@lindorm/aegis 0.1.0

package/dist/types/jwt/jwt-sign.d.ts

@@ -0,0 +1,48 @@
+import { Expiry } from "@lindorm/date";
+import { Dict } from "@lindorm/types";
+import { AdjustedAccessLevel, LevelOfAssurance } from "../level-of-assurance";
+export type SignJwtContent<C extends Dict = Dict> = {
+    accessToken?: string;
+    adjustedAccessLevel?: AdjustedAccessLevel;
+    audience?: Array<string>;
+    authCode?: string;
+    authContextClass?: string;
+    authFactor?: string;
+    authMethods?: Array<string>;
+    authorizedParty?: string;
+    authState?: string;
+    authTime?: Date;
+    claims?: C;
+    clientId?: string;
+    expires: Expiry;
+    grantType?: string;
+    levelOfAssurance?: LevelOfAssurance;
+    nonce?: string;
+    notBefore?: Date;
+    permissions?: Array<string>;
+    roles?: Array<string>;
+    scope?: Array<string>;
+    sessionHint?: string;
+    sessionId?: string;
+    subject: string;
+    subjectHint?: string;
+    tenantId?: string;
+    tokenType: string;
+};
+export type SignJwtOptions = {
+    accessTokenHash?: string;
+    codeHash?: string;
+    issuedAt?: Date;
+    objectId?: string;
+    stateHash?: string;
+    tokenId?: string;
+};
+export type SignedJwt = {
+    expiresAt: Date;
+    expiresIn: number;
+    expiresOn: number;
+    objectId: string;
+    token: string;
+    tokenId: string;
+};
+//# sourceMappingURL=jwt-sign.d.ts.map

package/dist/types/jwt/jwt-sign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-sign.d.ts","sourceRoot":"","sources":["../../../src/types/jwt/jwt-sign.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9E,MAAM,MAAM,cAAc,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI;IAClD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAC1C,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,IAAI,CAAC;IAChB,MAAM,CAAC,EAAE,CAAC,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC"}

package/dist/types/jwt/jwt-sign.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=jwt-sign.js.map

package/dist/types/jwt/jwt-sign.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-sign.js","sourceRoot":"","sources":["../../../src/types/jwt/jwt-sign.ts"],"names":[],"mappings":""}

package/dist/types/jwt/jwt-validate.d.ts

@@ -0,0 +1,32 @@
+import { KryptosAlgorithm } from "@lindorm/kryptos";
+import { Dict } from "@lindorm/types";
+import { Operators } from "../operators";
+export type ValidateJwtOptions<C extends Dict = Dict> = {
+    algorithm?: KryptosAlgorithm;
+    accessToken?: string;
+    adjustedAccessLevel?: Operators;
+    audience?: Array<string> | string | Operators;
+    authCode?: string;
+    authContextClass?: string | Operators;
+    authFactor?: string | Operators;
+    authMethods?: Array<string> | string | Operators;
+    authorizedParty?: string | Operators;
+    authState?: string;
+    authTime?: Operators;
+    clientId?: Array<string> | string | Operators;
+    grantType?: string | Operators;
+    issuer?: string | Operators;
+    levelOfAssurance?: number | Operators;
+    nonce?: string | Operators;
+    permissions?: Array<string> | string | Operators;
+    roles?: Array<string> | string | Operators;
+    scope?: Array<string> | string | Operators;
+    sessionHint?: Array<string> | string | Operators;
+    subject?: Array<string> | string | Operators;
+    subjectHint?: string | Operators;
+    tenantId?: Array<string> | string | Operators;
+    tokenType?: string | Operators;
+} & {
+    [key in keyof C]?: Operators;
+};
+//# sourceMappingURL=jwt-validate.d.ts.map

package/dist/types/jwt/jwt-validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-validate.d.ts","sourceRoot":"","sources":["../../../src/types/jwt/jwt-validate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI;IACtD,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,SAAS,CAAC;IAChC,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC9C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC9C,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC9C,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAChC,GAAG;KACD,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,SAAS;CAC7B,CAAC"}

package/dist/types/jwt/jwt-validate.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=jwt-validate.js.map

package/dist/types/jwt/jwt-validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-validate.js","sourceRoot":"","sources":["../../../src/types/jwt/jwt-validate.ts"],"names":[],"mappings":""}

