = (_c = props === null || props === void 0 ? void 0 : props.jwksOptions) === null || _c === void 0 ? void 0 : _c.ttl;
+        this.jwksRotationIntervalMs = (_e = (_d = props === null || props === void 0 ? void 0 : props.jwksOptions) === null || _d === void 0 ? void 0 : _d.rotation) === null || _e === void 0 ? void 0 : _e.intervalMs;
+        this.jwksRotationTimestampStore = (_g = (_f = props === null || props === void 0 ? void 0 : props.jwksOptions) === null || _f === void 0 ? void 0 : _f.rotation) === null || _g === void 0 ? void 0 : _g.timestampStore;
+    }
+    getJwtAuthority() {
+        if (this.jwtAuthority)
+            return this.jwtAuthority;
+        if (this.jwksRoute || this.jwksKeyStore /*|| this.options.useAccessTokenJwks*/) {
+            this.jwtAuthority = new jwt_authority_1.JwtAuthority(this.jwksKeyStore || new in_memory_key_store_1.InMemoryKeyStore(), this.jwksPublicKeyTtl);
+        }
+        return this.jwtAuthority;
+    }
+    getJwksRotator() {
+        if (this.jwksRotator)
+            return this.jwksRotator;
+        const jwtAuthority = this.getJwtAuthority();
+        if (jwtAuthority && this.jwksRotationIntervalMs) {
+            this.jwksRotator = new jwt_authority_1.JwksRotator({
+                keyGenerator: jwtAuthority,
+                rotationIntervalMs: this.jwksRotationIntervalMs,
+                rotatorKeyStore: this.jwksRotationTimestampStore || new in_memory_key_store_1.InMemoryKeyStore(),
+                logger: this.logger
+            });
+        }
+        return this.jwksRotator;
+    }
+    checkAndRotateKeys() {
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            var _a;
+            return (_a = this.getJwksRotator()) === null || _a === void 0 ? void 0 : _a.checkAndRotateKeys();
+        });
+    }
+    generateKeyPair() {
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            var _a;
+            return (_a = this.getJwtAuthority()) === null || _a === void 0 ? void 0 : _a.generateKeyPair();
+        });
+    }
+    /**
+     * Name used in the documentation
+     */
+    setSecuritySchemeName(name) {
+        if (name)
+            this.securitySchemeName = name;
+    }
+    docs() {
+        return new common_1.OIDCAuthUtil(this.securitySchemeName);
+    }
+    integrateStrategy(t) {
+        for (const flow of this.flows) {
+            flow.integrateStrategy(t);
+        }
+    }
+    integrateHook(t) {
+        var _a;
+        const jwtAuthority = this.getJwtAuthority();
+        const host = ((_a = t.postman) === null || _a === void 0 ? void 0 : _a.getHost()[0]) || '';
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const routesOptions = {
+            plugins: {
+                kaapi: {
+                    docs: false
+                }
+            }
+        };
+        const refreshTokenHandlerFlows = [];
+        for (const flow of this.flows) {
+            if (typeof flow.handleRefreshToken === 'function') {
+                refreshTokenHandlerFlows.push(flow);
+            }
+        }
+        for (const flow of this.flows) {
+            if (typeof flow.registerAuthorizationEndpoint === 'function') {
+                flow.registerAuthorizationEndpoint(t);
+            }
+        }
+        // token
+        t
+            .route({
+            options: routesOptions,
+            path: this.tokenEndpoint,
+            method: 'POST',
+            handler: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
+                const grantType = req.payload.grant_type;
+                if (grantType && typeof grantType === 'string') {
+                    if (grantType != 'refresh_token') {
+                        for (const flow of this.flows) {
+                            if (grantType === flow.grantType) {
+                                return yield flow.handleToken(t, req, h);
+                            }
+                        }
+                    }
+                    else {
+                        if (refreshTokenHandlerFlows.length) {
+                            // iterate to find the right method
+                            for (const flow of refreshTokenHandlerFlows) {
+                                if (typeof flow.handleRefreshToken === 'function') {
+                                    const result = yield flow.handleRefreshToken(t, req, h);
+                                    if (result === h.continue) {
+                                        continue;
+                                    }
+                                    else {
+                                        return result;
+                                    }
+                                }
+                            }
+                            return h.response({ error: common_1.OAuth2ErrorCode.INVALID_GRANT, error_description: 'Token was not validated by any handler.' }).code(400);
+                        }
+                    }
+                }
+                return h.response({ error: common_1.OAuth2ErrorCode.UNSUPPORTED_GRANT_TYPE, error_description: `Request does not support the 'grant_type' '${req.payload.grant_type}'.` }).code(400);
+            })
+        });
+        // jwks
+        if (this.jwksRoute && jwtAuthority) {
+            t.route({
+                path: this.jwksRoute.path,
+                method: 'GET',
+                options: {
+                    plugins: {
+                        kaapi: {
+                            docs: false
+                        }
+                    }
+                },
+                handler: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
+                    var _a;
+                    const jwks = yield jwtAuthority.getJwksEndpointResponse();
+                    if ((_a = this.jwksRoute) === null || _a === void 0 ? void 0 : _a.handler) {
+                        return this.jwksRoute.handler({
+                            jwks
+                        }, req, h);
+                    }
+                    return jwks;
+                })
+            });
+        }
+        // discovery endpoint
+        t.route({
+            path: '/.well-known/openid-configuration',
+            method: 'GET',
+            options: {
+                plugins: {
+                    kaapi: {
+                        docs: false
+                    }
+                }
+            },
+            handler: () => {
+                let wellKnownOpenIDConfig = {
+                    issuer: `${host}`,
+                    authorization_endpoint: undefined,
+                    device_authorization_endpoint: undefined,
+                    token_endpoint: `${host}${this.tokenEndpoint}`,
+                    jwks_uri: this.jwksRoute ? `${host}${this.jwksRoute.path}` : undefined,
+                    grant_types_supported: [],
+                    token_endpoint_auth_methods_supported: []
+                };
+                for (const flow of this.flows) {
+                    if (typeof flow.getDiscoveryConfiguration === 'function') {
+                        const _a = flow.getDiscoveryConfiguration(t), { 
+                        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+                        token_endpoint: _unused_token_endpoint, 
+                        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+                        jwks_uri: _unused_jwks_uri } = _a, more = tslib_1.__rest(_a, ["token_endpoint", "jwks_uri"]);
+                        // merge properties
+                        wellKnownOpenIDConfig = Object.assign(Object.assign({}, wellKnownOpenIDConfig), Object.fromEntries(Object.entries(more).map(([key, val]) => [
+                            key,
+                            // merge arrays and ensure unique values (Set)
+                            Array.isArray(wellKnownOpenIDConfig[key]) && Array.isArray(val) ? [...new Set([
+                                    ...wellKnownOpenIDConfig[key],
+                                    ...val
+                                ])] : val
+                        ])));
+                    }
+                }
+                return Object.assign(Object.assign({}, wellKnownOpenIDConfig), this.openidConfiguration);
+            }
+        });
+    }
+    getStrategyName() {
+        return this.flows.map(f => f.getStrategyName()).flat();
+    }
+}
+exports.MultipleFlows = MultipleFlows;
+class MultipleFlowsBuilder {
+    constructor(params) {
+        this.builders = [];
+        this.params = params;
+    }
+    static create(params) {
+        const paramsComplete = Object.assign({ tokenEndpoint: params && params.tokenEndpoint || '/oauth2/token', jwksOptions: {} }, (params || {}));
+        paramsComplete.jwksOptions = paramsComplete.jwksOptions || {};
+        if (!paramsComplete.jwksOptions.keyStore) {
+            paramsComplete.jwksOptions.keyStore = new in_memory_key_store_1.InMemoryKeyStore();
+        }
+        return new MultipleFlowsBuilder(paramsComplete);
+    }
+    additionalConfiguration(openidConfiguration) {
+        this.params.openidConfiguration = openidConfiguration;
+        return this;
+    }
+    setJwksKeyStore(keyStore) {
+        this.params.jwksOptions = this.params.jwksOptions || {};
+        this.params.jwksOptions.keyStore = keyStore;
+        return this;
+    }
+    /**
+     * Should be greater than token TTL for all flows included
+     * @param ttl seconds
+     */
+    setPublicKeyExpiry(ttl) {
+        this.params.jwksOptions = this.params.jwksOptions || {};
+        this.params.jwksOptions.ttl = ttl;
+        return this;
+    }
+    setJwksRotatorOptions(jwksRotatorOptions) {
+        this.params.jwksOptions = this.params.jwksOptions || {};
+        this.params.jwksOptions.rotation = jwksRotatorOptions;
+        return this;
+    }
+    jwksRoute(handler) {
+        this.params.jwksRoute = this.params.jwksRoute || common_1.JWKSRoute.buildDefault();
+        handler(this.params.jwksRoute);
+        return this;
+    }
+    tokenEndpoint(path) {
+        if (path)
+            this.params.tokenEndpoint = path;
+        return this;
+    }
+    add(builder) {
+        this.builders.push(builder);
+        return this;
+    }
+    build() {
+        const result = new MultipleFlows(Object.assign(Object.assign({}, this.params), { flows: this.builders.map(b => {
+                b.setJwksKeyStore(this.params.jwksOptions.keyStore);
+                if (this.params.jwksOptions.ttl)
+                    b.setPublicKeyExpiry(this.params.jwksOptions.ttl);
+                return b.build();
+            }) }));
+        return result;
+    }
+}
+exports.MultipleFlowsBuilder = MultipleFlowsBuilder;
+//#endregion Builder
+//# sourceMappingURL=oidc-multiple-flows.js.map

