@lindorm/aegis 0.7.1 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/internal/utils/extract-sensitive-identity.d.ts +7 -0
- package/dist/internal/utils/extract-sensitive-identity.d.ts.map +1 -0
- package/dist/internal/utils/extract-sensitive-identity.js +26 -0
- package/dist/internal/utils/extract-sensitive-identity.js.map +1 -0
- package/dist/internal/utils/jwt-payload.d.ts.map +1 -1
- package/dist/internal/utils/jwt-payload.js +13 -2
- package/dist/internal/utils/jwt-payload.js.map +1 -1
- package/dist/types/claims/aegis-profile.d.ts.map +1 -1
- package/dist/types/claims/aegis-sensitive-identity.d.ts +7 -0
- package/dist/types/claims/aegis-sensitive-identity.d.ts.map +1 -0
- package/dist/types/claims/aegis-sensitive-identity.js +2 -0
- package/dist/types/claims/aegis-sensitive-identity.js.map +1 -0
- package/dist/types/claims/auth-method.d.ts +2 -0
- package/dist/types/claims/auth-method.d.ts.map +1 -0
- package/dist/types/claims/auth-method.js +2 -0
- package/dist/types/claims/auth-method.js.map +1 -0
- package/dist/types/claims/index.d.ts +2 -0
- package/dist/types/claims/index.d.ts.map +1 -1
- package/dist/types/claims/index.js +2 -0
- package/dist/types/claims/index.js.map +1 -1
- package/dist/types/claims/jwt/index.d.ts +1 -0
- package/dist/types/claims/jwt/index.d.ts.map +1 -1
- package/dist/types/claims/jwt/index.js +1 -0
- package/dist/types/claims/jwt/index.js.map +1 -1
- package/dist/types/claims/jwt/jwt-claims.d.ts +2 -1
- package/dist/types/claims/jwt/jwt-claims.d.ts.map +1 -1
- package/dist/types/claims/jwt/sensitive-identity-claim-wire.d.ts +10 -0
- package/dist/types/claims/jwt/sensitive-identity-claim-wire.d.ts.map +1 -0
- package/dist/types/claims/jwt/sensitive-identity-claim-wire.js +2 -0
- package/dist/types/claims/jwt/sensitive-identity-claim-wire.js.map +1 -0
- package/dist/types/claims/lindorm-claims.d.ts +3 -2
- package/dist/types/claims/lindorm-claims.d.ts.map +1 -1
- package/dist/types/claims/oidc-claims.d.ts +2 -1
- package/dist/types/claims/oidc-claims.d.ts.map +1 -1
- package/dist/types/jwt/jwt-parse.d.ts +2 -1
- package/dist/types/jwt/jwt-parse.d.ts.map +1 -1
- package/dist/types/jwt/jwt-sign.d.ts +3 -2
- package/dist/types/jwt/jwt-sign.d.ts.map +1 -1
- package/package.json +21 -18
- package/CHANGELOG.md +0 -191
- package/__tests__/jwe-interop.test.ts +0 -332
- package/__tests__/jwt-interop.test.ts +0 -183
- package/vitest.config.mjs +0 -6
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { Dict } from "@lindorm/types";
|
|
2
|
+
import type { AegisSensitiveIdentity } from "../../types/index.js";
|
|
3
|
+
export declare const extractSensitiveIdentity: (data: Dict) => {
|
|
4
|
+
sensitiveIdentity: AegisSensitiveIdentity | undefined;
|
|
5
|
+
rest: Dict;
|
|
6
|
+
};
|
|
7
|
+
//# sourceMappingURL=extract-sensitive-identity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extract-sensitive-identity.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/extract-sensitive-identity.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAmBnE,eAAO,MAAM,wBAAwB,GACnC,MAAM,IAAI,KACT;IAAE,iBAAiB,EAAE,sBAAsB,GAAG,SAAS,CAAC;IAAC,IAAI,EAAE,IAAI,CAAA;CAuBrE,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { camelKeys } from "@lindorm/case";
|
|
2
|
+
import { isObject } from "@lindorm/is";
|
|
3
|
+
const SENSITIVE_IDENTITY_KEYS = [
|
|
4
|
+
"sensitiveIdentity",
|
|
5
|
+
"sensitive_identity",
|
|
6
|
+
];
|
|
7
|
+
export const extractSensitiveIdentity = (data) => {
|
|
8
|
+
const rest = { ...data };
|
|
9
|
+
let raw;
|
|
10
|
+
for (const key of SENSITIVE_IDENTITY_KEYS) {
|
|
11
|
+
if (key in rest) {
|
|
12
|
+
raw = rest[key];
|
|
13
|
+
delete rest[key];
|
|
14
|
+
break;
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
if (!isObject(raw)) {
|
|
18
|
+
return { sensitiveIdentity: undefined, rest };
|
|
19
|
+
}
|
|
20
|
+
const normalised = camelKeys(raw);
|
|
21
|
+
if (Object.keys(normalised).length === 0) {
|
|
22
|
+
return { sensitiveIdentity: undefined, rest };
|
|
23
|
+
}
|
|
24
|
+
return { sensitiveIdentity: normalised, rest };
|
|
25
|
+
};
|
|
26
|
+
//# sourceMappingURL=extract-sensitive-identity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extract-sensitive-identity.js","sourceRoot":"","sources":["../../../src/internal/utils/extract-sensitive-identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAUvC,MAAM,uBAAuB,GAA0B;IACrD,mBAAmB;IACnB,oBAAoB;CACrB,CAAC;AAQF,MAAM,CAAC,MAAM,wBAAwB,GAAG,CACtC,IAAU,EAC6D,EAAE;IACzE,MAAM,IAAI,GAAS,EAAE,GAAG,IAAI,EAAE,CAAC;IAE/B,IAAI,GAAY,CAAC;IACjB,KAAK,MAAM,GAAG,IAAI,uBAAuB,EAAE,CAAC;QAC1C,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;YAChB,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;YAChB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,MAAM;QACR,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,EAAE,iBAAiB,EAAE,UAAoC,EAAE,IAAI,EAAE,CAAC;AAC3E,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAI3C,OAAO,KAAK,EAGV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,cAAc,EACf,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAI3C,OAAO,KAAK,EAGV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,cAAc,EACf,MAAM,sBAAsB,CAAC;AAO9B,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAAG,CAAC,CAAC;AAEzD,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAWF,eAAO,MAAM,qBAAqB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACzD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,SAoFF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACpD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,MA6BF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC3D,SAAS,MAAM,KACd,YAAY,CAAC,CAAC,CAAyD,CAAC;AAE3E,eAAO,MAAM,iBAAiB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC5D,SAAS,YAAY,CAAC,CAAC,CAAC,KACvB,gBAAgB,CAAC,CAAC,CAuCpB,CAAC"}
|
|
@@ -8,6 +8,7 @@ import { JwtError } from "../../errors/index.js";
|
|
|
8
8
|
import { createAccessTokenHash, createCodeHash, createStateHash } from "./create-hash.js";
|
|
9
9
|
import { extractAegisProfile } from "./extract-aegis-profile.js";
|
|
10
10
|
import { extractDomainClaims } from "./extract-claims.js";
|
|
11
|
+
import { extractSensitiveIdentity } from "./extract-sensitive-identity.js";
|
|
11
12
|
import { generateTokenId } from "./generate-token-id.js";
|
|
12
13
|
const actClaimToWire = (claim) => removeUndefined({
|
|
13
14
|
sub: claim.subject,
|
|
@@ -98,7 +99,15 @@ export const encodeJwtPayload = (config, content, options) => {
|
|
|
98
99
|
const claims = mapJwtContentToClaims(config, content, options);
|
|
99