package/dist/types/jwt/jwt-verify.d.ts

@@ -0,0 +1,41 @@
+import { KryptosSigAlgorithm } from "@lindorm/kryptos";
+import { Dict } from "@lindorm/types";
+import { ParsedTokenHeader } from "../header";
+import { Operators } from "../operators";
+import { DecodedJwt } from "./jwt-decode";
+import { ParsedJwtPayload } from "./jwt-parse";
+export type VerifyJwtOptions = {
+    accessToken?: string;
+    adjustedAccessLevel?: Operators;
+    audience?: Array<string> | string | Operators;
+    authCode?: string;
+    authContextClass?: string | Operators;
+    authFactor?: string | Operators;
+    authMethods?: Array<string> | string | Operators;
+    authorizedParty?: string | Operators;
+    authState?: string;
+    authTime?: Operators;
+    clientId?: Array<string> | string | Operators;
+    grantType?: string | Operators;
+    issuer?: string | Operators;
+    levelOfAssurance?: number | Operators;
+    nonce?: string | Operators;
+    permissions?: Array<string> | string | Operators;
+    roles?: Array<string> | string | Operators;
+    scope?: Array<string> | string | Operators;
+    sessionHint?: Array<string> | string | Operators;
+    subject?: Array<string> | string | Operators;
+    subjectHint?: string | Operators;
+    tenantId?: Array<string> | string | Operators;
+    tokenType?: string | Operators;
+};
+export type VerifiedJwtHeader = Omit<ParsedTokenHeader, "algorithm" | "type"> & {
+    algorithm: KryptosSigAlgorithm;
+    type: "JWT";
+};
+export type VerifiedJwt<C extends Dict = Dict> = {
+    __jwt: DecodedJwt<C>;
+    header: VerifiedJwtHeader;
+    payload: ParsedJwtPayload<C>;
+};
+//# sourceMappingURL=jwt-verify.d.ts.map

package/dist/types/jwt/jwt-verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/types/jwt/jwt-verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,MAAM,gBAAgB,GAAG;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,SAAS,CAAC;IAChC,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC9C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC9C,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC3C,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAC9C,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,EAAE,WAAW,GAAG,MAAM,CAAC,GAAG;IAC9E,SAAS,EAAE,mBAAmB,CAAC;IAC/B,IAAI,EAAE,KAAK,CAAC;CACb,CAAC;AAEF,MAAM,MAAM,WAAW,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI;IAC/C,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;IACrB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC;CAC9B,CAAC"}

package/dist/types/jwt/jwt-verify.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=jwt-verify.js.map

package/dist/types/jwt/jwt-verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-verify.js","sourceRoot":"","sources":["../../../src/types/jwt/jwt-verify.ts"],"names":[],"mappings":""}

package/dist/types/level-of-assurance.d.ts

@@ -0,0 +1,3 @@
+export type LevelOfAssurance = 1 | 2 | 3 | 4;
+export type AdjustedAccessLevel = LevelOfAssurance;
+//# sourceMappingURL=level-of-assurance.d.ts.map

package/dist/types/level-of-assurance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"level-of-assurance.d.ts","sourceRoot":"","sources":["../../src/types/level-of-assurance.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAE7C,MAAM,MAAM,mBAAmB,GAAG,gBAAgB,CAAC"}

package/dist/types/level-of-assurance.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=level-of-assurance.js.map

package/dist/types/level-of-assurance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"level-of-assurance.js","sourceRoot":"","sources":["../../src/types/level-of-assurance.ts"],"names":[],"mappings":""}

package/dist/types/oidc.d.ts

@@ -0,0 +1,27 @@
+import { LindormJwk } from "@lindorm/kryptos";
+export type OpenIdConfigurationResponse = {
+    authorizationEndpoint: string;
+    claimsSupported: Array<string>;
+    codeChallengeMethodsSupported: Array<string>;
+    deviceAuthorizationEndpoint: string;
+    idTokenSigningAlgValuesSupported: Array<string>;
+    issuer: string;
+    jwksUri: string;
+    mfaChallengeEndpoint: string;
+    registrationEndpoint: string;
+    requestParameterSupported: boolean;
+    requestUriParameterSupported: boolean;
+    responseModesSupported: Array<string>;
+    responseTypesSupported: Array<string>;
+    revocationEndpoint: string;
+    scopesSupported: Array<string>;
+    subjectTypesSupported: Array<string>;
+    tokenEndpoint: string;
+    tokenEndpointAuthMethodsSupported: Array<string>;
+    tokenEndpointAuthSigningAlgValuesSupported: string;
+    userinfoEndpoint: string;
+};
+export type OpenIdJwksResponse = {
+    keys: Array<LindormJwk>;
+};
+//# sourceMappingURL=oidc.d.ts.map