package/lib/flows/oidc-multiple-flows.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-multiple-flows.js","sourceRoot":"","sources":["../../src/flows/oidc-multiple-flows.ts"],"names":[],"mappings":";;;;AAAA,wCAOqB;AACrB,qCAUiB;AAEjB,0DAA4G;AAC5G,sEAA+D;AAgB/D,MAAa,aAAc,SAAQ,kBAAU;IAoBzC,YAAY,EAOO;;YAPP,EACR,KAAK,EACL,aAAa,EACb,SAAS,EACT,mBAAmB,EACnB,MAAM,OAES,EADZ,KAAK,sBANA,wEAOX,CADW;QAER,KAAK,EAAE,CAAC;QAvBF,uBAAkB,GAAG,qBAAqB,CAAC;QAwBjD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,CAAA;QACvB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;QAClC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,IAAI,EAAE,CAAA;QAEpD,IAAI,CAAC,YAAY,GAAG,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAW,0CAAE,QAAQ,CAAA;QAChD,IAAI,CAAC,gBAAgB,GAAG,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAW,0CAAE,GAAG,CAAA;QAC/C,IAAI,CAAC,sBAAsB,GAAG,MAAA,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAW,0CAAE,QAAQ,0CAAE,UAAU,CAAA;QACtE,IAAI,CAAC,0BAA0B,GAAG,MAAA,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAW,0CAAE,QAAQ,0CAAE,cAAc,CAAA;IAClF,CAAC;IAES,eAAe;QACrB,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC;QAChD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY,CAAC,sCAAsC,EAAE,CAAC;YAC7E,IAAI,CAAC,YAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,sCAAgB,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAA;QAC5G,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAA;IAC5B,CAAC;IAES,cAAc;QACpB,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,IAAI,YAAY,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,2BAAW,CAAC;gBAC/B,YAAY,EAAE,YAAY;gBAC1B,kBAAkB,EAAE,IAAI,CAAC,sBAAsB;gBAC/C,eAAe,EAAE,IAAI,CAAC,0BAA0B,IAAI,IAAI,sCAAgB,EAAE;gBAC1E,MAAM,EAAE,IAAI,CAAC,MAAM;aACtB,CAAC,CAAA;QACN,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IAC3B,CAAC;IAEK,kBAAkB;;;YACpB,OAAO,MAAA,IAAI,CAAC,cAAc,EAAE,0CAAE,kBAAkB,EAAE,CAAA;QACtD,CAAC;KAAA;IAEK,eAAe;;;YACjB,OAAO,MAAA,IAAI,CAAC,eAAe,EAAE,0CAAE,eAAe,EAAE,CAAA;QACpD,CAAC;KAAA;IAED;;OAEG;IACH,qBAAqB,CAAC,IAAY;QAC9B,IAAI,IAAI;YACJ,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAA;IACtC,CAAC;IAED,IAAI;QACA,OAAO,IAAI,qBAAY,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;IACpD,CAAC;IAED,iBAAiB,CAAC,CAAa;QAC3B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAA;QAC7B,CAAC;IACL,CAAC;IAED,aAAa,CAAC,CAAa;;QAEvB,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,CAAA;QAE1C,8DAA8D;QAC9D,MAAM,aAAa,GAAsB;YACrC,OAAO,EAAE;gBACL,KAAK,EAAE;oBACH,IAAI,EAAE,KAAK;iBACd;aACJ;SACJ,CAAA;QAED,MAAM,wBAAwB,GAAqB,EAAE,CAAA;QAErD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,OAAO,IAAI,CAAC,kBAAkB,KAAK,UAAU,EAAE,CAAC;gBAChD,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACvC,CAAC;QACL,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,OAAO,IAAI,CAAC,6BAA6B,KAAK,UAAU,EAAE,CAAC;gBAC3D,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAA;YACzC,CAAC;QACL,CAAC;QAED,QAAQ;QACR,CAAC;aACI,KAAK,CAAyC;YAC3C,OAAO,EAAE,aAAa;YACtB,IAAI,EAAE,IAAI,CAAC,aAAa;YACxB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;gBACtB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;gBAEzC,IAAI,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;oBAC7C,IAAI,SAAS,IAAI,eAAe,EAAE,CAAC;wBAC/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;4BAC5B,IAAI,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;gCAC/B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;4BAC5C,CAAC;wBACL,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACJ,IAAI,wBAAwB,CAAC,MAAM,EAAE,CAAC;4BAClC,mCAAmC;4BACnC,KAAK,MAAM,IAAI,IAAI,wBAAwB,EAAE,CAAC;gCAC1C,IAAI,OAAO,IAAI,CAAC,kBAAkB,KAAK,UAAU,EAAE,CAAC;oCAChD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;oCACxD,IAAI,MAAM,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;wCACxB,SAAQ;oCACZ,CAAC;yCAAM,CAAC;wCACJ,OAAO,MAAM,CAAA;oCACjB,CAAC;gCACL,CAAC;4BACL,CAAC;4BACD,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,aAAa,EAAE,iBAAiB,EAAE,yCAAyC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;wBACvI,CAAC;oBACL,CAAC;gBACL,CAAC;gBAED,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,sBAAsB,EAAE,iBAAiB,EAAE,8CAA8C,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAC/K,CAAC,CAAA;SACJ,CAAC,CAAC;QAEP,OAAO;QACP,IAAI,IAAI,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;YACjC,CAAC,CAAC,KAAK,CAAC;gBACJ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;gBACzB,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACL,OAAO,EAAE;wBACL,KAAK,EAAE;4BACH,IAAI,EAAE,KAAK;yBACd;qBACJ;iBACJ;gBACD,OAAO,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;;oBAEtB,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,uBAAuB,EAAE,CAAA;oBAEzD,IAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,OAAO,EAAE,CAAC;wBAC1B,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;4BAC1B,IAAI;yBACP,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;oBACd,CAAC;oBAED,OAAO,IAAI,CAAA;gBACf,CAAC,CAAA;aACJ,CAAC,CAAA;QACN,CAAC;QAED,qBAAqB;QACrB,CAAC,CAAC,KAAK,CAAC;YACJ,IAAI,EAAE,mCAAmC;YACzC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACL,OAAO,EAAE;oBACL,KAAK,EAAE;wBACH,IAAI,EAAE,KAAK;qBACd;iBACJ;aACJ;YACD,OAAO,EAAE,GAAG,EAAE;gBACV,IAAI,qBAAqB,GAKrB;oBACA,MAAM,EAAE,GAAG,IAAI,EAAE;oBACjB,sBAAsB,EAAE,SAAS;oBACjC,6BAA6B,EAAE,SAAS;oBACxC,cAAc,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE;oBAC9C,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;oBACtE,qBAAqB,EAAE,EAAE;oBACzB,qCAAqC,EAAE,EAAE;iBAC5C,CAAA;gBAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBAC5B,IAAI,OAAO,IAAI,CAAC,yBAAyB,KAAK,UAAU,EAAE,CAAC;wBACtD,MAAM,KAMH,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAN9B;wBACH,6DAA6D;wBAC7D,cAAc,EAAE,sBAAsB;wBACtC,6DAA6D;wBAC7D,QAAQ,EAAE,gBAAgB,OAEO,EAD9B,IAAI,sBALJ,8BAMN,CAAoC,CAAC;wBAEtC,mBAAmB;wBACnB,qBAAqB,mCACd,qBAAqB,GACrB,MAAM,CAAC,WAAW,CACjB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;4BACrC,GAAG;4BACH,8CAA8C;4BAC9C,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC;oCAC1E,GAAG,qBAAqB,CAAC,GAAG,CAAC;oCAC7B,GAAG,GAAG;iCACT,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;yBACZ,CAAC,CACL,CACJ,CAAC;oBACN,CAAC;gBACL,CAAC;gBAED,uCAAY,qBAAqB,GAAK,IAAI,CAAC,mBAAmB,EAAE;YACpE,CAAC;SACJ,CAAC,CAAA;IACN,CAAC;IAED,eAAe;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IAC1D,CAAC;CACJ;AApPD,sCAoPC;AASD,MAAa,oBAAoB;IAM7B,YAAY,MAA+B;QAFjC,aAAQ,GAAkC,EAAE,CAAA;QAGlD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACxB,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,MAAyC;QACnD,MAAM,cAAc,mBAChB,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC,aAAa,IAAI,eAAe,EAChE,WAAW,EAAE,EAAE,IACZ,CAAC,MAAM,IAAI,EAAE,CAAC,CACpB,CAAC;QACF,cAAc,CAAC,WAAW,GAAG,cAAc,CAAC,WAAW,IAAI,EAAE,CAAA;QAC7D,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YACvC,cAAc,CAAC,WAAW,CAAC,QAAQ,GAAG,IAAI,sCAAgB,EAAE,CAAA;QAChE,CAAC;QACD,OAAO,IAAI,oBAAoB,CAAC,cAAc,CAAC,CAAA;IACnD,CAAC;IAED,uBAAuB,CAAC,mBAA4C;QAChE,IAAI,CAAC,MAAM,CAAC,mBAAmB,GAAG,mBAAmB,CAAA;QACrD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,eAAe,CAAC,QAAsB;QAClC,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAA;QACvD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAA;QAC3C,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,GAAW;QAC1B,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAA;QACvD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,GAAG,GAAG,CAAA;QACjC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,qBAAqB,CAAC,kBAAiD;QACnE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAA;QACvD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,GAAG,kBAAkB,CAAA;QACrD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,SAAS,CAAuC,OAAgD;QAC5F,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,kBAAS,CAAC,YAAY,EAAE,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC9B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,aAAa,CAAC,IAAY;QACtB,IAAI,IAAI;YACJ,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAA;QACpC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,GAAG,CAAC,OAAoC;QACpC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK;QACD,MAAM,MAAM,GAAG,IAAI,aAAa,iCACzB,IAAI,CAAC,MAAM,KACd,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;gBACzB,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAS,CAAC,CAAC;gBACrD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG;oBAC3B,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;gBACrD,OAAO,CAAC,CAAC,KAAK,EAAE,CAAA;YACpB,CAAC,CAAC,IACJ,CAAC;QAEH,OAAO,MAAM,CAAA;IACjB,CAAC;CACJ;AAhFD,oDAgFC;AAED,oBAAoB"}

