@lindorm/aegis 0.4.4 → 0.6.0

package/dist/internal/utils/extract-claims.js

@@ -0,0 +1,201 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DOMAIN_CLAIM_KEYS = exports.extractDomainClaims = void 0;
+const is_1 = require("@lindorm/is");
+const utils_1 = require("@lindorm/utils");
+const FIELD_KEYS = {
+    subject: ["subject", "sub"],
+    expiresAt: ["expiresAt", "exp"],
+    issuedAt: ["issuedAt", "iat"],
+    notBefore: ["notBefore", "nbf"],
+    issuer: ["issuer", "iss"],
+    audience: ["audience", "aud"],
+    tokenId: ["tokenId", "jti"],
+    accessTokenHash: ["accessTokenHash", "at_hash"],
+    authContextClass: ["authContextClass", "acr"],
+    authMethods: ["authMethods", "amr"],
+    authorizedParty: ["authorizedParty", "azp"],
+    authTime: ["authTime", "auth_time"],
+    codeHash: ["codeHash", "c_hash"],
+    nonce: ["nonce"],
+    stateHash: ["stateHash", "s_hash"],
+    entitlements: ["entitlements"],
+    groups: ["groups"],
+    roles: ["roles"],
+    adjustedAccessLevel: ["adjustedAccessLevel", "aal"],
+    authFactor: ["authFactor", "afr"],
+    clientId: ["clientId", "client_id"],
+    grantType: ["grantType", "gty"],
+    levelOfAssurance: ["levelOfAssurance", "loa"],
+    permissions: ["permissions"],
+    scope: ["scope"],
+    sessionHint: ["sessionHint", "sih"],
+    sessionId: ["sessionId", "sid"],
+    subjectHint: ["subjectHint", "suh"],
+    tenantId: ["tenantId", "tenant_id"],
+};
+const RFC8693_KEYS = {
+    act: ["act"],
+    mayAct: ["mayAct", "may_act"],
+};
+const POP_KEYS = {
+    confirmation: ["confirmation", "cnf"],
+};
+const toDate = (value) => {
+    if (value instanceof Date)
+        return value;
+    if ((0, is_1.isFinite)(value))
+        return new Date(value * 1000);
+    return undefined;
+};
+const toStringArray = (value) => {
+    if ((0, is_1.isArray)(value))
+        return value;
+    if ((0, is_1.isString)(value))
+        return value.split(" ").filter(Boolean);
+    return undefined;
+};
+const toAudience = (value) => {
+    if ((0, is_1.isArray)(value))
+        return value;
+    if ((0, is_1.isString)(value))
+        return [value];
+    return undefined;
+};
+const toActClaim = (value) => {
+    if (!(0, is_1.isObject)(value))
+        return undefined;
+    const v = value;
+    const result = (0, utils_1.removeUndefined)({
+        subject: (0, is_1.isString)(v.subject) ? v.subject : (0, is_1.isString)(v.sub) ? v.sub : undefined,
+        issuer: (0, is_1.isString)(v.issuer) ? v.issuer : (0, is_1.isString)(v.iss) ? v.iss : undefined,
+        audience: toAudience(v.audience ?? v.aud),
+        clientId: (0, is_1.isString)(v.clientId)
+            ? v.clientId
+            : (0, is_1.isString)(v.client_id)
+                ? v.client_id
+                : undefined,
+        act: toActClaim(v.act),
+    });
+    return Object.keys(result).length > 0 ? result : undefined;
+};
+const toConfirmation = (value) => {
+    if (!(0, is_1.isObject)(value))
+        return undefined;
+    const v = value;
+    const result = (0, utils_1.removeUndefined)({
+        thumbprint: (0, is_1.isString)(v.thumbprint)
+            ? v.thumbprint
+            : (0, is_1.isString)(v.jkt)
+                ? v.jkt
+                : undefined,
+        mtlsCertThumbprint: (0, is_1.isString)(v.mtlsCertThumbprint)
+            ? v.mtlsCertThumbprint
+            : (0, is_1.isString)(v["x5t#S256"])
+                ? v["x5t#S256"]
+                : undefined,
+        key: (0, is_1.isObject)(v.key)
+            ? v.key
+            : (0, is_1.isObject)(v.jwk)
+                ? v.jwk
+                : undefined,
+        keyId: (0, is_1.isString)(v.keyId) ? v.keyId : (0, is_1.isString)(v.kid) ? v.kid : undefined,
+        jwkSetUri: (0, is_1.isString)(v.jwkSetUri) ? v.jwkSetUri : (0, is_1.isString)(v.jku) ? v.jku : undefined,
+    });
+    return Object.keys(result).length > 0 ? result : undefined;
+};
+const extractDomainClaims = (input) => {
+    const consumed = new Set();
+    const consume = (keys) => {
+        for (const key of keys) {
+            if (key in input) {
+                consumed.add(key);
+                return input[key];
+            }
+        }
+        return undefined;
+    };
+    const subject = consume(FIELD_KEYS.subject);