package/dist/types/oidc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/types/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,MAAM,MAAM,2BAA2B,GAAG;IACxC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/B,6BAA6B,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7C,2BAA2B,EAAE,MAAM,CAAC;IACpC,gCAAgC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,yBAAyB,EAAE,OAAO,CAAC;IACnC,4BAA4B,EAAE,OAAO,CAAC;IACtC,sBAAsB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtC,sBAAsB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/B,qBAAqB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjD,0CAA0C,EAAE,MAAM,CAAC;IACnD,gBAAgB,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;CACzB,CAAC"}

package/dist/types/oidc.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=oidc.js.map

package/dist/types/oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/types/oidc.ts"],"names":[],"mappings":""}

package/dist/types/operators.d.ts

@@ -0,0 +1,27 @@
+type Ops = {
+    $exists?: boolean;
+    $eq?: Date | string | number;
+    $ne?: Date | string | number;
+    $in?: Array<string | number>;
+    $nin?: Array<string | number>;
+    $has?: string;
+    $not?: string;
+    $all?: Array<string>;
+    $any?: Array<string>;
+    $none?: Array<string>;
+    $before?: Date;
+    $beforeOrEq?: Date;
+    $after?: Date;
+    $afterOrEq?: Date;
+    $gt?: number;
+    $gte?: number;
+    $lt?: number;
+    $lte?: number;
+    $regex?: string;
+};
+export type Operators = Ops & {
+    $and?: Array<Operators>;
+    $or?: Array<Operators>;
+};
+export {};
+//# sourceMappingURL=operators.d.ts.map

package/dist/types/operators.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"operators.d.ts","sourceRoot":"","sources":["../../src/types/operators.ts"],"names":[],"mappings":"AAAA,KAAK,GAAG,GAAG;IACT,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,GAAG,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;IAC7B,GAAG,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;IAE7B,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC7B,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAI9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAItB,OAAO,CAAC,EAAE,IAAI,CAAC;IACf,WAAW,CAAC,EAAE,IAAI,CAAC;IAEnB,MAAM,CAAC,EAAE,IAAI,CAAC;IACd,UAAU,CAAC,EAAE,IAAI,CAAC;IAIlB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IAId,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,GAAG,GAAG;IAC5B,IAAI,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IACxB,GAAG,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CACxB,CAAC"}

package/dist/types/operators.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=operators.js.map

package/dist/types/operators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"operators.js","sourceRoot":"","sources":["../../src/types/operators.ts"],"names":[],"mappings":""}

package/dist/utils/private/create-hash.d.ts

@@ -0,0 +1,8 @@
+import { KryptosAlgorithm } from "@lindorm/kryptos";
+type ShaAlgorithm = "SHA256" | "SHA384" | "SHA512";
+export declare const _shaAlgorithm: (algorithm: KryptosAlgorithm) => ShaAlgorithm;
+export declare const _createAccessTokenHash: (algorithm: KryptosAlgorithm, data: string) => string;
+export declare const _createCodeHash: (algorithm: KryptosAlgorithm, data: string) => string;
+export declare const _createStateHash: (algorithm: KryptosAlgorithm, data: string) => string;
+export {};
+//# sourceMappingURL=create-hash.d.ts.map

package/dist/utils/private/create-hash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-hash.d.ts","sourceRoot":"","sources":["../../../src/utils/private/create-hash.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGpD,KAAK,YAAY,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEnD,eAAO,MAAM,aAAa,cAAe,gBAAgB,KAAG,YAM3D,CAAC;AAgBF,eAAO,MAAM,sBAAsB,cACtB,gBAAgB,QACrB,MAAM,KACX,MAA2C,CAAC;AAE/C,eAAO,MAAM,eAAe,cAAe,gBAAgB,QAAQ,MAAM,KAAG,MACzC,CAAC;AAEpC,eAAO,MAAM,gBAAgB,cAAe,gBAAgB,QAAQ,MAAM,KAAG,MAC1C,CAAC"}

package/dist/utils/private/create-hash.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._createStateHash = exports._createCodeHash = exports._createAccessTokenHash = exports._shaAlgorithm = void 0;
+const b64_1 = require("@lindorm/b64");
+const crypto_1 = require("crypto");
+const _shaAlgorithm = (algorithm) => {
+    if (algorithm.endsWith("256"))
+        return "SHA256";
+    if (algorithm.endsWith("384"))
+        return "SHA384";
+    if (algorithm.endsWith("512"))
+        return "SHA512";
+    return "SHA256";
+};
+exports._shaAlgorithm = _shaAlgorithm;
+const _createHashBuffer = (algorithm, data) => (0, crypto_1.createHash)(algorithm).update(data, "utf8").digest();
+const _getLeftBits = (buffer, bits) => buffer.subarray(0, bits / 8);
+const _createHash = (algorithm, data, bits) => {
+    const sha = (0, exports._shaAlgorithm)(algorithm);
+    const buffer = _createHashBuffer(sha, data);
+    const left = _getLeftBits(buffer, bits);
+    return b64_1.B64.encode(left, "base64url");
+};
+const _createAccessTokenHash = (algorithm, data) => _createHash(algorithm, data, 128);
+exports._createAccessTokenHash = _createAccessTokenHash;
+const _createCodeHash = (algorithm, data) => _createHash(algorithm, data, 256);
+exports._createCodeHash = _createCodeHash;
+const _createStateHash = (algorithm, data) => _createHash(algorithm, data, 128);
+exports._createStateHash = _createStateHash;
+//# sourceMappingURL=create-hash.js.map

