@kronos-integration/service-authenticator 2.0.1 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/src/service-authenticator.mjs +51 -47
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kronos-integration/service-authenticator",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "3.0.0",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public",
|
|
6
6
|
"provenance": true
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
"lint:docs": "documentation lint ./src/**/*.mjs"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@kronos-integration/endpoint": "^10.0.
|
|
33
|
-
"@kronos-integration/service": "^
|
|
32
|
+
"@kronos-integration/endpoint": "^10.0.5",
|
|
33
|
+
"@kronos-integration/service": "^13.0.0",
|
|
34
34
|
"jsonwebtoken": "^9.0.2"
|
|
35
35
|
},
|
|
36
36
|
"devDependencies": {
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
import { promisify } from "node:util";
|
|
2
2
|
import jwt from "jsonwebtoken";
|
|
3
3
|
import ms from "ms";
|
|
4
|
-
import {
|
|
4
|
+
import {
|
|
5
|
+
mergeAttributeDefinitions,
|
|
6
|
+
prepareAttributesDefinitions,
|
|
7
|
+
default_attribute
|
|
8
|
+
} from "pacc";
|
|
5
9
|
import { Service } from "@kronos-integration/service";
|
|
6
10
|
|
|
7
11
|
export const verifyJWT = promisify(jwt.verify);
|
|
@@ -14,6 +18,8 @@ export const verifyJWT = promisify(jwt.verify);
|
|
|
14
18
|
* @property {number} expires_in seconds the access token is valid
|
|
15
19
|
*/
|
|
16
20
|
|
|
21
|
+
const algorithm = { ...default_attribute, default: "RS256" };
|
|
22
|
+
|
|
17
23
|
/**
|
|
18
24
|
*
|
|
19
25
|
*/
|
|
@@ -29,50 +35,46 @@ export class ServiceAuthenticator extends Service {
|
|
|
29
35
|
return "provide authentication services";
|
|
30
36
|
}
|
|
31
37
|
|
|
32
|
-
static
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
private:
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
attributes: {
|
|
66
|
-
algorithm,
|
|
67
|
-
expiresIn: { default: "90d", type: "duration" }
|
|
68
|
-
}
|
|
38
|
+
static attributes = mergeAttributeDefinitions(
|
|
39
|
+
prepareAttributesDefinitions({
|
|
40
|
+
jwt: {
|
|
41
|
+
description: "jwt related",
|
|
42
|
+
attributes: {
|
|
43
|
+
private: {
|
|
44
|
+
description: "private key for token",
|
|
45
|
+
mandatory: true,
|
|
46
|
+
private: true,
|
|
47
|
+
type: "blob"
|
|
48
|
+
},
|
|
49
|
+
public: {
|
|
50
|
+
description: "public key for token",
|
|
51
|
+
mandatory: true,
|
|
52
|
+
private: true,
|
|
53
|
+
type: "blob"
|
|
54
|
+
},
|
|
55
|
+
claims: {
|
|
56
|
+
attributes: {
|
|
57
|
+
iss: { type: "string" },
|
|
58
|
+
aud: { type: "string" }
|
|
59
|
+
}
|
|
60
|
+
},
|
|
61
|
+
access_token: {
|
|
62
|
+
attributes: {
|
|
63
|
+
algorithm,
|
|
64
|
+
expiresIn: { default: "1h", type: "duration" }
|
|
65
|
+
}
|
|
66
|
+
},
|
|
67
|
+
refresh_token: {
|
|
68
|
+
attributes: {
|
|
69
|
+
algorithm,
|
|
70
|
+
expiresIn: { default: "90d", type: "duration" }
|
|
69
71
|
}
|
|
70
72
|
}
|
|
71
73
|
}
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
74
|
+
}
|
|
75
|
+
}),
|
|
76
|
+
Service.attributes
|
|
77
|
+
);
|
|
76
78
|
|
|
77
79
|
static get endpoints() {
|
|
78
80
|
return {
|
|
@@ -128,17 +130,19 @@ export class ServiceAuthenticator extends Service {
|
|
|
128
130
|
try {
|
|
129
131
|
let entitlements = [];
|
|
130
132
|
let refreshClaims = { sequence: 1 };
|
|
131
|
-
|
|
133
|
+
|
|
132
134
|
if (credentials.refresh_token) {
|
|
133
|
-
const decoded = await verifyJWT(
|
|
135
|
+
const decoded = await verifyJWT(
|
|
136
|
+
credentials.refresh_token,
|
|
137
|
+
this.jwt.public
|
|
138
|
+
);
|
|
134
139
|
if (decoded) {
|
|
135
|
-
|
|
140
|
+
// this.info("refresh " + decoded);
|
|
136
141
|
entitlements = ["refresh"]; // TODO
|
|
137
142
|
refreshClaims.name = decoded.name;
|
|
138
143
|
refreshClaims.sequence = decoded.sequence + 1;
|
|
139
144
|
}
|
|
140
|
-
}
|
|
141
|
-
else {
|
|
145
|
+
} else {
|
|
142
146
|
refreshClaims.name = credentials.username;
|
|
143
147
|
|
|
144
148
|
for (const e of this.authEndpoints) {
|