100
|
const { expiresAt, expiresIn, expiresOn } = expires(content.expires);
|
|
100
101
|
const profileWire = isObject(content.profile) ? snakeKeys(content.profile) : {};
|
|
101
|
-
const
|
|
102
|
+
const sensitiveIdentityWire = isObject(content.sensitiveIdentity)
|
|
103
|
+
? { sensitive_identity: snakeKeys(content.sensitiveIdentity) }
|
|
104
|
+
: {};
|
|
105
|
+
const payload = B64.encode(JSON.stringify({
|
|
106
|
+
...claims,
|
|
107
|
+
...profileWire,
|
|
108
|
+
...sensitiveIdentityWire,
|
|
109
|
+
...(content.claims ?? {}),
|
|
110
|
+
}), B64U);
|
|
102
111
|
return { expiresAt, expiresIn, expiresOn, payload, tokenId: claims.jti };
|
|
103
112
|
};
|
|
104
113
|
export const decodeJwtPayload = (payload) => JSON.parse(B64.toString(payload));
|
|
@@ -113,7 +122,8 @@ export const parseTokenPayload = (decoded) => {
|
|
|
113
122
|
throw new JwtError("Missing claim: iss");
|
|
114
123
|
}
|
|
115
124
|
const { claims: domain, rest } = extractDomainClaims(decoded);
|
|
116
|
-
const { profile, rest:
|
|
125
|
+
const { profile, rest: afterProfile } = extractAegisProfile(rest);
|
|
126
|
+
const { sensitiveIdentity, rest: customClaims } = extractSensitiveIdentity(afterProfile);
|
|
117
127
|
return removeUndefined({
|
|
118
128
|
...domain,
|
|
119
129
|
issuer: domain.issuer,
|
|
@@ -129,6 +139,7 @@ export const parseTokenPayload = (decoded) => {
|
|
|
129
139
|
subject: domain.subject ?? "unknown",
|
|
130
140
|
tokenId: domain.tokenId ?? "unknown",
|
|
131
141
|
profile,
|
|
142
|
+
sensitiveIdentity,
|
|
132
143
|
claims: customClaims,
|
|
133
144
|
});
|
|
134
145
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGvF,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AASjD,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC1F,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAiBzD,MAAM,cAAc,GAAG,CAAC,KAAe,EAAgB,EAAE,CACvD,eAAe,CAAC;IACd,GAAG,EAAE,KAAK,CAAC,OAAO;IAClB,GAAG,EAAE,KAAK,CAAC,MAAM;IACjB,GAAG,EAAE,KAAK,CAAC,QAAQ;IACnB,SAAS,EAAE,KAAK,CAAC,QAAQ;IACzB,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;CACjE,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACZ,EAAE;IACb,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,QAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,QAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,QAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,OAAO,CAAC,eAAe;QACzB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC;YAC7B,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC;YAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;QACxC,CAAC,CAAC,OAAO,CAAC,SAAS;QACnB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;YAC3B,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;IAEhF,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC;QACxC,CAAC,CAAC,eAAe,CAAC;YACd,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,UAAU;YACpC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,kBAAkB;YACnD,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG;YAC7B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK;YAC/B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,SAAS;SACpC,CAAC;QACJ,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,eAAe,CAAC;QACrB,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QACjE,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,OAAO;QACP,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7D,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/E,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM;QACN,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACzD,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,SAAS;QACd,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC5D,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC3B,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,WAAW,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,WAAW,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1D,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC3E,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,MAAM;QACN,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAMrE,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGvF,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AASjD,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC1F,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAiBzD,MAAM,cAAc,GAAG,CAAC,KAAe,EAAgB,EAAE,CACvD,eAAe,CAAC;IACd,GAAG,EAAE,KAAK,CAAC,OAAO;IAClB,GAAG,EAAE,KAAK,CAAC,MAAM;IACjB,GAAG,EAAE,KAAK,CAAC,QAAQ;IACnB,SAAS,EAAE,KAAK,CAAC,QAAQ;IACzB,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;CACjE,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACZ,EAAE;IACb,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,QAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,QAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,QAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,OAAO,CAAC,eAAe;QACzB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC;YAC7B,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC;YAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;QACxC,CAAC,CAAC,OAAO,CAAC,SAAS;QACnB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;YAC3B,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;IAEhF,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC;QACxC,CAAC,CAAC,eAAe,CAAC;YACd,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,UAAU;YACpC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,kBAAkB;YACnD,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG;YAC7B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK;YAC/B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,SAAS;SACpC,CAAC;QACJ,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,eAAe,CAAC;QACrB,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QACjE,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,OAAO;QACP,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7D,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/E,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM;QACN,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACzD,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,SAAS;QACd,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC5D,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC3B,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,WAAW,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,WAAW,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1D,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC3E,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,MAAM;QACN,