package/dist/utils/private/create-hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-hash.js","sourceRoot":"","sources":["../../../src/utils/private/create-hash.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AAEnC,mCAAoC;AAI7B,MAAM,aAAa,GAAG,CAAC,SAA2B,EAAgB,EAAE;IACzE,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/C,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/C,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE/C,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AANW,QAAA,aAAa,iBAMxB;AAEF,MAAM,iBAAiB,GAAG,CAAC,SAAuB,EAAE,IAAY,EAAU,EAAE,CAC1E,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;AAEtD,MAAM,YAAY,GAAG,CAAC,MAAc,EAAE,IAAY,EAAU,EAAE,CAC5D,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;AAE/B,MAAM,WAAW,GAAG,CAAC,SAA2B,EAAE,IAAY,EAAE,IAAY,EAAU,EAAE;IACtF,MAAM,GAAG,GAAG,IAAA,qBAAa,EAAC,SAAS,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAExC,OAAO,SAAG,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;AACvC,CAAC,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,SAA2B,EAC3B,IAAY,EACJ,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;AAHlC,QAAA,sBAAsB,0BAGY;AAExC,MAAM,eAAe,GAAG,CAAC,SAA2B,EAAE,IAAY,EAAU,EAAE,CACnF,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;AADvB,QAAA,eAAe,mBACQ;AAE7B,MAAM,gBAAgB,GAAG,CAAC,SAA2B,EAAE,IAAY,EAAU,EAAE,CACpF,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;AADvB,QAAA,gBAAgB,oBACO"}

package/dist/utils/private/create-token-signature.d.ts

@@ -0,0 +1,9 @@
+import { IKryptos } from "@lindorm/kryptos";
+type Options = {
+    header: string;
+    payload: string;
+    kryptos: IKryptos;
+};
+export declare const _createTokenSignature: (options: Options) => string;
+export {};
+//# sourceMappingURL=create-token-signature.d.ts.map

package/dist/utils/private/create-token-signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-token-signature.d.ts","sourceRoot":"","sources":["../../../src/utils/private/create-token-signature.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAM5C,KAAK,OAAO,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,QAAQ,CAAC;CACnB,CAAC;AAsBF,eAAO,MAAM,qBAAqB,YAAa,OAAO,KAAG,MAmBxD,CAAC"}

package/dist/utils/private/create-token-signature.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._createTokenSignature = void 0;
+const ec_1 = require("@lindorm/ec");
+const oct_1 = require("@lindorm/oct");
+const okp_1 = require("@lindorm/okp");
+const rsa_1 = require("@lindorm/rsa");
+const errors_1 = require("../../errors");
+const _signEc = (kryptos, data) => {
+    const kit = new ec_1.EcKit({ kryptos, format: "raw" });
+    return kit.sign(data);
+};
+const _signOct = (kryptos, data) => {
+    const kit = new oct_1.OctKit({ kryptos, format: "base64url" });
+    return kit.sign(data);
+};
+const _signOkp = (kryptos, data) => {
+    const kit = new okp_1.OkpKit({ kryptos, format: "base64url" });
+    return kit.sign(data);
+};
+const _signRsa = (kryptos, data) => {
+    const kit = new rsa_1.RsaKit({ kryptos, format: "base64url" });
+    return kit.sign(data);
+};
+const _createTokenSignature = (options) => {
+    const data = `${options.header}.${options.payload}`;
+    switch (options.kryptos.type) {
+        case "EC":
+            return _signEc(options.kryptos, data);
+        case "oct":
+            return _signOct(options.kryptos, data);
+        case "OKP":
+            return _signOkp(options.kryptos, data);
+        case "RSA":
+            return _signRsa(options.kryptos, data);
+        default:
+            throw new errors_1.JwtError("Unsupported algorithm");
+    }
+};
+exports._createTokenSignature = _createTokenSignature;
+//# sourceMappingURL=create-token-signature.js.map

