@kronos-integration/service-authenticator 1.5.36 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kronos-integration/service-authenticator",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.6.1",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -30,18 +30,18 @@
|
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
32
|
"@kronos-integration/endpoint": "^9.4.14",
|
|
33
|
-
"@kronos-integration/service": "^10.4.
|
|
33
|
+
"@kronos-integration/service": "^10.4.11",
|
|
34
34
|
"jsonwebtoken": "^8.5.1",
|
|
35
35
|
"model-attributes": "^4.1.12"
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
38
|
"ava": "^3.15.0",
|
|
39
|
-
"c8": "^7.
|
|
39
|
+
"c8": "^7.10.0",
|
|
40
40
|
"documentation": "^13.2.5",
|
|
41
|
-
"semantic-release": "^
|
|
41
|
+
"semantic-release": "^18.0.1"
|
|
42
42
|
},
|
|
43
43
|
"engines": {
|
|
44
|
-
"node": ">=
|
|
44
|
+
"node": ">=16.13.1"
|
|
45
45
|
},
|
|
46
46
|
"repository": {
|
|
47
47
|
"type": "git",
|
|
@@ -1,8 +1,11 @@
|
|
|
1
|
+
import { promisify } from "util";
|
|
1
2
|
import jwt from "jsonwebtoken";
|
|
2
3
|
import ms from "ms";
|
|
3
4
|
import { mergeAttributes, createAttributes } from "model-attributes";
|
|
4
5
|
import { Service } from "@kronos-integration/service";
|
|
5
6
|
|
|
7
|
+
export const verifyJWT = promisify(jwt.verify);
|
|
8
|
+
|
|
6
9
|
/**
|
|
7
10
|
* @typedef {Object} JWTResponse
|
|
8
11
|
* @property {string} access_token
|
|
@@ -61,7 +64,7 @@ export class ServiceAuthenticator extends Service {
|
|
|
61
64
|
refresh_token: {
|
|
62
65
|
attributes: {
|
|
63
66
|
algorithm,
|
|
64
|
-
expiresIn: { default: "
|
|
67
|
+
expiresIn: { default: "90d", type: "duration" }
|
|
65
68
|
}
|
|
66
69
|
}
|
|
67
70
|
}
|
|
@@ -123,13 +126,27 @@ export class ServiceAuthenticator extends Service {
|
|
|
123
126
|
async accessTokenGenerator(credentials) {
|
|
124
127
|
try {
|
|
125
128
|
let entitlements = [];
|
|
129
|
+
let refreshClaims = { sequence: 1 };
|
|
130
|
+
|
|
131
|
+
if (credentials.refresh_token) {
|
|
132
|
+
const decoded = await verifyJWT(credentials.refresh_token, this.jwt.public);
|
|
133
|
+
if (decoded) {
|
|
134
|
+
// this.info("refresh " + decoded);
|
|
135
|
+
entitlements = ["refresh"]; // TODO
|
|
136
|
+
refreshClaims.name = decoded.name;
|
|
137
|
+
refreshClaims.sequence = decoded.sequence + 1;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
else {
|
|
141
|
+
refreshClaims.name = credentials.username;
|
|
126
142
|
|
|
127
|
-
|
|
128
|
-
|
|
143
|
+
for (const e of this.authEndpoints) {
|
|
144
|
+
const response = await e.send(credentials);
|
|
129
145
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
146
|
+
if (response && response.entitlements) {
|
|
147
|
+
entitlements = [...response.entitlements];
|
|
148
|
+
break;
|
|
149
|
+
}
|
|
133
150
|
}
|
|
134
151
|
}
|
|
135
152
|
|
|
@@ -137,6 +154,7 @@ export class ServiceAuthenticator extends Service {
|
|
|
137
154
|
|
|
138
155
|
if (entitlements.length > 0) {
|
|
139
156
|
const j = this.jwt;
|
|
157
|
+
|
|
140
158
|
const claims = {
|
|
141
159
|
name: credentials.username,
|
|
142
160
|
...j.claims,
|
|
@@ -146,7 +164,7 @@ export class ServiceAuthenticator extends Service {
|
|
|
146
164
|
token_type: "Bearer",
|
|
147
165
|
expires_in: ms(j.access_token.expiresIn) / 1000,
|
|
148
166
|
access_token: jwt.sign(claims, j.private, j.access_token),
|
|
149
|
-
refresh_token: jwt.sign(
|
|
167
|
+
refresh_token: jwt.sign(refreshClaims, j.private, j.refresh_token)
|
|
150
168
|
};
|
|
151
169
|
} else {
|
|
152
170
|
throw new Error("Not authorized");
|