package/lib/index.d.ts

@@ -1,13 +1,19 @@
 import '../types/overrides.d.ts'
 export * from './flows/common';
 export * from './flows/auth-code/authorization-route';
+export * from './flows/auth-code/authorization-utils';
 export * from './flows/auth-code/token-route';
-export * from './flows/auth-code/open-id';
-export * from './flows/authentication-code';
+export * from './flows/client-creds/token-route';
+export * from './flows/device-auth/authorization-route';
+export * from './flows/device-auth/token-route';
+export * from './flows/authorization-code';
 export * from './flows/client-credentials';
-export * from './utils/cache-set';
+export * from './flows/device-authorization';
+export * from './flows/oidc-multiple-flows';
 export * from './utils/client-auth-methods';
-export * from './utils/in-memory-jwks-store';
-export * from './utils/jwks-generator';
-export * from './utils/jwks-store';
+export * from './utils/in-memory-key-store';
+export * from './utils/jwt-authority';
+export * from './utils/jwt-utils';
+export * from './utils/replay-store';
 export * from './utils/token-types';
+export * from './utils/verify-code-verifier';

package/lib/index.js

@@ -3,14 +3,20 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
 tslib_1.__exportStar(require("./flows/common"), exports);
 tslib_1.__exportStar(require("./flows/auth-code/authorization-route"), exports);
+tslib_1.__exportStar(require("./flows/auth-code/authorization-utils"), exports);
 tslib_1.__exportStar(require("./flows/auth-code/token-route"), exports);
-tslib_1.__exportStar(require("./flows/auth-code/open-id"), exports);
-tslib_1.__exportStar(require("./flows/authentication-code"), exports);
+tslib_1.__exportStar(require("./flows/client-creds/token-route"), exports);
+tslib_1.__exportStar(require("./flows/device-auth/authorization-route"), exports);
+tslib_1.__exportStar(require("./flows/device-auth/token-route"), exports);
+tslib_1.__exportStar(require("./flows/authorization-code"), exports);
 tslib_1.__exportStar(require("./flows/client-credentials"), exports);
-tslib_1.__exportStar(require("./utils/cache-set"), exports);
+tslib_1.__exportStar(require("./flows/device-authorization"), exports);
+tslib_1.__exportStar(require("./flows/oidc-multiple-flows"), exports);
 tslib_1.__exportStar(require("./utils/client-auth-methods"), exports);
-tslib_1.__exportStar(require("./utils/in-memory-jwks-store"), exports);
-tslib_1.__exportStar(require("./utils/jwks-generator"), exports);
-tslib_1.__exportStar(require("./utils/jwks-store"), exports);
+tslib_1.__exportStar(require("./utils/in-memory-key-store"), exports);
+tslib_1.__exportStar(require("./utils/jwt-authority"), exports);
+tslib_1.__exportStar(require("./utils/jwt-utils"), exports);
+tslib_1.__exportStar(require("./utils/replay-store"), exports);
 tslib_1.__exportStar(require("./utils/token-types"), exports);
+tslib_1.__exportStar(require("./utils/verify-code-verifier"), exports);
 //# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yDAA8B;AAC9B,gFAAqD;AACrD,wEAA6C;AAC7C,oEAAyC;AACzC,sEAA2C;AAC3C,qEAA0C;AAE1C,4DAAiC;AACjC,sEAA2C;AAC3C,uEAA4C;AAC5C,iEAAsC;AACtC,6DAAkC;AAClC,8DAAmC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yDAA8B;AAC9B,gFAAqD;AACrD,gFAAqD;AACrD,wEAA6C;AAC7C,2EAAgD;AAChD,kFAAuD;AACvD,0EAA+C;AAC/C,qEAA0C;AAC1C,qEAA0C;AAC1C,uEAA4C;AAC5C,sEAA2C;AAE3C,sEAA2C;AAC3C,sEAA2C;AAC3C,gEAAqC;AACrC,4DAAiC;AACjC,+DAAoC;AACpC,8DAAmC;AACnC,uEAA4C"}

package/lib/utils/client-auth-methods.d.ts

@@ -48,7 +48,7 @@ export declare class ClientSecretJwt implements ClientAuthMethod {
     get secretIsOptional(): boolean;
     get algorithms(): ClientSecretJwtAlgorithms[];
     constructor();
-    addAlgo(algo: ClientSecretJwtAlgorithms): this;
+    addAlgorithm(algo: ClientSecretJwtAlgorithms): this;
     getClientSecret(handler: (clientId: string, decoded: JWTPayload, clientAssertion: string) => Promise<Uint8Array | string | null>): this;
     extractParams(req: Request<ReqRefDefaults>): Promise<ClientAuthMethodResponse>;
 }
@@ -71,7 +71,7 @@ export declare class PrivateKeyJwt implements ClientAuthMethod {
     get secretIsOptional(): boolean;
     get algorithms(): PrivateKeyJwtAlgorithms[];
     constructor();
-    addAlgo(algo: PrivateKeyJwtAlgorithms): this;
+    addAlgorithm(algo: PrivateKeyJwtAlgorithms): this;
     getPublicKeyForClient(handler: (clientId: string, decoded: JWTPayload, clientAssertion: string) => Promise<CryptoKey | KeyObject | JWK | Uint8Array | string | null>): this;
     extractParams(req: Request<ReqRefDefaults>): Promise<ClientAuthMethodResponse>;
 }