package/dist/utils/private/create-token-signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-token-signature.js","sourceRoot":"","sources":["../../../src/utils/private/create-token-signature.ts"],"names":[],"mappings":";;;AAAA,oCAAoC;AAEpC,sCAAsC;AACtC,sCAAsC;AACtC,sCAAsC;AACtC,yCAAwC;AAQxC,MAAM,OAAO,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAU,EAAE;IAC1D,MAAM,GAAG,GAAG,IAAI,UAAK,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC,CAAC;AAEF,MAAM,QAAQ,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAU,EAAE;IAC3D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACzD,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC,CAAC;AAEF,MAAM,QAAQ,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAU,EAAE;IAC3D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACzD,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC,CAAC;AAEF,MAAM,QAAQ,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAU,EAAE;IAC3D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACzD,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC,CAAC;AAEK,MAAM,qBAAqB,GAAG,CAAC,OAAgB,EAAU,EAAE;IAChE,MAAM,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAEpD,QAAQ,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7B,KAAK,IAAI;YACP,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAExC,KAAK,KAAK;YACR,OAAO,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEzC,KAAK,KAAK;YACR,OAAO,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEzC,KAAK,KAAK;YACR,OAAO,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEzC;YACE,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,CAAC,CAAC;IAChD,CAAC;AACH,CAAC,CAAC;AAnBW,QAAA,qBAAqB,yBAmBhC"}

package/dist/utils/private/jwt-payload.d.ts

@@ -0,0 +1,20 @@
+import { KryptosAlgorithm } from "@lindorm/kryptos";
+import { Dict } from "@lindorm/types";
+import { JwtClaims, ParsedJwtPayload, SignJwtContent, SignJwtOptions } from "../../types";
+type Config = {
+    algorithm: KryptosAlgorithm;
+    issuer: string;
+};
+type Result = {
+    expiresAt: Date;
+    expiresIn: number;
+    expiresOn: number;
+    payload: string;
+    tokenId: string;
+};
+export declare const _encodeJwtPayload: <C extends Dict = Dict>(config: Config, content: SignJwtContent<C>, options: SignJwtOptions) => Result;
+type DecodeClaims<C extends Dict = Dict> = JwtClaims & C;
+export declare const _decodeJwtPayload: <C extends Dict = Dict<never>>(payload: string) => DecodeClaims<C>;
+export declare const _parseJwtPayload: <C extends Dict = Dict<never>>(decoded: DecodeClaims<C>) => ParsedJwtPayload<C>;
+export {};
+//# sourceMappingURL=jwt-payload.d.ts.map

package/dist/utils/private/jwt-payload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/utils/private/jwt-payload.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAItC,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG1F,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,eAAO,MAAM,iBAAiB,kCACpB,MAAM,WACL,eAAe,CAAC,CAAC,WACjB,cAAc,KACtB,MAmFF,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAAG,CAAC,CAAC;AAEzD,eAAO,MAAM,iBAAiB,0CACnB,MAAM,KACd,aAAa,CAAC,CAAyD,CAAC;AAE3E,eAAO,MAAM,gBAAgB,0CAClB,aAAa,CAAC,CAAC,KACvB,iBAAiB,CAAC,CA4EpB,CAAC"}