+    const expiresAt = consume(FIELD_KEYS.expiresAt);
+    const issuedAt = consume(FIELD_KEYS.issuedAt);
+    const notBefore = consume(FIELD_KEYS.notBefore);
+    const issuer = consume(FIELD_KEYS.issuer);
+    const audience = consume(FIELD_KEYS.audience);
+    const tokenId = consume(FIELD_KEYS.tokenId);
+    const accessTokenHash = consume(FIELD_KEYS.accessTokenHash);
+    const authContextClass = consume(FIELD_KEYS.authContextClass);
+    const authMethods = consume(FIELD_KEYS.authMethods);
+    const authorizedParty = consume(FIELD_KEYS.authorizedParty);
+    const authTime = consume(FIELD_KEYS.authTime);
+    const codeHash = consume(FIELD_KEYS.codeHash);
+    const nonce = consume(FIELD_KEYS.nonce);
+    const stateHash = consume(FIELD_KEYS.stateHash);
+    const entitlements = consume(FIELD_KEYS.entitlements);
+    const groups = consume(FIELD_KEYS.groups);
+    const roles = consume(FIELD_KEYS.roles);
+    const adjustedAccessLevel = consume(FIELD_KEYS.adjustedAccessLevel);
+    const authFactor = consume(FIELD_KEYS.authFactor);
+    const clientId = consume(FIELD_KEYS.clientId);
+    const grantType = consume(FIELD_KEYS.grantType);
+    const levelOfAssurance = consume(FIELD_KEYS.levelOfAssurance);
+    const permissions = consume(FIELD_KEYS.permissions);
+    const scope = consume(FIELD_KEYS.scope);
+    const sessionHint = consume(FIELD_KEYS.sessionHint);
+    const sessionId = consume(FIELD_KEYS.sessionId);
+    const subjectHint = consume(FIELD_KEYS.subjectHint);
+    const tenantId = consume(FIELD_KEYS.tenantId);
+    const act = consume(RFC8693_KEYS.act);
+    const mayAct = consume(RFC8693_KEYS.mayAct);
+    const confirmation = consume(POP_KEYS.confirmation);
+    const claims = (0, utils_1.removeUndefined)({
+        subject: (0, is_1.isString)(subject) ? subject : undefined,
+        expiresAt: toDate(expiresAt),
+        issuedAt: toDate(issuedAt),
+        notBefore: toDate(notBefore),
+        issuer: (0, is_1.isString)(issuer) ? issuer : undefined,
+        audience: toAudience(audience),
+        tokenId: (0, is_1.isString)(tokenId) ? tokenId : undefined,
+        accessTokenHash: (0, is_1.isString)(accessTokenHash) ? accessTokenHash : undefined,
+        authContextClass: (0, is_1.isString)(authContextClass) ? authContextClass : undefined,
+        authMethods: (0, is_1.isArray)(authMethods) ? authMethods : undefined,
+        authorizedParty: (0, is_1.isString)(authorizedParty) ? authorizedParty : undefined,
+        authTime: toDate(authTime),
+        codeHash: (0, is_1.isString)(codeHash) ? codeHash : undefined,
+        nonce: (0, is_1.isString)(nonce) ? nonce : undefined,
+        stateHash: (0, is_1.isString)(stateHash) ? stateHash : undefined,
+        confirmation: toConfirmation(confirmation),
+        act: toActClaim(act),
+        mayAct: toActClaim(mayAct),
+        entitlements: (0, is_1.isArray)(entitlements) ? entitlements : undefined,
+        groups: (0, is_1.isArray)(groups) ? groups : undefined,
+        roles: toStringArray(roles),
+        adjustedAccessLevel: (0, is_1.isFinite)(adjustedAccessLevel)
+            ? adjustedAccessLevel
+            : undefined,
+        authFactor: (0, is_1.isArray)(authFactor) ? authFactor : undefined,
+        clientId: (0, is_1.isString)(clientId) ? clientId : undefined,
+        grantType: (0, is_1.isString)(grantType) ? grantType : undefined,
+        levelOfAssurance: (0, is_1.isFinite)(levelOfAssurance)
+            ? levelOfAssurance
+            : undefined,
+        permissions: toStringArray(permissions),
+        scope: toStringArray(scope),
+        sessionHint: (0, is_1.isString)(sessionHint) ? sessionHint : undefined,
+        sessionId: (0, is_1.isString)(sessionId) ? sessionId : undefined,
+        subjectHint: (0, is_1.isString)(subjectHint) ? subjectHint : undefined,
+        tenantId: (0, is_1.isString)(tenantId) ? tenantId : undefined,
+    });
+    const rest = {};
+    for (const key of Object.keys(input)) {
+        if (!consumed.has(key))
+            rest[key] = input[key];
+    }
+    return { claims, rest };
+};
+exports.extractDomainClaims = extractDomainClaims;
+exports.DOMAIN_CLAIM_KEYS = {
+    ...FIELD_KEYS,
+    ...RFC8693_KEYS,
+    ...POP_KEYS,
+};
+//# sourceMappingURL=extract-claims.js.map