package/lib/utils/client-auth-methods.js

@@ -29,11 +29,10 @@ class ClientSecretBasic {
         if (authType.toLowerCase() == 'basic') {
             res.hasAuthMethod = true;
             const decoded = Buffer.from(base64Credentials, 'base64').toString('utf-8').split(':');
-            if (!decoded[0] || !decoded[1]) {
-                //
-            }
-            else {
+            if (decoded[0]) {
                 res.clientId = decoded[0];
+            }
+            if (decoded[1]) {
                 res.clientSecret = decoded[1];
             }
         }
@@ -107,7 +106,7 @@ class ClientSecretJwt {
         _ClientSecretJwt_handler.set(this, void 0);
         tslib_1.__classPrivateFieldSet(this, _ClientSecretJwt_handler, () => tslib_1.__awaiter(this, void 0, void 0, function* () { return null; }), "f");
     }
-    addAlgo(algo) {
+    addAlgorithm(algo) {
         if (!tslib_1.__classPrivateFieldGet(this, _ClientSecretJwt_algorithms, "f").includes(algo)) {
             tslib_1.__classPrivateFieldGet(this, _ClientSecretJwt_algorithms, "f").push(algo);
             tslib_1.__classPrivateFieldGet(this, _ClientSecretJwt_algorithms, "f").sort();
@@ -179,7 +178,7 @@ class PrivateKeyJwt {
         _PrivateKeyJwt_handler.set(this, void 0);
         tslib_1.__classPrivateFieldSet(this, _PrivateKeyJwt_handler, () => tslib_1.__awaiter(this, void 0, void 0, function* () { return null; }), "f");
     }
-    addAlgo(algo) {
+    addAlgorithm(algo) {
         if (!tslib_1.__classPrivateFieldGet(this, _PrivateKeyJwt_algorithms, "f").includes(algo)) {
             tslib_1.__classPrivateFieldGet(this, _PrivateKeyJwt_algorithms, "f").push(algo);
             tslib_1.__classPrivateFieldGet(this, _PrivateKeyJwt_algorithms, "f").sort();