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAMrE,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAMhF,MAAM,qBAAqB,GAAG,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC;QAC/D,CAAC,CAAC,EAAE,kBAAkB,EAAE,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE;QAC9D,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CACxB,IAAI,CAAC,SAAS,CAAC;QACb,GAAG,MAAM;QACT,GAAG,WAAW;QACd,GAAG,qBAAqB;QACxB,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;KAC1B,CAAC,EACF,IAAI,CACL,CAAC;IAEF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,GAAI,EAAE,CAAC;AAC5E,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,OAAe,EACE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAC;AAE3E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACH,EAAE;IACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE,GAC7C,wBAAwB,CAAC,YAAY,CAAC,CAAC;IAIzC,OAAO,eAAe,CAAC;QACrB,GAAG,MAAM;QAET,MAAM,EAAE,MAAM,CAAC,MAAO;QACtB,SAAS,EAAE,MAAM,CAAC,SAAU;QAC5B,QAAQ,EAAE,MAAM,CAAC,QAAS;QAE1B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;QACvC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QACzB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QAEzB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO;QACP,iBAAiB;QACjB,MAAM,EAAE,YAAiB;KAC1B,CAAC,CAAC;AACL,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aegis-profile.d.ts","sourceRoot":"","sources":["../../../src/types/claims/aegis-profile.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"aegis-profile.d.ts","sourceRoot":"","sources":["../../../src/types/claims/aegis-profile.ts"],"names":[],"mappings":"AAyBA,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,cAAc,GAAG,cAAc,CAAC;AAEvE,MAAM,MAAM,YAAY,GAAG;IAEzB,OAAO,CAAC,EAAE,mBAAmB,CAAC;IAG9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAG9B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAGxB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAGzB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,YAAY,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IAC/C,sBAAsB,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACvC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAGzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export type AegisSensitiveIdentity = {
|
|
2
|
+
nationalIdentityNumber?: string | null;
|
|
3
|
+
nationalIdentityNumberVerified?: boolean;
|
|
4
|
+
socialSecurityNumber?: string | null;
|
|
5
|
+
socialSecurityNumberVerified?: boolean;
|
|
6
|
+
};
|
|
7
|
+
//# sourceMappingURL=aegis-sensitive-identity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aegis-sensitive-identity.d.ts","sourceRoot":"","sources":["../../../src/types/claims/aegis-sensitive-identity.ts"],"names":[],"mappings":"AAmBA,MAAM,MAAM,sBAAsB,GAAG;IACnC,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,8BAA8B,CAAC,EAAE,OAAO,CAAC;IACzC,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aegis-sensitive-identity.js","sourceRoot":"","sources":["../../../src/types/claims/aegis-sensitive-identity.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-method.d.ts","sourceRoot":"","sources":["../../../src/types/claims/auth-method.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,UAAU,GAClB,MAAM,GACN,KAAK,GACL,KAAK,GACL,KAAK,GACL,MAAM,GACN,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,QAAQ,GACR,IAAI,GACJ,KAAK,GACL,KAAK,GACL,KAAK,GACL,MAAM,GACN,KAAK,GACL,KAAK,GACL,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-method.js","sourceRoot":"","sources":["../../../src/types/claims/auth-method.ts"],"names":[],"mappings":""}
|
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
export * from "./act-claim.js";
|
|
2
2
|
export * from "./aegis-introspection.js";
|
|
3
3
|
export * from "./aegis-profile.js";
|
|
4
|
+
export * from "./aegis-sensitive-identity.js";
|
|
4
5
|
export * from "./aegis-userinfo.js";
|
|
6
|
+
export * from "./auth-method.js";
|
|
5
7
|
export * from "./confirmation-claim.js";
|
|
6
8
|
export * from "./lindorm-claims.js";
|
|
7
9
|
export * from "./oauth-claims.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/claims/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/claims/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,gBAAgB,CAAC"}
|
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
export * from "./act-claim.js";
|
|
2
2
|
export * from "./aegis-introspection.js";
|
|
3
3
|
export * from "./aegis-profile.js";
|
|
4
|
+
export * from "./aegis-sensitive-identity.js";
|
|
4
5
|
export * from "./aegis-userinfo.js";
|
|
6
|
+
export * from "./auth-method.js";
|
|
5
7
|
export * from "./confirmation-claim.js";
|
|
6
8
|
export * from "./lindorm-claims.js";
|
|
7
9
|
export * from "./oauth-claims.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/claims/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/claims/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,gBAAgB,CAAC"}
|
|
@@ -6,5 +6,6 @@ export * from "./lindorm-claims-wire.js";
|
|
|
6
6
|
export * from "./oauth-claims-wire.js";
|
|
7
7
|
export * from "./oidc-claims-wire.js";
|
|
8
8
|
export * from "./pop-claims-wire.js";
|
|
9
|
+
export * from "./sensitive-identity-claim-wire.js";
|
|
9
10
|
export * from "./std-claims-wire.js";
|
|
10
11
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/types/claims/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/types/claims/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,oCAAoC,CAAC;AACnD,cAAc,sBAAsB,CAAC"}
|
|
@@ -6,5 +6,6 @@ export * from "./lindorm-claims-wire.js";
|
|
|
6
6
|
export * from "./oauth-claims-wire.js";
|
|
7
7
|
export * from "./oidc-claims-wire.js";
|
|
8
8
|
export * from "./pop-claims-wire.js";
|
|
9
|
+
export * from "./sensitive-identity-claim-wire.js";
|
|
9
10
|
export * from "./std-claims-wire.js";
|
|
10
11
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/types/claims/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/types/claims/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,oCAAoC,CAAC;AACnD,cAAc,sBAAsB,CAAC"}
|
|
@@ -3,6 +3,7 @@ import type { LindormClaimsWire } from "./lindorm-claims-wire.js";
|
|
|
3
3
|
import type { OAuthClaimsWire } from "./oauth-claims-wire.js";
|
|
4
4
|
import type { OidcClaimsWire } from "./oidc-claims-wire.js";
|
|
5
5
|
import type { PopClaimsWire } from "./pop-claims-wire.js";
|
|
6
|
+
import type { SensitiveIdentityClaimWire } from "./sensitive-identity-claim-wire.js";
|
|
6
7
|
import type { StdClaimsWire } from "./std-claims-wire.js";
|
|
7
|
-
export type JwtClaims = StdClaimsWire & OidcClaimsWire & PopClaimsWire & DelegationClaimsWire & OAuthClaimsWire & LindormClaimsWire;