package/dist/internal/utils/extract-claims.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extract-claims.js","sourceRoot":"","sources":["../../../src/internal/utils/extract-claims.ts"],"names":[],"mappings":";;;AAAA,oCAAoE;AAEpE,0CAAiD;AAgCjD,MAAM,UAAU,GAA0C;IAExD,OAAO,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;IAC3B,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,QAAQ,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC;IAC7B,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,MAAM,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;IACzB,QAAQ,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC;IAC7B,OAAO,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;IAG3B,eAAe,EAAE,CAAC,iBAAiB,EAAE,SAAS,CAAC;IAC/C,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,KAAK,CAAC;IAC7C,WAAW,EAAE,CAAC,aAAa,EAAE,KAAK,CAAC;IACnC,eAAe,EAAE,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAC3C,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;IACnC,QAAQ,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;IAChC,KAAK,EAAE,CAAC,OAAO,CAAC;IAChB,SAAS,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC;IAGlC,YAAY,EAAE,CAAC,cAAc,CAAC;IAC9B,MAAM,EAAE,CAAC,QAAQ,CAAC;IAClB,KAAK,EAAE,CAAC,OAAO,CAAC;IAGhB,mBAAmB,EAAE,CAAC,qBAAqB,EAAE,KAAK,CAAC;IACnD,UAAU,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC;IACjC,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;IACnC,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,KAAK,CAAC;IAC7C,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,KAAK,EAAE,CAAC,OAAO,CAAC;IAChB,WAAW,EAAE,CAAC,aAAa,EAAE,KAAK,CAAC;IACnC,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,WAAW,EAAE,CAAC,aAAa,EAAE,KAAK,CAAC;IACnC,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;CACpC,CAAC;AAIF,MAAM,YAAY,GAAG;IACnB,GAAG,EAAE,CAAC,KAAK,CAAC;IACZ,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;CACrB,CAAC;AAEX,MAAM,QAAQ,GAAG;IACf,YAAY,EAAE,CAAC,cAAc,EAAE,KAAK,CAAC;CAC7B,CAAC;AAEX,MAAM,MAAM,GAAG,CAAC,KAAc,EAAoB,EAAE;IAClD,IAAI,KAAK,YAAY,IAAI;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC;QAAE,OAAO,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IACnD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,KAAc,EAA6B,EAAE;IAClE,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC;QAAE,OAAO,KAAsB,CAAC;IAClD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,KAAc,EAA6B,EAAE;IAC/D,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC;QAAE,OAAO,KAAsB,CAAC;IAClD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC;QAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAIF,MAAM,UAAU,GAAG,CAAC,KAAc,EAAwB,EAAE;IAC1D,IAAI,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACvC,MAAM,CAAC,GAAG,KAAK,CAAC;IAChB,MAAM,MAAM,GAAa,IAAA,uBAAe,EAAC;QACvC,OAAO,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9E,MAAM,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC3E,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC;QACzC,QAAQ,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,QAAQ,CAAC;YAC5B,CAAC,CAAC,CAAC,CAAC,QAAQ;YACZ,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,SAAS,CAAC;gBACrB,CAAC,CAAC,CAAC,CAAC,SAAS;gBACb,CAAC,CAAC,SAAS;QACf,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC;KACvB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7D,CAAC,CAAC;AAKF,MAAM,cAAc,GAAG,CAAC,KAAc,EAAiC,EAAE;IACvE,IAAI,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACvC,MAAM,CAAC,GAAG,KAAK,CAAC;IAChB,MAAM,MAAM,GAAsB,IAAA,uBAAe,EAAC;QAChD,UAAU,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,UAAU,CAAC;YAChC,CAAC,CAAC,CAAC,CAAC,UAAU;YACd,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,GAAG,CAAC;gBACf,CAAC,CAAC,CAAC,CAAC,GAAG;gBACP,CAAC,CAAC,SAAS;QACf,kBAAkB,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,kBAAkB,CAAC;YAChD,CAAC,CAAC,CAAC,CAAC,kBAAkB;YACtB,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,UAAU,CAAC,CAAC;gBACvB,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;gBACf,CAAC,CAAC,SAAS;QACf,GAAG,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,GAAG,CAAC;YAClB,CAAC,CAAE,CAAC,CAAC,GAAgC;YACrC,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,GAAG,CAAC;gBACf,CAAC,CAAE,CAAC,CAAC,GAAgC;gBACrC,CAAC,CAAC,SAAS;QACf,KAAK,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACxE,SAAS,EAAE,IAAA,aAAQ,EAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;KACrF,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7D,CAAC,CAAC;AAcK,MAAM,mBAAmB,GAAG,CAAC,KAAW,EAAuB,EAAE;IACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,MAAM,OAAO,GAAG,CAAC,IAA2B,EAAW,EAAE;QACvD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,GAAG,IAAI,KAAK,EAAE,CAAC;gBACjB,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IAGF,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAEhD,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,mBAAmB,GAAG,OAAO,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE9C,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAEpD,MAAM,MAAM,GAAiB,IAAA,uBAAe,EAAC;QAE3C,OAAO,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAChD,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;QAC5B,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;QAC1B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;QAC5B,MAAM,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC7C,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC;QAC9B,OAAO,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAGhD,eAAe,EAAE,IAAA,aAAQ,EAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QACxE,gBAAgB,EAAE,IAAA,aAAQ,EAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC3E,WAAW,EAAE,IAAA,YAAO,EAAC,WAAW,CAAC,CAAC,CAAC,CAAE,WAA6B,CAAC,CAAC,CAAC,SAAS;QAC9E,eAAe,EAAE,IAAA,aAAQ,EAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QACxE,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;QAC1B,QAAQ,EAAE,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACnD,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1C,SAAS,EAAE,IAAA,aAAQ,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAGtD,YAAY,EAAE,cAAc,CAAC,YAAY,CAAC;QAG1C,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC;QACpB,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC;QAG1B,YAAY,EAAE,IAAA,YAAO,EAAC,YAAY,CAAC,CAAC,CAAC,CAAE,YAA8B,CAAC,CAAC,CAAC,SAAS;QACjF,MAAM,EAAE,IAAA,YAAO,EAAC,MAAM,CAAC,CAAC,CAAC,CAAE,MAAwB,CAAC,CAAC,CAAC,SAAS;QAC/D,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC;QAG3B,mBAAmB,EAAE,IAAA,aAAQ,EAAsB,mBAAmB,CAAC;YACrE,CAAC,CAAC,mBAAmB;YACrB,CAAC,CAAC,SAAS;QACb,UAAU,EAAE,IAAA,YAAO,EAAC,UAAU,CAAC,CAAC,CAAC,CAAE,UAA4B,CAAC,CAAC,CAAC,SAAS;QAC3E,QAAQ,EAAE,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACnD,SAAS,EAAE,IAAA,aAAQ,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACtD,gBAAgB,EAAE,IAAA,aAAQ,EAAmB,gBAAgB,CAAC;YAC5D,CAAC,CAAC,gBAAgB;YAClB,CAAC,CAAC,SAAS;QACb,WAAW,EAAE,aAAa,CAAC,WAAW,CAAC;QACvC,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC;QAC3B,WAAW,EAAE,IAAA,aAAQ,EAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC5D,SAAS,EAAE,IAAA,aAAQ,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACtD,WAAW,EAAE,IAAA,aAAQ,EAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC5D,QAAQ,EAAE,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACpD,CAAC,CAAC;IAGH,MAAM,IAAI,GAAS,EAAE,CAAC;IACtB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC,CAAC;AA5GW,QAAA,mBAAmB,uBA4G9B;AAIW,QAAA,iBAAiB,GAAoD;IAChF,GAAG,UAAU;IACb,GAAG,YAAY;IACf,GAAG,QAAQ;CACZ,CAAC"}