package/dist/utils/private/jwt-payload.js

@@ -0,0 +1,132 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._parseJwtPayload = exports._decodeJwtPayload = exports._encodeJwtPayload = void 0;
+const b64_1 = require("@lindorm/b64");
+const date_1 = require("@lindorm/date");
+const is_1 = require("@lindorm/is");
+const utils_1 = require("@lindorm/utils");
+const crypto_1 = require("crypto");
+const errors_1 = require("../../errors");
+const create_hash_1 = require("./create-hash");
+const _encodeJwtPayload = (config, content, options) => {
+    if (!(0, is_1.isString)(config.algorithm)) {
+        throw new errors_1.JwtError("Algorithm is required");
+    }
+    if (!(0, is_1.isUrlLike)(config.issuer)) {
+        throw new errors_1.JwtError("Issuer is required");
+    }
+    if (!content.expires) {
+        throw new errors_1.JwtError("Expires is required");
+    }
+    if (!(0, is_1.isString)(content.subject)) {
+        throw new errors_1.JwtError("Subject is required");
+    }
+    if (!(0, is_1.isString)(content.tokenType)) {
+        throw new errors_1.JwtError("Token type is required");
+    }
+    const { expiresAt, expiresIn, expiresOn } = (0, date_1.expires)(content.expires);
+    const at_hash = (0, is_1.isString)(options.accessTokenHash)
+        ? options.accessTokenHash
+        : (0, is_1.isString)(content.accessToken)
+            ? (0, create_hash_1._createAccessTokenHash)(config.algorithm, content.accessToken)
+            : undefined;
+    const c_hash = (0, is_1.isString)(options.codeHash)
+        ? options.codeHash
+        : (0, is_1.isString)(content.authCode)
+            ? (0, create_hash_1._createCodeHash)(config.algorithm, content.authCode)
+            : undefined;
+    const s_hash = (0, is_1.isString)(options.stateHash)
+        ? options.stateHash
+        : (0, is_1.isString)(content.authState)
+            ? (0, create_hash_1._createStateHash)(config.algorithm, content.authState)
+            : undefined;
+    const tokenId = (0, is_1.isString)(options.tokenId) ? options.tokenId : (0, crypto_1.randomUUID)();
+    const claims = (0, utils_1.removeUndefined)({
+        aal: (0, is_1.isFinite)(content.adjustedAccessLevel) ? content.adjustedAccessLevel : undefined,
+        acr: (0, is_1.isString)(content.authContextClass) ? content.authContextClass : undefined,
+        afr: (0, is_1.isString)(content.authFactor) ? content.authFactor : undefined,
+        amr: (0, is_1.isArray)(content.authMethods) ? content.authMethods : undefined,
+        at_hash,
+        aud: (0, is_1.isArray)(content.audience) ? content.audience : undefined,
+        auth_time: (0, is_1.isDate)(content.authTime) ? (0, date_1.getUnixTime)(content.authTime) : undefined,
+        azp: (0, is_1.isString)(content.authorizedParty) ? content.authorizedParty : undefined,
+        c_hash,
+        cid: (0, is_1.isString)(content.clientId) ? content.clientId : undefined,
+        exp: expiresOn,
+        gty: (0, is_1.isString)(content.grantType) ? content.grantType : undefined,
+        iat: (0, is_1.isDate)(options.issuedAt)
+            ? (0, date_1.getUnixTime)(options.issuedAt)
+            : (0, date_1.getUnixTime)(new Date()),
+        iss: config.issuer,
+        jti: tokenId,
+        loa: (0, is_1.isFinite)(content.levelOfAssurance) ? content.levelOfAssurance : undefined,
+        nbf: (0, is_1.isDate)(content.notBefore)
+            ? (0, date_1.getUnixTime)(content.notBefore)
+            : (0, date_1.getUnixTime)(new Date()),
+        nonce: (0, is_1.isString)(content.nonce) ? content.nonce : undefined,
+        per: (0, is_1.isArray)(content.permissions) ? content.permissions : undefined,
+        rls: (0, is_1.isArray)(content.roles) ? content.roles : undefined,
+        s_hash,
+        scp: (0, is_1.isArray)(content.scope) ? content.scope : undefined,
+        sid: (0, is_1.isString)(content.sessionId) ? content.sessionId : undefined,
+        sih: (0, is_1.isString)(content.sessionHint) ? content.sessionHint : undefined,
+        sub: content.subject,
+        suh: (0, is_1.isString)(content.subjectHint) ? content.subjectHint : undefined,
+        tid: (0, is_1.isString)(content.tenantId) ? content.tenantId : undefined,
+        token_type: content.tokenType,
+    });
+    const payload = b64_1.B64.encode(JSON.stringify({
+        ...claims,
+        ...(content.claims ?? {}),
+    }), "base64url");
+    return { expiresAt, expiresIn, expiresOn, payload, tokenId };
+};
+exports._encodeJwtPayload = _encodeJwtPayload;
+const _decodeJwtPayload = (payload) => JSON.parse(b64_1.B64.toString(payload));
+exports._decodeJwtPayload = _decodeJwtPayload;
+const _parseJwtPayload = (decoded) => {
+    if (!(0, is_1.isFinite)(decoded.exp)) {
+        throw new errors_1.JwtError("Missing claim: exp");
+    }
+    if (!(0, is_1.isFinite)(decoded.iat)) {
+        throw new errors_1.JwtError("Missing claim: iat");
+    }
+    if (!(0, is_1.isString)(decoded.iss)) {
+        throw new errors_1.JwtError("Missing claim: iss");
+    }
+    const { aal, acr, afr, amr, at_hash, aud, auth_time, azp, c_hash, cid, exp, gty, iat, iss, jti, loa, nbf, nonce, per, rls, s_hash, scp, sid, sih, sub, suh, tid, token_type, ...rest } = decoded;
+    const claims = ((0, is_1.isObject)(rest) ? rest : {});
+    return (0, utils_1.removeUndefined)({
+        accessTokenHash: at_hash,
+        adjustedAccessLevel: aal,
+        audience: aud ?? [],
+        authContextClass: acr,
+        authFactor: afr,
+        authMethods: amr ?? [],
+        authorizedParty: azp,
+        authTime: auth_time ? new Date(auth_time * 1000) : undefined,
+        clientId: cid,
+        codeHash: c_hash,
+        expiresAt: exp ? new Date(exp * 1000) : undefined,
+        grantType: gty,
+        issuedAt: iat ? new Date(iat * 1000) : undefined,
+        issuer: iss,
+        levelOfAssurance: loa,
+        nonce,
+        notBefore: nbf ? new Date(nbf * 1000) : undefined,
+        permissions: (0, is_1.isArray)(per) ? per : (0, is_1.isString)(per) ? [per] : [],
+        roles: (0, is_1.isArray)(rls) ? rls : (0, is_1.isString)(rls) ? [rls] : [],
+        scope: (0, is_1.isArray)(scp) ? scp : (0, is_1.isString)(scp) ? [scp] : [],
+        sessionHint: sih,
+        sessionId: sid,
+        stateHash: s_hash,
+        subject: sub ? sub : "unknown",
+        subjectHint: suh,
+        tenantId: tid,
+        tokenId: jti ? jti : "unknown",
+        tokenType: token_type ? token_type : "unknown",
+        claims,
+    });
+};
+exports._parseJwtPayload = _parseJwtPayload;
+//# sourceMappingURL=jwt-payload.js.map