|
|
8
|
+
export type JwtClaims = StdClaimsWire & OidcClaimsWire & PopClaimsWire & DelegationClaimsWire & OAuthClaimsWire & LindormClaimsWire & SensitiveIdentityClaimWire;
|
|
8
9
|
//# sourceMappingURL=jwt-claims.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-claims.d.ts","sourceRoot":"","sources":["../../../../src/types/claims/jwt/jwt-claims.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAO1D,MAAM,MAAM,SAAS,GAAG,aAAa,GACnC,cAAc,GACd,aAAa,GACb,oBAAoB,GACpB,eAAe,GACf,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"jwt-claims.d.ts","sourceRoot":"","sources":["../../../../src/types/claims/jwt/jwt-claims.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AACrF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAO1D,MAAM,MAAM,SAAS,GAAG,aAAa,GACnC,cAAc,GACd,aAAa,GACb,oBAAoB,GACpB,eAAe,GACf,iBAAiB,GACjB,0BAA0B,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export type SensitiveIdentityInnerWire = {
|
|
2
|
+
national_identity_number?: string | null;
|
|
3
|
+
national_identity_number_verified?: boolean;
|
|
4
|
+
social_security_number?: string | null;
|
|
5
|
+
social_security_number_verified?: boolean;
|
|
6
|
+
};
|
|
7
|
+
export type SensitiveIdentityClaimWire = {
|
|
8
|
+
sensitive_identity?: SensitiveIdentityInnerWire;
|
|
9
|
+
};
|
|
10
|
+
//# sourceMappingURL=sensitive-identity-claim-wire.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sensitive-identity-claim-wire.d.ts","sourceRoot":"","sources":["../../../../src/types/claims/jwt/sensitive-identity-claim-wire.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,0BAA0B,GAAG;IACvC,wBAAwB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,iCAAiC,CAAC,EAAE,OAAO,CAAC;IAC5C,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,+BAA+B,CAAC,EAAE,OAAO,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,kBAAkB,CAAC,EAAE,0BAA0B,CAAC;CACjD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sensitive-identity-claim-wire.js","sourceRoot":"","sources":["../../../../src/types/claims/jwt/sensitive-identity-claim-wire.ts"],"names":[],"mappings":""}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { OpenIdGrantType, OpenIdScope } from "@lindorm/types";
|
|
1
2
|
import type { AdjustedAccessLevel, LevelOfAssurance } from "../level-of-assurance.js";
|
|
2
3
|
export type AuthFactor = "knowledge" | "possession" | "inherence" | (string & {});
|
|
3
4
|
export type SessionHint = "web" | "mobile" | "cli" | "service" | "machine" | (string & {});
|
|
@@ -6,10 +7,10 @@ export type LindormClaims = {
|
|
|
6
7
|
adjustedAccessLevel?: AdjustedAccessLevel;
|
|
7
8
|
authFactor?: Array<AuthFactor>;
|
|
8
9
|
clientId?: string;
|
|
9
|
-
grantType?:
|
|
10
|
+
grantType?: OpenIdGrantType;
|
|
10
11
|
levelOfAssurance?: LevelOfAssurance;
|
|
11
12
|
permissions?: Array<string>;
|
|
12
|
-
scope?: Array<
|
|
13
|
+
scope?: Array<OpenIdScope>;
|
|
13
14
|
sessionHint?: SessionHint;
|
|
14
15
|
sessionId?: string;
|
|
15
16
|
subjectHint?: SubjectHint;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lindorm-claims.d.ts","sourceRoot":"","sources":["../../../src/types/claims/lindorm-claims.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEtF,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,YAAY,GAAG,WAAW,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElF,MAAM,MAAM,WAAW,GACnB,KAAK,GACL,QAAQ,GACR,KAAK,GACL,SAAS,GACT,SAAS,GACT,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAGnF,MAAM,MAAM,aAAa,GAAG;IAC1B,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAC1C,UAAU,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,
|
|
1
|
+
{"version":3,"file":"lindorm-claims.d.ts","sourceRoot":"","sources":["../../../src/types/claims/lindorm-claims.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEtF,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,YAAY,GAAG,WAAW,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElF,MAAM,MAAM,WAAW,GACnB,KAAK,GACL,QAAQ,GACR,KAAK,GACL,SAAS,GACT,SAAS,GACT,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAGnF,MAAM,MAAM,aAAa,GAAG;IAC1B,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAC1C,UAAU,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,KAAK,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC"}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
+
import type { AuthMethod } from "./auth-method.js";
|
|
1
2
|
export type OidcClaims = {
|
|
2
3
|
accessTokenHash?: string;
|
|
3
4
|
authContextClass?: string;
|
|
4
|
-
authMethods?: Array<
|
|
5
|
+
authMethods?: Array<AuthMethod>;
|
|
5
6
|
authorizedParty?: string;
|
|
6
7
|
authTime?: Date;
|
|
7
8
|
codeHash?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc-claims.d.ts","sourceRoot":"","sources":["../../../src/types/claims/oidc-claims.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oidc-claims.d.ts","sourceRoot":"","sources":["../../../src/types/claims/oidc-claims.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGnD,MAAM,MAAM,UAAU,GAAG;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { KryptosSigAlgorithm } from "@lindorm/kryptos";
|
|
2
2
|
import type { Dict } from "@lindorm/types";
|
|
3
|
-
import type { AegisProfile, LindormClaims, OAuthClaims, OidcClaims, PopClaims, DelegationClaims, StdClaims } from "../claims/index.js";
|
|
3
|
+
import type { AegisProfile, AegisSensitiveIdentity, LindormClaims, OAuthClaims, OidcClaims, PopClaims, DelegationClaims, StdClaims } from "../claims/index.js";
|
|
4
4
|
import type { RefinedTokenHeader } from "../header.js";
|
|
5
5
|
import type { DecodedJwt } from "./jwt-decode.js";
|
|
6
6
|
import type { TokenDelegation } from "./jwt-delegation.js";
|
|
@@ -17,6 +17,7 @@ export type ParsedJwtPayload<C extends Dict = Dict> = StdClaims & OidcClaims & P
|
|
|
17
17
|
profile: AegisProfile | undefined;
|
|
18
18
|
roles: Array<string>;
|
|
19
19
|
scope: Array<string>;
|
|
20
|
+
sensitiveIdentity: AegisSensitiveIdentity | undefined;
|
|
20
21
|
subject: string;
|
|
21
22
|
tokenId: string;
|
|
22
23
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-parse.d.ts","sourceRoot":"","sources":["../../../src/types/jwt/jwt-parse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,YAAY,EACZ,aAAa,EACb,WAAW,EACX,UAAU,EACV,SAAS,EACT,gBAAgB,EAChB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,MAAM,eAAe,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;AAEtE,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAC7D,UAAU,GACV,SAAS,GACT,gBAAgB,GAChB,WAAW,GACX,aAAa,GAAG;IACd,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,EAAE,CAAC,CAAC;IACV,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3B,OAAO,EAAE,YAAY,GAAG,SAAS,CAAC;IAClC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEJ,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI;IAC7C,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;IACvB,UAAU,EAAE,eAAe,CAAC;IAC5B,IAAI,CAAC,EAAE,eAAe,CAAC;IACvB,MAAM,EAAE,eAAe,CAAC;IACxB,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;CACf,CAAC"}