package/dist/internal/utils/extract-token-delegation.d.ts

@@ -0,0 +1,6 @@
+import { ActClaimWire } from "../../types/claims/jwt/act-claim-wire";
+import { TokenDelegation } from "../../types/jwt/jwt-delegation";
+export declare const extractTokenDelegation: (payload: {
+    act?: ActClaimWire;
+}) => TokenDelegation;
+//# sourceMappingURL=extract-token-delegation.d.ts.map

package/dist/internal/utils/extract-token-delegation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extract-token-delegation.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/extract-token-delegation.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAmBjE,eAAO,MAAM,sBAAsB,GAAI,SAAS;IAC9C,GAAG,CAAC,EAAE,YAAY,CAAC;CACpB,KAAG,eAOH,CAAC"}

package/dist/internal/utils/extract-token-delegation.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractTokenDelegation = void 0;
+const utils_1 = require("@lindorm/utils");
+const walkActChain = (act) => {
+    const chain = [];
+    let current = act;
+    while (current) {
+        chain.push((0, utils_1.removeUndefined)({
+            subject: current.sub,
+            issuer: current.iss,
+            audience: current.aud,
+            clientId: current.client_id,
+        }));
+        current = current.act;
+    }
+    return chain;
+};
+const extractTokenDelegation = (payload) => {
+    const actorChain = walkActChain(payload.act);
+    return {
+        currentActor: actorChain[0]?.subject,
+        actorChain,
+        isDelegated: actorChain.length > 0,
+    };
+};
+exports.extractTokenDelegation = extractTokenDelegation;
+//# sourceMappingURL=extract-token-delegation.js.map

package/dist/internal/utils/extract-token-delegation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extract-token-delegation.js","sourceRoot":"","sources":["../../../src/internal/utils/extract-token-delegation.ts"],"names":[],"mappings":";;;AAAA,0CAAiD;AAKjD,MAAM,YAAY,GAAG,CAAC,GAA6B,EAAmB,EAAE;IACtE,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,IAAI,OAAO,GAAG,GAAG,CAAC;IAClB,OAAO,OAAO,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CACR,IAAA,uBAAe,EAAC;YACd,OAAO,EAAE,OAAO,CAAC,GAAG;YACpB,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,QAAQ,EAAE,OAAO,CAAC,GAAG;YACrB,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC,CACH,CAAC;QACF,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEK,MAAM,sBAAsB,GAAG,CAAC,OAEtC,EAAmB,EAAE;IACpB,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,OAAO;QACL,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,OAAO;QACpC,UAAU;QACV,WAAW,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;KACnC,CAAC;AACJ,CAAC,CAAC;AATW,QAAA,sBAAsB,0BASjC"}

package/dist/internal/utils/generate-token-id.d.ts

@@ -0,0 +1,2 @@
+export declare const generateTokenId: () => string;
+//# sourceMappingURL=generate-token-id.d.ts.map

package/dist/internal/utils/generate-token-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-token-id.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/generate-token-id.ts"],"names":[],"mappings":"AA+BA,eAAO,MAAM,eAAe,QAAO,MAA2C,CAAC"}

package/dist/internal/utils/generate-token-id.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateTokenId = void 0;
+const b64_1 = require("@lindorm/b64");
+const crypto_1 = require("crypto");
+const format_1 = require("../constants/format");
+const generateTokenId = () => b64_1.B64.encode((0, crypto_1.randomBytes)(15), format_1.B64U);
+exports.generateTokenId = generateTokenId;
+//# sourceMappingURL=generate-token-id.js.map

package/dist/internal/utils/generate-token-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-token-id.js","sourceRoot":"","sources":["../../../src/internal/utils/generate-token-id.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,mCAAqC;AACrC,gDAA2C;AA6BpC,MAAM,eAAe,GAAG,GAAW,EAAE,CAAC,SAAG,CAAC,MAAM,CAAC,IAAA,oBAAW,EAAC,EAAE,CAAC,EAAE,aAAI,CAAC,CAAC;AAAlE,QAAA,eAAe,mBAAmD"}

package/dist/internal/utils/jose-header.d.ts

@@ -1,4 +1,4 @@
-import { DecodedTokenHeader, TokenHeaderOptions } from "../../types";
-export declare const encodeJoseHeader: (options: TokenHeaderOptions) => string;
+import { CertificateHeaderFields, DecodedTokenHeader, TokenHeaderOptions } from "../../types";
+export declare const encodeJoseHeader: (options: TokenHeaderOptions, cert?: CertificateHeaderFields) => string;
 export declare const decodeJoseHeader: (header: string) => DecodedTokenHeader;
 //# sourceMappingURL=jose-header.d.ts.map

package/dist/internal/utils/jose-header.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jose-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAqB,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGxF,eAAO,MAAM,gBAAgB,GAAI,SAAS,kBAAkB,KAAG,MAgC9D,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,QAAQ,MAAM,KAAG,kBAcjD,CAAC"}
+{"version":3,"file":"jose-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAElB,kBAAkB,EACnB,MAAM,aAAa,CAAC;AAGrB,eAAO,MAAM,gBAAgB,GAC3B,SAAS,kBAAkB,EAC3B,OAAO,uBAAuB,KAC7B,MA6BF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,QAAQ,MAAM,KAAG,kBAsBjD,CAAC"}