package/lib/utils/client-auth-methods.js.map

@@ -1 +1 @@
-{"version":3,"file":"client-auth-methods.js","sourceRoot":"","sources":["../../src/utils/client-auth-methods.ts"],"names":[],"mappings":";;;;AAcA,oEAIC;;AAdD,+BAAkF;AAOlF,MAAM,8BAA8B,GAA8B,CAAC,qBAAqB,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;AAChK,MAAM,gCAAgC,GAAG,IAAI,GAAG,CAAC,8BAA8B,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AAErH,SAAgB,4BAA4B,CAAC,KAAgC;IACzE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;;QACvB,OAAO,CAAC,MAAA,gCAAgC,CAAC,GAAG,CAAC,CAAC,CAAC,mCAAI,QAAQ,CAAC,GAAG,CAAC,MAAA,gCAAgC,CAAC,GAAG,CAAC,CAAC,CAAC,mCAAI,QAAQ,CAAC,CAAC;IACzH,CAAC,CAAC,CAAA;AACN,CAAC;AAwBD,MAAa,iBAAiB;IAE1B,IAAI,MAAM;QACN,OAAO,qBAAqB,CAAA;IAChC,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,aAAa,CAAC,OAAgC;QAE1C,MAAM,GAAG,GAA6B;YAClC,aAAa,EAAE,KAAK;SACvB,CAAA;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAE5D,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAE5F,IAAI,QAAQ,CAAC,WAAW,EAAE,IAAI,OAAO,EAAE,CAAC;YACpC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;YACxB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACtF,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7B,EAAE;YACN,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC1B,GAAG,CAAC,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC;QACL,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC;CACJ;AAjCD,8CAiCC;AAED,MAAa,gBAAgB;IAEzB,IAAI,MAAM;QACN,OAAO,oBAAoB,CAAA;IAC/B,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,aAAa,CAAC,GAA4B;QAEtC,MAAM,GAAG,GAA6B;YAClC,aAAa,EAAE,KAAK;SACvB,CAAA;QAED,IAAI,GAAG,CAAC,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;YAC9C,WAAW,IAAI,GAAG,CAAC,OAAO;YAC1B,eAAe,IAAI,GAAG,CAAC,OAAO,EAChC,CAAC;YACC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;YACxB,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBACzC,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAA;YACxC,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,QAAQ;gBAC7C,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAA;QACpD,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC;CACJ;AA7BD,4CA6BC;AAED,MAAa,cAAc;IAEvB,IAAI,MAAM;QACN,OAAO,MAAM,CAAA;IACjB,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,aAAa,CAAC,GAA4B;QAEtC,MAAM,GAAG,GAA6B;YAClC,aAAa,EAAE,KAAK;SACvB,CAAA;QAED,IAAI,GAAG,CAAC,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;YAC9C,WAAW,IAAI,GAAG,CAAC,OAAO,EAC5B,CAAC;YACC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;YACxB,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBACzC,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAA;QAC5C,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC;CACJ;AA1BD,wCA0BC;AAED,IAAY,yBAIX;AAJD,WAAY,yBAAyB;IACjC,4CAAe,CAAA;IACf,4CAAe,CAAA;IACf,4CAAe,CAAA;AACnB,CAAC,EAJW,yBAAyB,yCAAzB,yBAAyB,QAIpC;AAED,MAAa,eAAe;IAIxB,IAAI,MAAM;QACN,OAAO,mBAAmB,CAAA;IAC9B,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,IAAI,UAAU;QACV,OAAO,+BAAA,IAAI,mCAAY,CAAC,MAAM,CAAC,CAAC,CAAC,+BAAA,IAAI,mCAAY,CAAC,CAAC,CAAC,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAA;IACzF,CAAC;IAMD;QAJA,sCAA2C,EAAE,EAAA;QAE7C,2CAAiH;QAG7G,+BAAA,IAAI,4BAAY,GAAS,EAAE,wDAAC,OAAA,IAAI,CAAA,GAAA,MAAA,CAAA;IACpC,CAAC;IAED,OAAO,CAAC,IAA+B;QACnC,IAAI,CAAC,+BAAA,IAAI,mCAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,+BAAA,IAAI,mCAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC3B,+BAAA,IAAI,mCAAY,CAAC,IAAI,EAAE,CAAA;QAC3B,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,eAAe,CAAC,OAAgH;QAC5H,+BAAA,IAAI,4BAAY,OAAO,MAAA,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAEK,aAAa,CAAC,GAA4B;;YAE5C,MAAM,GAAG,GAA6B;gBAClC,aAAa,EAAE,KAAK;aACvB,CAAA;YAED,IAAI,GAAG,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;gBAC/B,uBAAuB,IAAI,GAAG,CAAC,OAAO;gBACtC,GAAG,CAAC,OAAO,CAAC,qBAAqB,IAAI,wDAAwD;gBAC7F,kBAAkB,IAAI,GAAG,CAAC,OAAO;gBACjC,OAAO,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,QAAQ,EAClD,CAAC;gBACC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;gBAExB,MAAM,OAAO,GAAG,IAAA,gBAAS,EAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;gBAEvD,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;oBACjD,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAA;oBAC1B,MAAM,YAAY,GAAG,MAAM,+BAAA,IAAI,gCAAS,MAAb,IAAI,EAC3B,OAAO,CAAC,GAAG,EACX,OAAO,EACP,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAC/B,CAAC;oBAEF,IAAI,YAAY,EAAE,CAAC;wBACf,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAC/B,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAC5B,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,EACxF;4BACI,UAAU,EAAE,IAAI,CAAC,UAAU;yBAC9B,CACJ,CAAA;wBACD,IAAI,OAAO,EAAE