|
|
1
|
+
{"version":3,"file":"jwt-parse.d.ts","sourceRoot":"","sources":["../../../src/types/jwt/jwt-parse.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,YAAY,EACZ,sBAAsB,EACtB,aAAa,EACb,WAAW,EACX,UAAU,EACV,SAAS,EACT,gBAAgB,EAChB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,MAAM,eAAe,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;AAEtE,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAC7D,UAAU,GACV,SAAS,GACT,gBAAgB,GAChB,WAAW,GACX,aAAa,GAAG;IACd,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,EAAE,CAAC,CAAC;IACV,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3B,OAAO,EAAE,YAAY,GAAG,SAAS,CAAC;IAClC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,iBAAiB,EAAE,sBAAsB,GAAG,SAAS,CAAC;IACtD,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEJ,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI;IAC7C,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;IACvB,UAAU,EAAE,eAAe,CAAC;IAC5B,IAAI,CAAC,EAAE,eAAe,CAAC;IACvB,MAAM,EAAE,eAAe,CAAC;IACxB,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;CACf,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { Expiry } from "@lindorm/date";
|
|
2
2
|
import type { Dict } from "@lindorm/types";
|
|
3
|
-
import type { AegisProfile, LindormClaims, OAuthClaims, OidcClaims, PopClaims, DelegationClaims, StdClaims } from "../claims/index.js";
|
|
3
|
+
import type { AegisProfile, AegisSensitiveIdentity, LindormClaims, OAuthClaims, OidcClaims, PopClaims, DelegationClaims, StdClaims } from "../claims/index.js";
|
|
4
4
|
import type { BindCertificateMode, TokenEncryptOrSignOptions } from "../header.js";
|
|
5
5
|
export type SignJwtContent<C extends Dict = Dict> = Omit<StdClaims, "expiresAt" | "issuedAt" | "issuer" | "tokenId"> & Omit<OidcClaims, "accessTokenHash" | "codeHash" | "stateHash"> & PopClaims & DelegationClaims & OAuthClaims & LindormClaims & {
|
|
6
6
|
accessToken?: string;
|
|
@@ -9,8 +9,9 @@ export type SignJwtContent<C extends Dict = Dict> = Omit<StdClaims, "expiresAt"
|
|
|
9
9
|
claims?: C;
|
|
10
10
|
expires: Expiry;
|
|
11
11
|
profile?: AegisProfile;
|
|
12
|
+
sensitiveIdentity?: AegisSensitiveIdentity;
|
|
12
13
|
subject: string;
|
|
13
|
-
tokenType: string;
|
|
14
|
+
tokenType: "Bearer" | "DPoP" | "N_A" | (string & {});
|
|
14
15
|
};
|
|
15
16
|
export type SignJwtOptions = {
|
|
16
17
|
accessTokenHash?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-sign.d.ts","sourceRoot":"","sources":["../../../src/types/jwt/jwt-sign.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,YAAY,EACZ,aAAa,EACb,WAAW,EACX,UAAU,EACV,SAAS,EACT,gBAAgB,EAChB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAEnF,MAAM,MAAM,cAAc,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,IAAI,CACtD,SAAS,EACT,WAAW,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAChD,GACC,IAAI,CAAC,UAAU,EAAE,iBAAiB,GAAG,UAAU,GAAG,WAAW,CAAC,GAC9D,SAAS,GACT,gBAAgB,GAChB,WAAW,GACX,aAAa,GAAG;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-sign.d.ts","sourceRoot":"","sources":["../../../src/types/jwt/jwt-sign.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,YAAY,EACZ,sBAAsB,EACtB,aAAa,EACb,WAAW,EACX,UAAU,EACV,SAAS,EACT,gBAAgB,EAChB,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAEnF,MAAM,MAAM,cAAc,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,IAAI,CACtD,SAAS,EACT,WAAW,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAChD,GACC,IAAI,CAAC,UAAU,EAAE,iBAAiB,GAAG,UAAU,GAAG,WAAW,CAAC,GAC9D,SAAS,GACT,gBAAgB,GAChB,WAAW,GACX,aAAa,GAAG;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;CACtD,CAAC;AAEJ,MAAM,MAAM,cAAc,GAAG;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,mBAAmB,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,yBAAyB,CAAC;IACnC,QAAQ,CAAC,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@lindorm/aegis",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.8.0",
|
|
4
4
|
"license": "AGPL-3.0-or-later",
|
|
5
5
|
"author": "Jonn Nilsson",
|
|
6
6
|
"repository": {
|
|
@@ -11,6 +11,9 @@
|
|
|
11
11
|
"publishConfig": {
|
|
12
12
|
"access": "public"
|
|
13
13
|
},
|
|
14
|
+
"files": [
|
|
15
|
+
"dist"
|
|
16
|
+
],
|
|
14
17
|
"type": "module",
|
|
15
18
|
"typings": "dist/index.d.ts",
|
|
16
19
|
"exports": {
|
|
@@ -41,20 +44,20 @@
|
|
|
41
44
|
"verify": "npm run typecheck && npm run build && npm test"
|
|
42
45
|
},
|
|
43
46
|
"dependencies": {
|
|
44
|
-
"@lindorm/aes": "^0.7.
|
|
45
|
-
"@lindorm/akp": "^0.2.
|
|
46
|
-
"@lindorm/b64": "^0.2.
|
|
47
|
-
"@lindorm/date": "^0.5.
|
|
48
|
-
"@lindorm/ec": "^0.3.
|
|
49
|
-
"@lindorm/errors": "^0.2.
|
|
50
|
-
"@lindorm/is": "^0.2.
|
|
51
|
-
"@lindorm/kryptos": "^0.8.
|
|
52
|
-
"@lindorm/oct": "^0.3.
|
|
53
|
-
"@lindorm/okp": "^0.3.
|
|
54
|
-
"@lindorm/rsa": "^0.3.
|
|
55
|
-
"@lindorm/sha": "^0.5.
|
|
56
|
-
"@lindorm/types": "^0.
|
|
57
|
-
"@lindorm/utils": "^0.8.
|
|
47
|
+
"@lindorm/aes": "^0.7.2",
|
|
48
|
+
"@lindorm/akp": "^0.2.2",
|
|
49
|
+
"@lindorm/b64": "^0.2.1",
|
|
50
|
+
"@lindorm/date": "^0.5.2",
|
|
51
|
+
"@lindorm/ec": "^0.3.2",
|
|
52
|
+
"@lindorm/errors": "^0.2.2",
|
|
53
|
+
"@lindorm/is": "^0.2.2",
|
|
54
|
+
"@lindorm/kryptos": "^0.8.2",
|
|
55
|
+
"@lindorm/oct": "^0.3.2",
|
|
56
|
+
"@lindorm/okp": "^0.3.2",
|
|
57
|
+
"@lindorm/rsa": "^0.3.2",
|
|
58
|
+
"@lindorm/sha": "^0.5.2",
|
|
59
|
+
"@lindorm/types": "^0.7.0",
|
|
60
|
+
"@lindorm/utils": "^0.8.2",
|
|
58
61
|
"cbor": "^10.0.12"
|
|
59
62
|
},
|
|
60
63
|
"peerDependencies": {
|
|
@@ -63,11 +66,11 @@
|
|
|
63
66
|
},
|
|
64
67
|
"devDependencies": {
|
|
65
68
|
"@auth0/cose": "^1.0.2",
|
|
66
|
-
"@lindorm/amphora": "^0.5.
|
|
67
|
-
"@lindorm/logger": "^0.6.
|
|
69
|
+
"@lindorm/amphora": "^0.5.3",
|
|
70
|
+
"@lindorm/logger": "^0.6.3",
|
|
68
71
|
"@types/jsonwebtoken": "^9.0.10",
|
|
69
72
|
"jose": "^6.2.1",
|
|
70
73
|
"jsonwebtoken": "^9.0.3"
|
|
71
74
|
},
|
|
72
|
-
"gitHead": "
|
|
75
|
+
"gitHead": "ed9df662f3b73a3d773027b5acdfe128ff3dc140"
|
|
73
76
|
}
|
package/CHANGELOG.md
DELETED
|
@@ -1,191 +0,0 @@
|
|
|
1
|
-
# Change Log
|
|
2
|
-
|
|
3
|
-
All notable changes to this project will be documented in this file.