package/dist/internal/utils/jose-header.js

@@ -5,7 +5,7 @@ const b64_1 = require("@lindorm/b64");
 const format_1 = require("../constants/format");
 const header_1 = require("../constants/header");
 const token_header_1 = require("./token-header");
-const encodeJoseHeader = (options) => {
+const encodeJoseHeader = (options, cert) => {
     if (!options.algorithm) {
         throw new Error("Algorithm is required");
     }
@@ -15,13 +15,10 @@ const encodeJoseHeader = (options) => {
     if (!options.headerType) {
         throw new Error("Header type is required");
     }
-    if (!header_1.TOKEN_HEADER_TYPES.includes(options.headerType)) {
-        throw new Error(`Invalid header type: ${options.headerType}`);
-    }
     if (!options.keyId) {
         throw new Error("Key ID is required");
     }
-    const raw = (0, token_header_1.mapTokenHeader)(options);
+    const raw = (0, token_header_1.mapTokenHeader)(options, cert);
     const claims = {
         ...raw,
         alg: options.algorithm,
@@ -38,6 +35,9 @@ const decodeJoseHeader = (header) => {
     if (!json.alg || typeof json.alg !== "string") {
         throw new Error("Missing or invalid token header: alg");
     }
+    if (!header_1.TOKEN_HEADER_ALGORITHMS.includes(json.alg)) {
+        throw new Error(`Unsupported algorithm: ${json.alg}`);
+    }
     if (json.typ !== undefined && typeof json.typ !== "string") {
         throw new Error("Invalid token header: typ must be a string");
     }

package/dist/internal/utils/jose-header.js.map

@@ -1 +1 @@
-{"version":3,"file":"jose-header.js","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,gDAA2C;AAC3C,gDAAkF;AAElF,iDAAgD;AAEzC,MAAM,gBAAgB,GAAG,CAAC,OAA2B,EAAU,EAAE;IACtE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,gCAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,sBAAsB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,2BAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,6BAAc,EAAC,OAAO,CAAC,CAAC;IAMpC,MAAM,MAAM,GAAsB;QAChC,GAAG,GAAG;QACN,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACpD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;IAEF,OAAO,SAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,aAAI,CAAC,CAAC;AAClD,CAAC,CAAC;AAhCW,QAAA,gBAAgB,oBAgC3B;AAEK,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAsB,EAAE;IACrE,MAAM,MAAM,GAAG,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA+B,CAAC;IAE9D,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAGD,OAAO,IAA0B,CAAC;AACpC,CAAC,CAAC;AAdW,QAAA,gBAAgB,oBAc3B"}
+{"version":3,"file":"jose-header.js","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,gDAA2C;AAC3C,gDAA8D;AAO9D,iDAAgD;AAEzC,MAAM,gBAAgB,GAAG,CAC9B,OAA2B,EAC3B,IAA8B,EACtB,EAAE;IACV,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,gCAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,sBAAsB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,6BAAc,EAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAM1C,MAAM,MAAM,GAAsB;QAChC,GAAG,GAAG;QACN,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACpD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;IAEF,OAAO,SAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,aAAI,CAAC,CAAC;AAClD,CAAC,CAAC;AAhCW,QAAA,gBAAgB,oBAgC3B;AAEK,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAsB,EAAE;IACrE,MAAM,MAAM,GAAG,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA+B,CAAC;IAE9D,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAMD,IAAI,CAAE,gCAAiD,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAGD,OAAO,IAA0B,CAAC;AACpC,CAAC,CAAC;AAtBW,QAAA,gBAAgB,oBAsB3B"}

package/dist/internal/utils/jwt-payload.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAKtC,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG1F,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAAG,CAAC,CAAC;AAEzD,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACzD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,SAyEF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACpD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,MAUF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC3D,SAAS,MAAM,KACd,YAAY,CAAC,CAAC,CAAyD,CAAC;AAE3E,eAAO,MAAM,iBAAiB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC5D,SAAS,YAAY,CAAC,CAAC,CAAC,KACvB,gBAAgB,CAAC,CAAC,CA4EpB,CAAC"}
+{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAItC,OAAO,EAGL,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,cAAc,EACf,MAAM,aAAa,CAAC;AAMrB,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAAG,CAAC,CAAC;AAEzD,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAWF,eAAO,MAAM,qBAAqB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACzD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,SAoFF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACpD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,MAgBF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC3D,SAAS,MAAM,KACd,YAAY,CAAC,CAAC,CAAyD,CAAC;AAE3E,eAAO,MAAM,iBAAiB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC5D,SAAS,YAAY,CAAC,CAAC,CAAC,KACvB,gBAAgB,CAAC,CAAC,CAoCpB,CAAC"}