,CAAC;4BACV,GAAG,CAAC,YAAY,GAAG,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;wBAC/G,CAAC;oBACL,CAAC;gBACL,CAAC;YACL,CAAC;YAED,OAAO,GAAG,CAAC;QACf,CAAC;KAAA;;AA9EL,0CA+EC;;AA7EU,oBAAI,GAAG,yBAAyB,AAA5B,CAA4B;AA+E3C,IAAY,uBAWX;AAXD,WAAY,uBAAuB;IAC/B,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;AACnB,CAAC,EAXW,uBAAuB,uCAAvB,uBAAuB,QAWlC;AAED,MAAa,aAAa;IAItB,IAAI,MAAM;QACN,OAAO,iBAAiB,CAAA;IAC5B,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,IAAI,UAAU;QACV,OAAO,+BAAA,IAAI,iCAAY,CAAC,MAAM,CAAC,CAAC,CAAC,+BAAA,IAAI,iCAAY,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;IACvF,CAAC;IAMD;QAJA,oCAAyC,EAAE,EAAA;QAE3C,yCAA+I;QAG3I,+BAAA,IAAI,0BAAY,GAAS,EAAE,wDAAC,OAAA,IAAI,CAAA,GAAA,MAAA,CAAA;IACpC,CAAC;IAED,OAAO,CAAC,IAA6B;QACjC,IAAI,CAAC,+BAAA,IAAI,iCAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,+BAAA,IAAI,iCAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC3B,+BAAA,IAAI,iCAAY,CAAC,IAAI,EAAE,CAAA;QAC3B,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,qBAAqB,CAAC,OAA8I;QAChK,+BAAA,IAAI,0BAAY,OAAO,MAAA,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAEK,aAAa,CAAC,GAA4B;;YAE5C,MAAM,GAAG,GAA6B;gBAClC,aAAa,EAAE,KAAK;aACvB,CAAA;YAED,IAAI,GAAG,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;gBAC/B,uBAAuB,IAAI,GAAG,CAAC,OAAO;gBACtC,GAAG,CAAC,OAAO,CAAC,qBAAqB,IAAI,wDAAwD;gBAC7F,kBAAkB,IAAI,GAAG,CAAC,OAAO;gBACjC,OAAO,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,QAAQ,EAClD,CAAC;gBACC,MAAM,OAAO,GAAG,IAAA,gBAAS,EAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;gBAEvD,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;oBACjD,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAA;oBAC1B,MAAM,SAAS,GAAG,MAAM,+BAAA,IAAI,8BAAS,MAAb,IAAI,EACxB,OAAO,CAAC,GAAG,EACX,OAAO,EACP,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAC/B,CAAC;oBAEF,IAAI,SAAS,EAAE,CAAC;wBACZ,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAC/B,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAC5B,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,EAC/E;4BACI,UAAU,EAAE,IAAI,CAAC,UAAU;yBAC9B,CACJ,CAAA;wBACD,IAAI,OAAO,EAAE,CAAC;4BACV,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAA;wBACnD,CAAC;oBACL,CAAC;gBACL,CAAC;YACL,CAAC;YAED,OAAO,GAAG,CAAC;QACf,CAAC;KAAA;;AA5EL,sCA6EC;;AA3EU,kBAAI,GAAG,uBAAuB,AAA1B,CAA0B"}
+{"version":3,"file":"client-auth-methods.js","sourceRoot":"","sources":["../../src/utils/client-auth-methods.ts"],"names":[],"mappings":";;;;AAcA,oEAIC;;AAdD,+BAAkF;AAOlF,MAAM,8BAA8B,GAA8B,CAAC,qBAAqB,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;AAChK,MAAM,gCAAgC,GAAG,IAAI,GAAG,CAAC,8BAA8B,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AAErH,SAAgB,4BAA4B,CAAC,KAAgC;IACzE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;;QACvB,OAAO,CAAC,MAAA,gCAAgC,CAAC,GAAG,CAAC,CAAC,CAAC,mCAAI,QAAQ,CAAC,GAAG,CAAC,MAAA,gCAAgC,CAAC,GAAG,CAAC,CAAC,CAAC,mCAAI,QAAQ,CAAC,CAAC;IACzH,CAAC,CAAC,CAAA;AACN,CAAC;AAwBD,MAAa,iBAAiB;IAE1B,IAAI,MAAM;QACN,OAAO,qBAAqB,CAAA;IAChC,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,aAAa,CAAC,OAAgC;QAE1C,MAAM,GAAG,GAA6B;YAClC,aAAa,EAAE,KAAK;SACvB,CAAA;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAE5D,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAE5F,IAAI,QAAQ,CAAC,WAAW,EAAE,IAAI,OAAO,EAAE,CAAC;YACpC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;YACxB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAEtF,IAAG,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;gBACZ,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC;YACD,IAAG,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;gBACZ,GAAG,CAAC,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC;QACL,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC;CACJ;AAlCD,8CAkCC;AAED,MAAa,gBAAgB;IAEzB,IAAI,MAAM;QACN,OAAO,oBAAoB,CAAA;IAC/B,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,aAAa,CAAC,GAA4B;QAEtC,MAAM,GAAG,GAA6B;YAClC,aAAa,EAAE,KAAK;SACvB,CAAA;QAED,IAAI,GAAG,CAAC,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;YAC9C,WAAW,IAAI,GAAG,CAAC,OAAO;YAC1B,eAAe,IAAI,GAAG,CAAC,OAAO,EAChC,CAAC;YACC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;YACxB,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBACzC,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAA;YACxC,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,QAAQ;gBAC7C,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAA;QACpD,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC;CACJ;AA7BD,4CA6BC;AAED,MAAa,cAAc;IAEvB,IAAI,MAAM;QACN,OAAO,MAAM,CAAA;IACjB,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,aAAa,CAAC,GAA4B;QAEtC,MAAM,GAAG,GAA6B;YAClC,aAAa,EAAE,KAAK;SACvB,CAAA;QAED,IAAI,GAAG,CAAC,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;YAC9C,WAAW,IAAI,GAAG,CAAC,OAAO,EAC5B,CAAC;YACC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;YACxB,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBACzC,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAA;QAC5C,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC;CACJ;AA1BD,wCA0BC;AAED,IAAY,yBAIX;AAJD,WAAY,yBAAyB;IACjC,4CAAe,CAAA;IACf,4CAAe,CAAA;IACf,4CAAe,CAAA;AACnB,CAAC,EAJW,yBAAyB,yCAAzB,yBAAyB,QAIpC;AAED,MAAa,eAAe;IAIxB,IAAI,MAAM;QACN,OAAO,mBAAmB,CAAA;IAC9B,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,IAAI,UAAU;QACV,OAAO,+BAAA,IAAI,mCAAY,CAAC,MAAM,CAAC,CAAC,CAAC,+BAAA,IAAI,mCAAY,CAAC,CAAC,CAAC,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAA;IACzF,CAAC;IAMD;QAJA,sCAA2C,EAAE,EAAA;QAE7C,2CAAiH;QAG7G,+BAAA,IAAI,4BAAY,GAAS,EAAE,wDAAC,OAAA,IAAI,CAAA,GAAA,MAAA,CAAA;IACpC,CAAC;IAED,YAAY,CAAC,IAA+B;QACxC,IAAI,CAAC,+BAAA,IAAI,mCAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,+BAAA,IAAI,mCAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC3B,+BAAA,IAAI,mCAAY,CAAC,IAAI,EAAE,CAAA;QAC3B,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,eAAe,CAAC,OAAgH;QAC5H,+BAAA,IAAI,4BAAY,OAAO,MAAA,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAEK,aAAa,CAAC,GAA4B;;YAE5C,MAAM,GAAG,GAA6B;gBAClC,aAAa,EAAE,KAAK;aACvB,CAAA;YAED,IAAI,GAAG,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;gBAC/B,uBAAuB,IAAI,GAAG,CAAC,OAAO;gBACtC,GAAG,CAAC,OAAO,CAAC,qBAAqB,IAAI,wDAAwD;gBAC7F,kBAAkB,IAAI,GAAG,CAAC,OAAO;gBACjC,OAAO,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,QAAQ,EAClD,CAAC;gBACC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAA;gBAExB,MAAM,OAAO,GAAG,IAAA,gBAAS,EAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;gBAEvD,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;oBACjD,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAA;oBAC1B,MAAM,YAAY,GAAG,MAAM,+BAAA,IAAI,gCAAS,MAAb,IAAI,EAC3B,OAAO,CAAC,GAAG,EACX,OAAO,EACP,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAC/B,CAAC;oBAEF,IAAI,YAAY,EAAE,CAAC;wBACf,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAC/B,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAC5B,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,EACxF;4BACI,UAAU,EAAE,IAAI,CAAC,UAAU;yBAC9B,CACJ,CAAA;wBACD,IAAI,OAAO,EAAE,CAAC;4BACV,GAAG,CAAC,YAAY,GAAG,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;wBAC/G,CAAC;oBACL,CAAC;gBACL,CAAC;YACL,CAAC;YAED,OAAO,GAAG,CAAC;QACf,CAAC;KAAA;;AA9EL,0CA+EC;;AA7EU,oBAAI,GAAG,yBAAyB,AAA5B,CAA4B;AA+E3C,IAAY,uBAWX;AAXD,WAAY,uBAAuB;IAC/B,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;IACf,0CAAe,CAAA;AACnB,CAAC,EAXW,uBAAuB,uCAAvB,uBAAuB,QAWlC;AAED,MAAa,aAAa;IAItB,IAAI,MAAM;QACN,OAAO,iBAAiB,CAAA;IAC5B,CAAC;IAED,IAAI,gBAAgB;QAChB,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,IAAI,UAAU;QACV,OAAO,+BAAA,IAAI,iCAAY,CAAC,MAAM,CAAC,CAAC,CAAC,+BAAA,IAAI,iCAAY,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;IACvF,CAAC;IAMD;QAJA,oCAAyC,EAAE,EAAA;QAE3C,yCAA+I;QAG3I,+BAAA,IAAI,0BAAY,GAAS,EAAE,wDAAC,OAAA,IAAI,CAAA,GAAA,MAAA,CAAA;IACpC,CAAC;IAED,YAAY,CAAC,IAA6B;QACtC,IAAI,CAAC,+BAAA,IAAI,iCAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,+BAAA,IAAI,iCAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC3B,+BAAA,IAAI,iCAAY,CAAC,IAAI,EAAE,CAAA;QAC3B,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,qBAAqB,CAAC,OAA8I;QAChK,+BAAA,IAAI,0BAAY,OAAO,MAAA,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAEK,aAAa,CAAC,GAA4B;;YAE5C,MAAM,GAAG,GAA6B;gBAClC,aAAa,EAAE,KAAK;aACvB,CAAA;YAED,IAAI,GAAG,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;gBAC/B,uBAAuB,IAAI,GAAG,CAAC,OAAO;gBACtC,GAAG,CAAC,OAAO,CAAC,qBAAqB,IAAI,wDAAwD;gBAC7F,kBAAkB,IAAI,GAAG,CAAC,OAAO;gBACjC,OAAO,GAAG,CAAC,OAAO,CAAC,gBAAgB,KAAK,QAAQ,EAClD,CAAC;gBACC,MAAM,OAAO,GAAG,IAAA,gBAAS,EAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;gBAEvD,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;oBACjD,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAA;oBAC1B,MAAM,SAAS,GAAG,MAAM,+BAAA,IAAI,8BAAS,MAAb,IAAI,EACxB,OAAO,CAAC,GAAG,EACX,OAAO,EACP,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAC/B,CAAC;oBAEF,IAAI,SAAS,EAAE,CAAC;wBACZ,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAC/B,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAC5B,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,EAC/E;4BACI,UAAU,EAAE,IAAI,CAAC,UAAU;yBAC9B,CACJ,CAAA;wBACD,IAAI,OAAO,EAAE,CAAC;4BACV,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAA;wBACnD,CAAC;oBACL,CAAC;gBACL,CAAC;YACL,CAAC;YAED,OAAO,GAAG,CAAC;QACf,CAAC;KAAA;;AA5EL,sCA6EC;;AA3EU,kBAAI,GAAG,uBAAuB,AAA1B,CAA0B"}