|
|
4
|
-
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
|
-
|
|
6
|
-
## [0.7.1](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.7.0...@lindorm/aegis@0.7.1) (2026-05-05)
|
|
7
|
-
|
|
8
|
-
### Bug Fixes
|
|
9
|
-
|
|
10
|
-
- **aegis:** extend timeout for RSA-OAEP-512 algorithm test ([b418307](https://github.com/lindorm-io/monorepo/commit/b4183075263fff656337663e8d0e0bcdb892309d))
|
|
11
|
-
|
|
12
|
-
# [0.7.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.6.0...@lindorm/aegis@0.7.0) (2026-05-02)
|
|
13
|
-
|
|
14
|
-
### Bug Fixes
|
|
15
|
-
|
|
16
|
-
- **aegis:** drop createRequire interop workaround in jwt-interop test ([492e3df](https://github.com/lindorm-io/monorepo/commit/492e3dff29971a3958b0628ce5465195f8a8cfe5))
|
|
17
|
-
- widen @lindorm/\* peer ranges to unbounded >= ([f192b59](https://github.com/lindorm-io/monorepo/commit/f192b59107bf1f276d296837f40fa97765d9d2ba))
|
|
18
|
-
|
|
19
|
-
### Features
|
|
20
|
-
|
|
21
|
-
- migrate 20 packages from jest to vitest ([d8bfda8](https://github.com/lindorm-io/monorepo/commit/d8bfda8854dc1cb9537ba0b3e47ec4e4c7bded08))
|
|
22
|
-
|
|
23
|
-
# [0.6.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.5.0...@lindorm/aegis@0.6.0) (2026-04-19)
|
|
24
|
-
|
|
25
|
-
### Features
|
|
26
|
-
|
|
27
|
-
- **aegis:** accept AKP algorithms in token header ([3dc40b7](https://github.com/lindorm-io/monorepo/commit/3dc40b781f436181a6453235d8f4dc7c61885e7d))
|
|
28
|
-
- **aegis:** route AKP kryptos keys through AkpKit for ML-DSA JWS ([a9351fc](https://github.com/lindorm-io/monorepo/commit/a9351fc94e47de240d51f2024a418111e762f046))
|
|
29
|
-
|
|
30
|
-
# [0.5.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.4.4...@lindorm/aegis@0.5.0) (2026-04-15)
|
|
31
|
-
|
|
32
|
-
### Bug Fixes
|
|
33
|
-
|
|
34
|
-
- **aegis:** accept AesContent in IAegisAes types, delegate mock to AesKit ([11b78df](https://github.com/lindorm-io/monorepo/commit/11b78df01112106280466a1824a8c47151ceee65))
|
|
35
|
-
- **aegis:** adopt kryptos descriptive cert fields and drop SHA-1 x5t binding ([06e4d4d](https://github.com/lindorm-io/monorepo/commit/06e4d4dd4bc2f3311370335316d1ffb27df0a317))
|
|
36
|
-
- **aegis:** resolve historical kryptos by id when verifying JWE/JWS ([24c81d4](https://github.com/lindorm-io/monorepo/commit/24c81d4dfa2da67eafcc6e1af432af1a75567b16))
|
|
37
|
-
- **aegis:** string verifier for array-valued claims uses containment ([7cc2c7e](https://github.com/lindorm-io/monorepo/commit/7cc2c7e32140a29ffddd079f956dee9e611ae03c))
|
|
38
|
-
|
|
39
|
-
### Features
|
|
40
|
-
|
|
41
|
-
- **aegis:** add act, may_act, groups, entitlements claim types ([ed80767](https://github.com/lindorm-io/monorepo/commit/ed80767a029fded720bb9af44fb3cdeb2b5c30d6))
|
|
42
|
-
- **aegis:** add AegisProfile claim type for ID token profile personalization ([929a9b6](https://github.com/lindorm-io/monorepo/commit/929a9b6ee7b051d50dda8aa8c6a1c3e88e23e4d5))
|
|
43
|
-
- **aegis:** add baseFormat to parsed token headers ([43d37a0](https://github.com/lindorm-io/monorepo/commit/43d37a02a3ae1773fb166aabd7f7957dcf30e4ac))
|
|
44
|
-
- **aegis:** add bindCertificate sign option and post-verify thumbprint check ([0d4e2a5](https://github.com/lindorm-io/monorepo/commit/0d4e2a5bdfbfa745b7b3e137ecf4b4a617c6d8f5)), closes [x5t#S256](https://github.com/x5t/issues/S256)
|
|
45
|
-
- **aegis:** add certBindingMode strict/lax for cert-binding verify ([bfd2165](https://github.com/lindorm-io/monorepo/commit/bfd2165d65a1bdb0895e503466dfc287259f7a66))
|
|
46
|
-
- **aegis:** add cnf claim support on sign and parse ([e7d7a28](https://github.com/lindorm-io/monorepo/commit/e7d7a28d1b82cf711c54d64aa51f2615b96c1e4d))
|
|
47
|
-
- **aegis:** add isParsedJwt and isParsedJws guards ([1640977](https://github.com/lindorm-io/monorepo/commit/1640977405de7bc183e98b24857ce33cc21ad0d4))
|
|
48
|
-
- **aegis:** add TokenType, AuthFactor, SessionHint, SubjectHint types ([fb7a15a](https://github.com/lindorm-io/monorepo/commit/fb7a15a2687ed0e1126ac94c23ed01472d0fa044))
|
|
49
|
-
- **aegis:** add userinfo and introspection parse utilities ([ab2e14f](https://github.com/lindorm-io/monorepo/commit/ab2e14f4ef0b40c7a70ad0fe08079a88c99c5f33))
|
|
50
|
-
- **aegis:** attach TokenIdentity to parsed results and add actor verify option ([7bcfdae](https://github.com/lindorm-io/monorepo/commit/7bcfdae0d4d1c83811ea8e03437fb284113f69e4))
|
|
51
|
-
- **aegis:** auto-stamp thumbprint on sign when kryptos has cert, add none mode ([441630f](https://github.com/lindorm-io/monorepo/commit/441630f177b4264a791da9ce9e5409b4de15958a))
|
|
52
|
-
- **aegis:** enforce algorithm allowlist in decodeJoseHeader ([5be80a1](https://github.com/lindorm-io/monorepo/commit/5be80a10aa7461323e1b620bed8a699f960e7089)), closes [PKCS#1](https://github.com/PKCS/issues/1)
|
|
53
|
-
- **aegis:** expose parseUserinfo, parseIntrospection, and validateClaims on Aegis ([a29ec9c](https://github.com/lindorm-io/monorepo/commit/a29ec9c3568631c067d0984de07769a969ca1719))
|
|
54
|
-
- **aegis:** reject JWE tokens with zip compression header ([644d37d](https://github.com/lindorm-io/monorepo/commit/644d37debea9a5bf0edab469ced8e2bc6467bf60))
|
|
55
|
-
- **aegis:** validate tokenType input in computeTypHeader ([5d95fb6](https://github.com/lindorm-io/monorepo/commit/5d95fb69ab5625cd6812b5b29be91c436f8001a0))
|
|
56
|
-
- **aegis:** verify DPoP proofs as part of JWT verification ([9795b7c](https://github.com/lindorm-io/monorepo/commit/9795b7c1d0b8925050fe82176515a47aeefd5957))
|
|
57
|
-
|
|
58
|
-
