@kronos-integration/service-authenticator 2.0.2 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/src/service-authenticator.mjs +52 -47
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kronos-integration/service-authenticator",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "3.0.1",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public",
|
|
6
6
|
"provenance": true
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
"lint:docs": "documentation lint ./src/**/*.mjs"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@kronos-integration/endpoint": "^10.0.
|
|
33
|
-
"@kronos-integration/service": "^
|
|
32
|
+
"@kronos-integration/endpoint": "^10.0.5",
|
|
33
|
+
"@kronos-integration/service": "^13.1.2",
|
|
34
34
|
"jsonwebtoken": "^9.0.2"
|
|
35
35
|
},
|
|
36
36
|
"devDependencies": {
|
|
@@ -1,7 +1,12 @@
|
|
|
1
1
|
import { promisify } from "node:util";
|
|
2
2
|
import jwt from "jsonwebtoken";
|
|
3
3
|
import ms from "ms";
|
|
4
|
-
import {
|
|
4
|
+
import {
|
|
5
|
+
prepareAttributesDefinitions,
|
|
6
|
+
default_attribute,
|
|
7
|
+
public_key_attribute,
|
|
8
|
+
private_key_attribute
|
|
9
|
+
} from "pacc";
|
|
5
10
|
import { Service } from "@kronos-integration/service";
|
|
6
11
|
|
|
7
12
|
export const verifyJWT = promisify(jwt.verify);
|
|
@@ -14,6 +19,8 @@ export const verifyJWT = promisify(jwt.verify);
|
|
|
14
19
|
* @property {number} expires_in seconds the access token is valid
|
|
15
20
|
*/
|
|
16
21
|
|
|
22
|
+
const algorithm = { ...default_attribute, default: "RS256" };
|
|
23
|
+
|
|
17
24
|
/**
|
|
18
25
|
*
|
|
19
26
|
*/
|
|
@@ -29,50 +36,46 @@ export class ServiceAuthenticator extends Service {
|
|
|
29
36
|
return "provide authentication services";
|
|
30
37
|
}
|
|
31
38
|
|
|
32
|
-
static
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
attributes: {
|
|
66
|
-
algorithm,
|
|
67
|
-
expiresIn: { default: "90d", type: "duration" }
|
|
68
|
-
}
|
|
39
|
+
static attributes =
|
|
40
|
+
prepareAttributesDefinitions({
|
|
41
|
+
jwt: {
|
|
42
|
+
description: "jwt related",
|
|
43
|
+
attributes: {
|
|
44
|
+
private: {
|
|
45
|
+
...private_key_attribute,
|
|
46
|
+
description: "private key for token",
|
|
47
|
+
mandatory: true,
|
|
48
|
+
type: "blob"
|
|
49
|
+
},
|
|
50
|
+
public: {
|
|
51
|
+
...public_key_attribute,
|
|
52
|
+
description: "public key for token",
|
|
53
|
+
mandatory: true,
|
|
54
|
+
type: "blob"
|
|
55
|
+
},
|
|
56
|
+
claims: {
|
|
57
|
+
attributes: {
|
|
58
|
+
iss: default_attribute,
|
|
59
|
+
aud: default_attribute
|
|
60
|
+
}
|
|
61
|
+
},
|
|
62
|
+
access_token: {
|
|
63
|
+
attributes: {
|
|
64
|
+
algorithm,
|
|
65
|
+
expiresIn: { default: "1h", type: "duration" }
|
|
66
|
+
}
|
|
67
|
+
},
|
|
68
|
+
refresh_token: {
|
|
69
|
+
attributes: {
|
|
70
|
+
algorithm,
|
|
71
|
+
expiresIn: { default: "90d", type: "duration" }
|
|
69
72
|
}
|
|
70
73
|
}
|
|
71
74
|
}
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
75
|
+
}
|
|
76
|
+
},
|
|
77
|
+
Service.attributes
|
|
78
|
+
);
|
|
76
79
|
|
|
77
80
|
static get endpoints() {
|
|
78
81
|
return {
|
|
@@ -128,17 +131,19 @@ export class ServiceAuthenticator extends Service {
|
|
|
128
131
|
try {
|
|
129
132
|
let entitlements = [];
|
|
130
133
|
let refreshClaims = { sequence: 1 };
|
|
131
|
-
|
|
134
|
+
|
|
132
135
|
if (credentials.refresh_token) {
|
|
133
|
-
const decoded = await verifyJWT(
|
|
136
|
+
const decoded = await verifyJWT(
|
|
137
|
+
credentials.refresh_token,
|
|
138
|
+
this.jwt.public
|
|
139
|
+
);
|
|
134
140
|
if (decoded) {
|
|
135
|
-
|
|
141
|
+
// this.info("refresh " + decoded);
|
|
136
142
|
entitlements = ["refresh"]; // TODO
|
|
137
143
|
refreshClaims.name = decoded.name;
|
|
138
144
|
refreshClaims.sequence = decoded.sequence + 1;
|
|
139
145
|
}
|
|
140
|
-
}
|
|
141
|
-
else {
|
|
146
|
+
} else {
|
|
142
147
|
refreshClaims.name = credentials.username;
|
|
143
148
|
|
|
144
149
|
for (const e of this.authEndpoints) {
|