package/dist/internal/utils/jwt-payload.js

@@ -2,13 +2,23 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseTokenPayload = exports.decodeJwtPayload = exports.encodeJwtPayload = exports.mapJwtContentToClaims = void 0;
 const b64_1 = require("@lindorm/b64");
+const case_1 = require("@lindorm/case");
 const date_1 = require("@lindorm/date");
 const is_1 = require("@lindorm/is");
 const utils_1 = require("@lindorm/utils");
-const crypto_1 = require("crypto");
 const format_1 = require("../constants/format");
 const errors_1 = require("../../errors");
 const create_hash_1 = require("./create-hash");
+const extract_aegis_profile_1 = require("./extract-aegis-profile");
+const extract_claims_1 = require("./extract-claims");
+const generate_token_id_1 = require("./generate-token-id");
+const actClaimToWire = (claim) => (0, utils_1.removeUndefined)({
+    sub: claim.subject,
+    iss: claim.issuer,
+    aud: claim.audience,
+    client_id: claim.clientId,
+    act: (0, is_1.isObject)(claim.act) ? actClaimToWire(claim.act) : undefined,
+});
 const mapJwtContentToClaims = (config, content, options) => {
     if (!(0, is_1.isString)(config.algorithm)) {
         throw new errors_1.JwtError("Algorithm is required");
@@ -22,9 +32,6 @@ const mapJwtContentToClaims = (config, content, options) => {
     if (!(0, is_1.isString)(content.subject)) {
         throw new errors_1.JwtError("Subject is required");
     }
-    if (!(0, is_1.isString)(content.tokenType)) {
-        throw new errors_1.JwtError("Token type is required");
-    }
     const { expiresOn } = (0, date_1.expires)(content.expires);
     const at_hash = (0, is_1.isString)(options.accessTokenHash)
         ? options.accessTokenHash
@@ -41,20 +48,34 @@ const mapJwtContentToClaims = (config, content, options) => {
         : (0, is_1.isString)(content.authState)
             ? (0, create_hash_1.createStateHash)(config.algorithm, content.authState)
             : undefined;
-    const tokenId = (0, is_1.isString)(options.tokenId) ? options.tokenId : (0, crypto_1.randomUUID)();
+    const tokenId = (0, is_1.isString)(options.tokenId) ? options.tokenId : (0, generate_token_id_1.generateTokenId)();
+    const cnf = (0, is_1.isObject)(content.confirmation)
+        ? (0, utils_1.removeUndefined)({
+            jkt: content.confirmation.thumbprint,
+            "x5t#S256": content.confirmation.mtlsCertThumbprint,
+            jwk: content.confirmation.key,
+            kid: content.confirmation.keyId,
+            jku: content.confirmation.jwkSetUri,
+        })
+        : undefined;
     return (0, utils_1.removeUndefined)({
         aal: (0, is_1.isFinite)(content.adjustedAccessLevel) ? content.adjustedAccessLevel : undefined,
         acr: (0, is_1.isString)(content.authContextClass) ? content.authContextClass : undefined,
-        afr: (0, is_1.isString)(content.authFactor) ? content.authFactor : undefined,
+        act: (0, is_1.isObject)(content.act) ? actClaimToWire(content.act) : undefined,
+        afr: (0, is_1.isArray)(content.authFactor) ? content.authFactor : undefined,
         amr: (0, is_1.isArray)(content.authMethods) ? content.authMethods : undefined,
         at_hash,
         aud: (0, is_1.isArray)(content.audience) ? content.audience : undefined,
         auth_time: (0, is_1.isDate)(content.authTime) ? (0, date_1.getUnixTime)(content.authTime) : undefined,
         azp: (0, is_1.isString)(content.authorizedParty) ? content.authorizedParty : undefined,
         c_hash,
-        cid: (0, is_1.isString)(content.clientId) ? content.clientId : undefined,
+        client_id: (0, is_1.isString)(content.clientId) ? content.clientId : undefined,
+        cnf: cnf && Object.keys(cnf).length > 0 ? cnf : undefined,
+        entitlements: (0, is_1.isArray)(content.entitlements) ? content.entitlements : undefined,
         exp: expiresOn,
+        groups: (0, is_1.isArray)(content.groups) ? content.groups : undefined,
         gty: (0, is_1.isString)(content.grantType) ? content.grantType : undefined,
+        may_act: (0, is_1.isObject)(content.mayAct) ? actClaimToWire(content.mayAct) : undefined,
         iat: (0, is_1.isDate)(options.issuedAt)
             ? (0, date_1.getUnixTime)(options.issuedAt)
             : (0, date_1.getUnixTime)(new Date()),
@@ -65,23 +86,23 @@ const mapJwtContentToClaims = (config, content, options) => {
             ? (0, date_1.getUnixTime)(content.notBefore)
             : (0, date_1.getUnixTime)(new Date()),
         nonce: (0, is_1.isString)(content.nonce) ? content.nonce : undefined,
-        per: (0, is_1.isArray)(content.permissions) ? content.permissions : undefined,
-        rls: (0, is_1.isArray)(content.roles) ? content.roles : undefined,
+        permissions: (0, is_1.isArray)(content.permissions) ? content.permissions : undefined,
+        roles: (0, is_1.isArray)(content.roles) ? content.roles : undefined,
         s_hash,
         scope: (0, is_1.isArray)(content.scope) ? content.scope : undefined,
         sid: (0, is_1.isString)(content.sessionId) ? content.sessionId : undefined,
         sih: (0, is_1.isString)(content.sessionHint) ? content.sessionHint : undefined,
         sub: content.subject,
         suh: (0, is_1.isString)(content.subjectHint) ? content.subjectHint : undefined,
-        tid: (0, is_1.isString)(content.tenantId) ? content.tenantId : undefined,
-        token_type: content.tokenType,
+        tenant_id: (0, is_1.isString)(content.tenantId) ? content.tenantId : undefined,
     });
 };
 exports.mapJwtContentToClaims = mapJwtContentToClaims;
 const encodeJwtPayload = (config, content, options) => {
     const claims = (0, exports.mapJwtContentToClaims)(config, content, options);
     const { expiresAt, expiresIn, expiresOn } = (0, date_1.expires)(content.expires);
-    const payload = b64_1.B64.encode(JSON.stringify({ ...claims, ...(content.claims ?? {}) }), format_1.B64U);
+    const profileWire = (0, is_1.isObject)(content.profile) ? (0, case_1.snakeKeys)(content.profile) : {};
+    const payload = b64_1.B64.encode(JSON.stringify({ ...claims, ...profileWire, ...(content.claims ?? {}) }), format_1.B64U);
     return { expiresAt, expiresIn, expiresOn, payload, tokenId: claims.jti };
 };
 exports.encodeJwtPayload = encodeJwtPayload;
@@ -97,38 +118,24 @@ const parseTokenPayload = (decoded) => {
     if (!(0, is_1.isString)(decoded.iss)) {
         throw new errors_1.JwtError("Missing claim: iss");
     }
-    const { aal, acr, afr, amr, at_hash, aud, auth_time, azp, c_hash, cid, exp, gty, iat, iss, jti, loa, nbf, nonce, per, rls, s_hash, scope, sid, sih, sub, suh, tid, token_type, ...rest } = decoded;
-    const claims = ((0, is_1.isObject)(rest) ? rest : {});
+    const { claims: domain, rest } = (0, extract_claims_1.extractDomainClaims)(decoded);
+    const { profile, rest: customClaims } = (0, extract_aegis_profile_1.extractAegisProfile)(rest);
     return (0, utils_1.removeUndefined)({
-        accessTokenHash: at_hash,
-        adjustedAccessLevel: aal,
-        audience: aud ?? [],
-        authContextClass: acr,
-        authFactor: afr,
-        authMethods: amr ?? [],
-        authorizedParty: azp,
-        authTime: auth_time ? new Date(auth_time * 1000) : undefined,
-        clientId: cid,
-        codeHash: c_hash,
-        expiresAt: exp ? new Date(exp * 1000) : undefined,
-        grantType: gty,
-        issuedAt: iat ? new Date(iat * 1000) : undefined,
-        issuer: iss,
-        levelOfAssurance: loa,
-        nonce,
-        notBefore: nbf ? new Date(nbf * 1000) : undefined,
-        permissions: (0, is_1.isArray)(per) ? per : (0, is_1.isString)(per) ? [per] : [],
-        roles: (0, is_1.isArray)(rls) ? rls : (0, is_1.isString)(rls) ? [rls] : [],
-        scope: (0, is_1.isArray)(scope) ? scope : (0, is_1.isString)(scope) ? [scope] : [],
-        sessionHint: sih,
-        sessionId: sid,
-        stateHash: s_hash,
-        subject: sub ? sub : "unknown",
-        subjectHint: suh,
-        tenantId: tid,
-        tokenId: jti ? jti : "unknown",
-        tokenType: token_type ? token_type : "unknown",
-        claims,
+        ...domain,
+        issuer: domain.issuer,
+        expiresAt: domain.expiresAt,
+        issuedAt: domain.issuedAt,
+        audience: domain.audience ?? [],
+        authMethods: domain.authMethods ?? [],
+        entitlements: domain.entitlements ?? [],
+        groups: domain.groups ?? [],
+        permissions: domain.permissions ?? [],
+        roles: domain.roles ?? [],
+        scope: domain.scope ?? [],
+        subject: domain.subject ?? "unknown",
+        tokenId: domain.tokenId ?? "unknown",
+        profile,
+        claims: customClaims,
     });
 };
 exports.parseTokenPayload = parseTokenPayload;