## [0.4.4](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.4.3...@lindorm/aegis@0.4.4) (2026-04-01)
|
|
59
|
-
|
|
60
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
61
|
-
|
|
62
|
-
## [0.4.3](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.4.2...@lindorm/aegis@0.4.3) (2026-03-29)
|
|
63
|
-
|
|
64
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
65
|
-
|
|
66
|
-
## [0.4.2](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.4.1...@lindorm/aegis@0.4.2) (2026-03-13)
|
|
67
|
-
|
|
68
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
69
|
-
|
|
70
|
-
## [0.4.1](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.4.0...@lindorm/aegis@0.4.1) (2026-03-13)
|
|
71
|
-
|
|
72
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
73
|
-
|
|
74
|
-
# [0.4.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.3.6...@lindorm/aegis@0.4.0) (2026-02-17)
|
|
75
|
-
|
|
76
|
-
### Bug Fixes
|
|
77
|
-
|
|
78
|
-
- **aegis:** align header parsing types with AES decryption record types ([8d6539d](https://github.com/lindorm-io/monorepo/commit/8d6539d41657343edce4c94c884fe592c9bb12e6))
|
|
79
|
-
- **aegis:** relax algorithm validation in header decoding ([fbc6edc](https://github.com/lindorm-io/monorepo/commit/fbc6edc003849963827c483ff2d995cd5b66eada))
|
|
80
|
-
- **aegis:** relax typ validation and fix kryptosSig algorithm bug ([cb1bb60](https://github.com/lindorm-io/monorepo/commit/cb1bb601e2004de4b0a6454dd60a35be7770f59c))
|
|
81
|
-
- **aegis:** remove hkdfSalt references after aes package refactor ([30c008a](https://github.com/lindorm-io/monorepo/commit/30c008a99a364928ed83fbb7ee6b496691646f80))
|
|
82
|
-
- **aegis:** remove jwksUri from COSE sign/encrypt headers ([2c47fd4](https://github.com/lindorm-io/monorepo/commit/2c47fd43297db43e8f6b98df4b25ee93e93415af))
|
|
83
|
-
- **aegis:** restructure CweKit header layout per RFC 9052 ([43f2616](https://github.com/lindorm-io/monorepo/commit/43f2616b34de529e968f75714a2222ed4d02a509))
|
|
84
|
-
- **aegis:** rFC 7515 crit compliance and base64url header encoding ([f3fa30b](https://github.com/lindorm-io/monorepo/commit/f3fa30b89f10518efa86ad69577e1d1c35faf030))
|
|
85
|
-
- **aegis:** use Map-based COSE encoding for RFC 9052 integer labels ([e2eb229](https://github.com/lindorm-io/monorepo/commit/e2eb229b053c9c91ba8b4b43d8ad9e1731ec53b4))
|
|
86
|
-
- **lint:** add missing eslint-config-prettier and fix prettier formatting ([6899e39](https://github.com/lindorm-io/monorepo/commit/6899e39ad7700e373173b0a61b429b5536c13934))
|
|
87
|
-
|
|
88
|
-
### Features
|
|
89
|
-
|
|
90
|
-
- **aegis:** add COSE target mode for internal/external encoding ([0be6874](https://github.com/lindorm-io/monorepo/commit/0be687457cea0266cefdff8fc504b05175aa8bbf))
|
|
91
|
-
- **aegis:** integrate prepareEncryption for JWE AAD support ([0b5a607](https://github.com/lindorm-io/monorepo/commit/0b5a60749b935068a02c6ae9fa1a637e0bfa8764))
|
|
92
|
-
- **aegis:** narrow AmphoraQuery type by operation ([e908b40](https://github.com/lindorm-io/monorepo/commit/e908b405f5269aaa864f2da5b19879f9d999e485))
|
|
93
|
-
- **aegis:** support custom COSE claim labels (>= 900) in CWT payloads ([a5f30c0](https://github.com/lindorm-io/monorepo/commit/a5f30c09d6ca21dc029a6d2a601ff3cf35b8dff4))
|
|
94
|
-
|
|
95
|
-
## [0.3.6](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.3.5...@lindorm/aegis@0.3.6) (2025-09-18)
|
|
96
|
-
|
|
97
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
98
|
-
|
|
99
|
-
## [0.3.5](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.3.4...@lindorm/aegis@0.3.5) (2025-07-19)
|
|
100
|
-
|
|
101
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
102
|
-
|
|
103
|
-
## [0.3.4](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.3.3...@lindorm/aegis@0.3.4) (2025-07-12)
|
|
104
|
-
|
|
105
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
106
|
-
|
|
107
|
-
## [0.3.3](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.3.2...@lindorm/aegis@0.3.3) (2025-07-10)
|
|
108
|
-
|
|
109
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
110
|
-
|
|
111
|
-
## [0.3.2](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.3.1...@lindorm/aegis@0.3.2) (2025-07-02)
|
|
112
|
-
|
|
113
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
114
|
-
|
|
115
|
-
## [0.3.1](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.3.0...@lindorm/aegis@0.3.1) (2025-06-24)
|
|
116
|
-
|
|
117
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
118
|
-
|
|
119
|
-
# [0.3.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.6...@lindorm/aegis@0.3.0) (2025-06-17)
|
|
120
|
-
|
|
121
|
-
### Bug Fixes
|
|
122
|
-
|
|
123
|
-
- add missing header options to sign and encrypt ([d0007e7](https://github.com/lindorm-io/monorepo/commit/d0007e70c0afcf5945b223b27e7b8c02c07b3109))
|
|
124
|
-
- add missing jwt options for verify ([c5b9439](https://github.com/lindorm-io/monorepo/commit/c5b9439b41a7de541e966c350102b7cffde389b5))
|
|
125
|
-
- add optional key filter for aegis ([49a6d75](https://github.com/lindorm-io/monorepo/commit/49a6d75a89f435c40389fbee00840c011e369b00))
|
|
126
|
-
- align with kryptos changes ([206eb38](https://github.com/lindorm-io/monorepo/commit/206eb38ae2a03b14973e706035c87a953cc753af))
|
|
127
|
-
- amend bugs ([a68a77a](https://github.com/lindorm-io/monorepo/commit/a68a77a811ddfe33a0b487cd84cda6a18d3054b6))
|
|
128
|
-
- amend errors in mock ([4e80b28](https://github.com/lindorm-io/monorepo/commit/4e80b28e2bd35ae7ae43da9d3b480bae935aef08))
|
|
129
|
-
- handle correct typing ([630fa33](https://github.com/lindorm-io/monorepo/commit/630fa332c16557fa5f16c3cc673af563d5ea4e24))