package/lib/utils/in-memory-key-store.d.ts

@@ -0,0 +1,12 @@
+import { JwksKeyStore, JwksRotationTimestampStore } from './jwt-authority';
+export declare class InMemoryKeyStore implements JwksKeyStore, JwksRotationTimestampStore {
+    private privateKey?;
+    private publicKeys;
+    private lastRotation;
+    storeKeyPair(_kid: string, privateKey: object, publicKey: object, ttl: number): Promise<void>;
+    getPrivateKey(): Promise<object | undefined>;
+    getPublicKeys(): Promise<object[]>;
+    getLastRotationTimestamp(): Promise<number>;
+    setLastRotationTimestamp(msDate: number): Promise<void>;
+}
+export declare function createInMemoryKeyStore(): InMemoryKeyStore;

package/lib/utils/in-memory-key-store.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryKeyStore = void 0;
+exports.createInMemoryKeyStore = createInMemoryKeyStore;
+const tslib_1 = require("tslib");
+// In-memory key store for testing
+class InMemoryKeyStore {
+    constructor() {
+        this.publicKeys = [];
+        this.lastRotation = 0;
+    }
+    storeKeyPair(_kid, privateKey, publicKey, ttl) {
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            this.privateKey = privateKey;
+            const exp = Date.now() + ttl * 1000;
+            this.publicKeys.push({ key: publicKey, exp });
+        });
+    }
+    getPrivateKey() {
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            return this.privateKey;
+        });
+    }
+    getPublicKeys() {
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            const now = Date.now();
+            this.publicKeys = this.publicKeys.filter(k => k.exp > now);
+            return this.publicKeys.map(k => k.key);
+        });
+    }
+    getLastRotationTimestamp() {
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            return this.lastRotation;
+        });
+    }
+    setLastRotationTimestamp(msDate) {
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            this.lastRotation = msDate;
+        });
+    }
+}
+exports.InMemoryKeyStore = InMemoryKeyStore;
+function createInMemoryKeyStore() {
+    return new InMemoryKeyStore();
+}
+//# sourceMappingURL=in-memory-key-store.js.map

package/lib/utils/in-memory-key-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"in-memory-key-store.js","sourceRoot":"","sources":["../../src/utils/in-memory-key-store.ts"],"names":[],"mappings":";;;AAiCA,wDAEC;;AAjCD,kCAAkC;AAClC,MAAa,gBAAgB;IAA7B;QAEY,eAAU,GAAmC,EAAE,CAAC;QAChD,iBAAY,GAAW,CAAC,CAAC;IAyBrC,CAAC;IAvBS,YAAY,CAAC,IAAY,EAAE,UAAkB,EAAE,SAAiB,EAAE,GAAW;;YAC/E,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QAClD,CAAC;KAAA;IAEK,aAAa;;YACf,OAAO,IAAI,CAAC,UAAU,CAAC;QAC3B,CAAC;KAAA;IAEK,aAAa;;YACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAA;YAC1D,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3C,CAAC;KAAA;IAEK,wBAAwB;;YAC1B,OAAO,IAAI,CAAC,YAAY,CAAC;QAC7B,CAAC;KAAA;IAEK,wBAAwB,CAAC,MAAc;;YACzC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;QAC/B,CAAC;KAAA;CACJ;AA5BD,4CA4BC;AAED,SAAgB,sBAAsB;IAClC,OAAO,IAAI,gBAAgB,EAAE,CAAA;AACjC,CAAC"}

package/lib/utils/jwt-authority.d.ts

@@ -0,0 +1,81 @@
+import jose from 'node-jose';
+import jwktopem from 'jwk-to-pem';
+import { JWTPayload } from 'jose';
+import { ILogger } from '@kaapi/kaapi';
+export interface JwksKeyStore {
+    /**
+     * Stores the current active private key and its corresponding public key.
+     * The public key will be kept for the duration of the TTL for JWKS purposes.
+     */
+    storeKeyPair(kid: string, privateKey: object, publicKey: object, ttl: number): void | Promise<void>;
+    /**
+     * Retrieves the current private key used for signing.
+     */
+    getPrivateKey(): Promise<object | undefined>;
+    /**
+     * Retrieves all valid public keys that have not expired.
+     * These are used for exposing in JWKS.
+     */
+    getPublicKeys(): Promise<object[]>;
+}
+export interface KeyGenerator {
+    generateKeyPair(): Promise<void>;
+}
+/**
+ * - Generates JWK key pairs
+ * - Signs JWTs
+ * - Verifies JWTs
+ * - Exposes public keys (for JWKS endpoint)
+ */
+export declare class JwtAuthority implements KeyGenerator {
+    #private;
+    /**
+     *
+     * @param store
+     * @param ttl seconds
+     */
+    constructor(store: JwksKeyStore, ttl?: number);
+    getPublicKeys(): Promise<{
+        keys: jose.JWK.RawKey[];
+    }>;
+    /**
+     * Get current kid for observability/debugging
+     */
+    getCurrentKid(): Promise<string | undefined>;
+    /**
+     * Helper for JWKS endpoint
+     */
+    getJwksEndpointResponse(): Promise<{
+        keys: jose.JWK.RawKey[];
+    }>;
+    getPublicKey(kid: string): Promise<jwktopem.RSA | undefined>;
+    generateKeyPair(): Promise<void>;
+    sign(payload: JWTPayload): Promise<{
+        token: string;
+        kid: string;
+    }>;
+    verify<P extends JWTPayload = JWTPayload>(token: string): Promise<P>;
+}
+export interface JwksRotationTimestampStore {
+    getLastRotationTimestamp(): Promise<number>;
+    setLastRotationTimestamp(rotationTimestamp: number): Promise<void>;
+}
+export interface JwksRotatorOptions {
+    keyGenerator: KeyGenerator;
+    rotatorKeyStore: JwksRotationTimestampStore;
+    rotationIntervalMs: number;
+    logger?: ILogger;
+}
+export declare class JwksRotator {
+    private readonly keyGenerator;
+    private readonly rotatorKeyStore;
+    private readonly rotationIntervalMs;
+    private readonly logger;
+    constructor({ keyGenerator, rotationIntervalMs, rotatorKeyStore, logger }: JwksRotatorOptions);
+    /**
+     * Checks if rotation is due, and performs rotation if necessary.
+     * Should be called at service startup or on a schedule (e.g. every hour).
+     */
+    checkAndRotateKeys(): Promise<void>;
+    private rotateKeys;
+}