package/dist/utils/private/jwt-payload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/utils/private/jwt-payload.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,wCAAqD;AACrD,oCAAuF;AAGvF,0CAAiD;AACjD,mCAAoC;AACpC,yCAAwC;AAExC,+CAA0F;AAenF,MAAM,iBAAiB,GAAG,CAC/B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,IAAI,CAAC,IAAA,aAAQ,EAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,IAAA,cAAS,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,iBAAQ,CAAC,wBAAwB,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAErE,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,OAAO,CAAC,eAAe;QACzB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC;YAC7B,CAAC,CAAC,IAAA,oCAAsB,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC;YAC/D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC,CAAC,IAAA,6BAAe,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;YACrD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;QACxC,CAAC,CAAC,OAAO,CAAC,SAAS;QACnB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;YAC3B,CAAC,CAAC,IAAA,8BAAgB,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC;YACvD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,mBAAU,GAAE,CAAC;IAE3E,MAAM,MAAM,GAAc,IAAA,uBAAe,EAAC;QACxC,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAClE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,OAAO;QACP,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7D,SAAS,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM;QACN,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC9D,GAAG,EAAE,SAAS;QACd,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC3B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1D,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACvD,MAAM;QACN,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACvD,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC9D,UAAU,EAAE,OAAO,CAAC,SAAS;KAC9B,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,SAAG,CAAC,MAAM,CACxB,IAAI,CAAC,SAAS,CAAC;QACb,GAAG,MAAM;QACT,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;KAC1B,CAAC,EACF,WAAW,CACZ,CAAC;IAEF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC/D,CAAC,CAAC;AAvFW,QAAA,iBAAiB,qBAuF5B;AAIK,MAAM,iBAAiB,GAAG,CAC/B,OAAe,EACE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAC;AAF9D,QAAA,iBAAiB,qBAE6C;AAEpE,MAAM,gBAAgB,GAAG,CAC9B,OAAwB,EACH,EAAE;IACvB,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,EACJ,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,OAAO,EACP,GAAG,EACH,SAAS,EACT,GAAG,EACH,MAAM,EACN,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,KAAK,EACL,GAAG,EACH,GAAG,EACH,MAAM,EACN,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,UAAU,EACV,GAAG,IAAI,EACR,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAM,CAAC;IAEjD,OAAO,IAAA,uBAAe,EAAC;QACrB,eAAe,EAAE,OAAO;QACxB,mBAAmB,EAAE,GAAG;QACxB,QAAQ,EAAE,GAAG,IAAI,EAAE;QACnB,gBAAgB,EAAE,GAAG;QACrB,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,GAAG,IAAI,EAAE;QACtB,eAAe,EAAE,GAAG;QACpB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5D,QAAQ,EAAE,GAAG;QACb,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,SAAS,EAAE,GAAG;QACd,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAChD,MAAM,EAAE,GAAG;QACX,gBAAgB,EAAE,GAAG;QACrB,KAAK;QACL,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,WAAW,EAAE,IAAA,YAAO,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QAC5D,KAAK,EAAE,IAAA,YAAO,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QACtD,KAAK,EAAE,IAAA,YAAO,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QACtD,WAAW,EAAE,GAAG;QAChB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9B,WAAW,EAAE,GAAG;QAChB,QAAQ,EAAE,GAAG;QACb,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9B,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAC9C,MAAM;KACP,CAAC,CAAC;AACL,CAAC,CAAC;AA9EW,QAAA,gBAAgB,oBA8E3B"}