package/dist/internal/utils/jwt-payload.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,wCAAqD;AACrD,oCAAuF;AAGvF,0CAAiD;AACjD,mCAAoC;AACpC,gDAA2C;AAC3C,yCAAwC;AAExC,+CAAuF;AAiBhF,MAAM,qBAAqB,GAAG,CACnC,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACZ,EAAE;IACb,IAAI,CAAC,IAAA,aAAQ,EAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,IAAA,cAAS,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,iBAAQ,CAAC,wBAAwB,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,OAAO,CAAC,eAAe;QACzB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC;YAC7B,CAAC,CAAC,IAAA,mCAAqB,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC;YAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC,CAAC,IAAA,4BAAc,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;QACxC,CAAC,CAAC,OAAO,CAAC,SAAS;QACnB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;YAC3B,CAAC,CAAC,IAAA,6BAAe,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,mBAAU,GAAE,CAAC;IAE3E,OAAO,IAAA,uBAAe,EAAC;QACrB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAClE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,OAAO;QACP,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7D,SAAS,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM;QACN,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC9D,GAAG,EAAE,SAAS;QACd,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC3B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1D,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACvD,MAAM;QACN,KAAK,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC9D,UAAU,EAAE,OAAO,CAAC,SAAS;KAC9B,CAAC,CAAC;AACL,CAAC,CAAC;AA7EW,QAAA,qBAAqB,yBA6EhC;AAEK,MAAM,gBAAgB,GAAG,CAC9B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,MAAM,MAAM,GAAG,IAAA,6BAAqB,EAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAErE,MAAM,OAAO,GAAG,SAAG,CAAC,MAAM,CACxB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,EACxD,aAAI,CACL,CAAC;IAEF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,GAAI,EAAE,CAAC;AAC5E,CAAC,CAAC;AAdW,QAAA,gBAAgB,oBAc3B;AAEK,MAAM,gBAAgB,GAAG,CAC9B,OAAe,EACE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAC;AAF9D,QAAA,gBAAgB,oBAE8C;AAEpE,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACH,EAAE;IACvB,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,EACJ,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,OAAO,EACP,GAAG,EACH,SAAS,EACT,GAAG,EACH,MAAM,EACN,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,KAAK,EACL,GAAG,EACH,GAAG,EACH,MAAM,EACN,KAAK,EACL,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,UAAU,EACV,GAAG,IAAI,EACR,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAM,CAAC;IAEjD,OAAO,IAAA,uBAAe,EAAC;QACrB,eAAe,EAAE,OAAO;QACxB,mBAAmB,EAAE,GAAG;QACxB,QAAQ,EAAE,GAAG,IAAI,EAAE;QACnB,gBAAgB,EAAE,GAAG;QACrB,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,GAAG,IAAI,EAAE;QACtB,eAAe,EAAE,GAAG;QACpB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5D,QAAQ,EAAE,GAAG;QACb,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,SAAS,EAAE,GAAG;QACd,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAChD,MAAM,EAAE,GAAG;QACX,gBAAgB,EAAE,GAAG;QACrB,KAAK;QACL,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,WAAW,EAAE,IAAA,YAAO,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QAC5D,KAAK,EAAE,IAAA,YAAO,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QACtD,KAAK,EAAE,IAAA,YAAO,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9D,WAAW,EAAE,GAAG;QAChB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9B,WAAW,EAAE,GAAG;QAChB,QAAQ,EAAE,GAAG;QACb,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9B,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAC9C,MAAM;KACP,CAAC,CAAC;AACL,CAAC,CAAC;AA9EW,QAAA,iBAAiB,qBA8E5B"}
+{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,wCAA0C;AAC1C,wCAAqD;AACrD,oCAAuF;AAGvF,0CAAiD;AACjD,gDAA2C;AAC3C,yCAAwC;AASxC,+CAAuF;AACvF,mEAA8D;AAC9D,qDAAuD;AACvD,2DAAsD;AAiBtD,MAAM,cAAc,GAAG,CAAC,KAAe,EAAgB,EAAE,CACvD,IAAA,uBAAe,EAAC;IACd,GAAG,EAAE,KAAK,CAAC,OAAO;IAClB,GAAG,EAAE,KAAK,CAAC,MAAM;IACjB,GAAG,EAAE,KAAK,CAAC,QAAQ;IACnB,SAAS,EAAE,KAAK,CAAC,QAAQ;IACzB,GAAG,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;CACjE,CAAC,CAAC;AAEE,MAAM,qBAAqB,GAAG,CACnC,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACZ,EAAE;IACb,IAAI,CAAC,IAAA,aAAQ,EAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,IAAA,cAAS,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,OAAO,CAAC,eAAe;QACzB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC;YAC7B,CAAC,CAAC,IAAA,mCAAqB,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC;YAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC,CAAC,IAAA,4BAAc,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;QACxC,CAAC,CAAC,OAAO,CAAC,SAAS;QACnB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;YAC3B,CAAC,CAAC,IAAA,6BAAe,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,mCAAe,GAAE,CAAC;IAEhF,MAAM,GAAG,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,YAAY,CAAC;QACxC,CAAC,CAAC,IAAA,uBAAe,EAAC;YACd,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,UAAU;YACpC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,kBAAkB;YACnD,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG;YAC7B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK;YAC/B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,SAAS;SACpC,CAAC;QACJ,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,IAAA,uBAAe,EAAC;QACrB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QACjE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,OAAO;QACP,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7D,SAAS,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM;QACN,SAAS,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACzD,YAAY,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,SAAS;QACd,MAAM,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC5D,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,OAAO,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC3B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1D,WAAW,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC3E,KAAK,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,MAAM;QACN,KAAK,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,SAAS,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC,CAAC;AACL,CAAC,CAAC;AAxFW,QAAA,qBAAqB,yBAwFhC;AAEK,MAAM,gBAAgB,GAAG,CAC9B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,MAAM,MAAM,GAAG,IAAA,6BAAqB,EAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAMrE,MAAM,WAAW,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAA,gBAAS,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhF,MAAM,OAAO,GAAG,SAAG,CAAC,MAAM,CACxB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,GAAG,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,EACxE,aAAI,CACL,CAAC;IAEF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,GAAI,EAAE,CAAC;AAC5E,CAAC,CAAC;AApBW,QAAA,gBAAgB,oBAoB3B;AAEK,MAAM,gBAAgB,GAAG,CAC9B,OAAe,EACE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAC;AAF9D,QAAA,gBAAgB,oBAE8C;AAEpE,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACH,EAAE;IACvB,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,IAAA,oCAAmB,EAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,2CAAmB,EAAC,IAAI,CAAC,CAAC;IAIlE,OAAO,IAAA,uBAAe,EAAC;QACrB,GAAG,MAAM;QAET,MAAM,EAAE,MAAM,CAAC,MAAO;QACtB,SAAS,EAAE,MAAM,CAAC,SAAU;QAC5B,QAAQ,EAAE,MAAM,CAAC,QAAS;QAE1B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;QACvC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QACzB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QAEzB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO;QACP,MAAM,EAAE,YAAiB;KAC1B,CAAC,CAAC;AACL,CAAC,CAAC;AAtCW,QAAA,iBAAiB,qBAsC5B"}