package/dist/utils/private/jwt-validate.d.ts

@@ -0,0 +1,4 @@
+import { Dict } from "@lindorm/types";
+import { Operators, ValidateJwtOptions } from "../../types";
+export declare const _createJwtValidate: <C extends Dict = Dict>(validate: ValidateJwtOptions<C>) => Dict<Operators>;
+//# sourceMappingURL=jwt-validate.d.ts.map

package/dist/utils/private/jwt-validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-validate.d.ts","sourceRoot":"","sources":["../../../src/utils/private/jwt-validate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAG5D,eAAO,MAAM,kBAAkB,oCACnB,mBAAmB,CAAC,CAAC,KAC9B,KAAK,SAAS,CAwChB,CAAC"}

package/dist/utils/private/jwt-validate.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._createJwtValidate = void 0;
+const is_1 = require("@lindorm/is");
+const create_hash_1 = require("./create-hash");
+const _createJwtValidate = (validate) => {
+    const algorithm = validate.algorithm;
+    const ops = {};
+    for (const [key, value] of Object.entries(validate)) {
+        if (key === "algorithm")
+            continue;
+        if (key === "accessToken" && algorithm && (0, is_1.isString)(value)) {
+            ops[key] = { $eq: (0, create_hash_1._createAccessTokenHash)(algorithm, value) };
+            continue;
+        }
+        if (key === "authCode" && algorithm && (0, is_1.isString)(value)) {
+            ops[key] = { $eq: (0, create_hash_1._createCodeHash)(algorithm, value) };
+            continue;
+        }
+        if (key === "authState" && algorithm && (0, is_1.isString)(value)) {
+            ops[key] = { $eq: (0, create_hash_1._createStateHash)(algorithm, value) };
+            continue;
+        }
+        if ((0, is_1.isArray)(value)) {
+            ops[key] = { $all: value };
+            continue;
+        }
+        if ((0, is_1.isNumber)(value)) {
+            ops[key] = { $eq: value };
+            continue;
+        }
+        if ((0, is_1.isString)(value)) {
+            ops[key] = { $eq: value };
+            continue;
+        }
+        if ((0, is_1.isObject)(value)) {
+            ops[key] = value;
+            continue;
+        }
+        throw new Error(`Unsupported value: ${value} for key: ${key}`);
+    }
+    return ops;
+};
+exports._createJwtValidate = _createJwtValidate;
+//# sourceMappingURL=jwt-validate.js.map

package/dist/utils/private/jwt-validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-validate.js","sourceRoot":"","sources":["../../../src/utils/private/jwt-validate.ts"],"names":[],"mappings":";;;AAAA,oCAAoE;AAGpE,+CAA0F;AAEnF,MAAM,kBAAkB,GAAG,CAChC,QAA+B,EACd,EAAE;IACnB,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;IACrC,MAAM,GAAG,GAAoB,EAAE,CAAC;IAEhC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,IAAI,GAAG,KAAK,WAAW;YAAE,SAAS;QAElC,IAAI,GAAG,KAAK,aAAa,IAAI,SAAS,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,oCAAsB,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC7D,SAAS;QACX,CAAC;QACD,IAAI,GAAG,KAAK,UAAU,IAAI,SAAS,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACvD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,6BAAe,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YACtD,SAAS;QACX,CAAC;QACD,IAAI,GAAG,KAAK,WAAW,IAAI,SAAS,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACxD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,8BAAgB,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YACvD,SAAS;QACX,CAAC;QACD,IAAI,IAAA,YAAO,EAAS,KAAK,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YAC3B,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YAC1B,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YAC1B,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,GAAG,CAAC,GAAG,CAAC,GAAG,KAAkB,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,aAAa,GAAG,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AA1CW,QAAA,kBAAkB,sBA0C7B"}

package/dist/utils/private/jwt-verify.d.ts

@@ -0,0 +1,5 @@
+import { KryptosAlgorithm } from "@lindorm/kryptos";
+import { Dict } from "@lindorm/types";
+import { Operators, VerifyJwtOptions } from "../../types";
+export declare const _createJwtVerify: (algorithm: KryptosAlgorithm, verify: VerifyJwtOptions, clockTolerance: number) => Dict<Operators>;
+//# sourceMappingURL=jwt-verify.d.ts.map

package/dist/utils/private/jwt-verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/utils/private/jwt-verify.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAa,SAAS,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAwDrE,eAAO,MAAM,gBAAgB,cAChB,gBAAgB,UACnB,gBAAgB,kBACR,MAAM,KACrB,KAAK,SAAS,CAoDhB,CAAC"}