package/dist/internal/utils/jwt-verify.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAa,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAwD1D,eAAO,MAAM,eAAe,GAC1B,WAAW,gBAAgB,EAC3B,QAAQ,gBAAgB,EACxB,gBAAgB,MAAM,KACrB,SAAS,CAAC,IAAI,CAoDhB,CAAC"}
+{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAa,gBAAgB,EAAE,MAAM,aAAa,CAAC;AA0D1D,eAAO,MAAM,eAAe,GAC1B,WAAW,gBAAgB,EAC3B,QAAQ,gBAAgB,EACxB,gBAAgB,MAAM,KACrB,SAAS,CAAC,IAAI,CAkFhB,CAAC"}

package/dist/internal/utils/jwt-verify.js

@@ -27,9 +27,13 @@ const mapVerify = (key) => {
         case "authTime":
             return "auth_time";
         case "clientId":
-            return "cid";
+            return "client_id";
+        case "entitlements":
+            return "entitlements";
         case "grantType":
             return "gty";
+        case "groups":
+            return "groups";
         case "issuer":
             return "iss";
         case "levelOfAssurance":
@@ -37,9 +41,9 @@ const mapVerify = (key) => {
         case "nonce":
             return "nonce";
         case "permissions":
-            return "per";
+            return "permissions";
         case "roles":
-            return "rls";
+            return "roles";
         case "scope":
             return "scope";
         case "sessionHint":
@@ -49,9 +53,7 @@ const mapVerify = (key) => {
         case "subjectHint":
             return "suh";
         case "tenantId":
-            return "tid";
-        case "tokenType":
-            return "token_type";
+            return "tenant_id";
         default:
             throw new Error(`Unsupported key: ${key} for JWT verification`);
     }
@@ -71,7 +73,25 @@ const createJwtVerify = (algorithm, verify, clockTolerance) => {
             $or: [{ $exists: false }, { $lte: (0, date_1.addSeconds)(new Date(), clockTolerance) }],
         },
     };
+    const ARRAY_CLAIM_KEYS = new Set([
+        "aud",
+        "amr",
+        "afr",
+        "scope",
+        "roles",
+        "permissions",
+        "groups",
+        "entitlements",
+    ]);
     for (const [key, value] of Object.entries(verify)) {
+        if (key === "tokenType")
+            continue;
+        if (key === "actor")
+            continue;
+        if (key === "dpopProof")
+            continue;
+        if (key === "trustBoundThumbprint")
+            continue;
         const mapped = mapVerify(key);
         if (mapped === "at_hash" && (0, is_1.isString)(value)) {
             predicate[mapped] = { $eq: (0, create_hash_1.createAccessTokenHash)(algorithm, value) };
@@ -94,6 +114,10 @@ const createJwtVerify = (algorithm, verify, clockTolerance) => {
             continue;
         }
         if ((0, is_1.isString)(value)) {
+            if (ARRAY_CLAIM_KEYS.has(mapped)) {
+                predicate[mapped] = { $all: [value] };
+                continue;
+            }
             predicate[mapped] = { $eq: value };
             continue;
         }