|
|
130
|
-
- improve content type method ([d12f1fd](https://github.com/lindorm-io/monorepo/commit/d12f1fd4484c5e6b1becbdd72feed010d2c5cd98))
|
|
131
|
-
- merge domain with issuer for ease of understanding ([9123cc2](https://github.com/lindorm-io/monorepo/commit/9123cc2ede63962a5c226a9bed0d0541001384d9))
|
|
132
|
-
- minor improvements ([0f7db68](https://github.com/lindorm-io/monorepo/commit/0f7db68cddefce258434258ea9f6c0d5f5ba4fc4))
|
|
133
|
-
- rename kits ([da103bf](https://github.com/lindorm-io/monorepo/commit/da103bf21fc25f3477dd9b70a851e4bca5758283))
|
|
134
|
-
- update types and fallback to amphora issuer ([8130b45](https://github.com/lindorm-io/monorepo/commit/8130b45bc7a1c2080e029e6e2efc8c58a65f1d7e))
|
|
135
|
-
|
|
136
|
-
### Features
|
|
137
|
-
|
|
138
|
-
- add aegis aes and improve key methods ([ac1800e](https://github.com/lindorm-io/monorepo/commit/ac1800e65f1e9fc82814bb84793678f8c3fd1f8d))
|
|
139
|
-
- add decode and verify to aegis ([bd6c9c3](https://github.com/lindorm-io/monorepo/commit/bd6c9c3b041eb0ed398d01f8d52b44e74cbad429))
|
|
140
|
-
- add signature kit ([ca99771](https://github.com/lindorm-io/monorepo/commit/ca99771955b69a41a1add2cbad6a9512783f54ab))
|
|
141
|
-
- add static token parsing to aegis ([2b8803c](https://github.com/lindorm-io/monorepo/commit/2b8803c189ce2bc97fe49c977e6fbb58cace13f7))
|
|
142
|
-
- implement cose-encrypt kit ([5f94faf](https://github.com/lindorm-io/monorepo/commit/5f94fafc28ab737b02cb3e7566da0d5c827d8c1a))
|
|
143
|
-
- implement cose-sign kit ([fd92fa3](https://github.com/lindorm-io/monorepo/commit/fd92fa346401de76967f5d3c0cc5fd6531e4b4bd))
|
|
144
|
-
- introduce cwt to aegis ([40a7efa](https://github.com/lindorm-io/monorepo/commit/40a7efa1ce2907c0e4671d20cd9d9fb457a346db))
|
|
145
|
-
|
|
146
|
-
## [0.2.6](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.5...@lindorm/aegis@0.2.6) (2025-01-28)
|
|
147
|
-
|
|
148
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
149
|
-
|
|
150
|
-
## [0.2.5](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.4...@lindorm/aegis@0.2.5) (2024-10-12)
|
|
151
|
-
|
|
152
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
153
|
-
|
|
154
|
-
## [0.2.4](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.3...@lindorm/aegis@0.2.4) (2024-10-09)
|
|
155
|
-
|
|
156
|
-
### Bug Fixes
|
|
157
|
-
|
|
158
|
-
- align with aes changes ([f49b8c0](https://github.com/lindorm-io/monorepo/commit/f49b8c01cb8893e624da046832965bf64889117b))
|
|
159
|
-
|
|
160
|
-
## [0.2.3](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.2...@lindorm/aegis@0.2.3) (2024-09-25)
|
|
161
|
-
|
|
162
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
163
|
-
|
|
164
|
-
## [0.2.2](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.1...@lindorm/aegis@0.2.2) (2024-09-23)
|
|
165
|
-
|
|
166
|
-
**Note:** Version bump only for package @lindorm/aegis
|
|
167
|
-
|
|
168
|
-
## [0.2.1](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.0...@lindorm/aegis@0.2.1) (2024-09-20)
|
|
169
|
-
|
|
170
|
-
### Bug Fixes
|
|
171
|
-
|
|
172
|
-
- make issuer optional ([6e85927](https://github.com/lindorm-io/monorepo/commit/6e859272370e59dc334aca702fa37e1765f542ab))
|
|
173
|
-
- return token on verify ([8bad0e0](https://github.com/lindorm-io/monorepo/commit/8bad0e02cb7979c9462387fcb62026e9e895643c))
|
|
174
|
-
|
|
175
|
-
# [0.2.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.1.1...@lindorm/aegis@0.2.0) (2024-05-20)
|
|
176
|
-
|
|
177
|
-
### Features
|
|
178
|
-
|
|
179
|
-
- use amphora ([d61acf7](https://github.com/lindorm-io/monorepo/commit/d61acf7f7de762f0a4980b9dd720ec62a5787ba1))
|
|
180
|
-
|
|
181
|
-
## [0.1.1](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.1.0...@lindorm/aegis@0.1.1) (2024-05-20)
|
|
182
|
-
|
|
183
|
-
### Bug Fixes
|
|
184
|
-
|
|
185
|
-
- update jwe with gcm keywrap ([0abbd3b](https://github.com/lindorm-io/monorepo/commit/0abbd3b26120dabe8e71223ea45b7c9beb14d4e9))
|
|
186
|
-
|
|
187
|
-
# 0.1.0 (2024-05-19)
|
|
188
|
-
|
|
189
|
-
### Features
|
|
190
|
-
|
|
191
|
-
- initialise aegis package ([b0eb954](https://github.com/lindorm-io/monorepo/commit/b0eb954d9015bd965a3120980edaceaff55e9ccb))
|
|
@@ -1,332 +0,0 @@
|
|
|
1
|
-
import { KryptosKit } from "@lindorm/kryptos";
|
|
2
|
-
import { createMockLogger } from "@lindorm/logger/mocks/vitest";
|
|
3
|
-
import { CompactEncrypt, compactDecrypt, importJWK } from "jose";
|
|
4
|
-
import { JweKit } from "../src/classes/JweKit.js";
|
|
5
|
-
import { describe, expect, test } from "vitest";
|
|
6
|
-
|
|
7
|
-
// ---------------------------------------------------------------------------
|
|
8
|
-
// Shared constants
|
|
9
|
-
// ---------------------------------------------------------------------------
|
|
10
|
-
|
|
11
|
-
const PLAINTEXT = "hello aegis jwe interop";
|
|
12
|
-
const logger = createMockLogger();
|
|
13
|
-
|
|
14
|
-
// ---------------------------------------------------------------------------
|
|
15
|
-
// Key generation helpers
|
|
16
|
-
// ---------------------------------------------------------------------------
|
|
17
|
-
|
|
18
|
-
const createOctKwKey = () => KryptosKit.generate.enc.oct({ algorithm: "A128KW" });
|
|
19
|
-
|
|
20
|
-
const createOctDirKey = (encryption: "A256GCM" | "A128GCM" = "A256GCM") =>
|
|
21
|
-
KryptosKit.generate.enc.oct({ algorithm: "dir", encryption });
|
|
22
|
-
|
|
23
|
-
const createRsaOaepKey = () => KryptosKit.generate.enc.rsa({ algorithm: "RSA-OAEP-256" });
|
|
24
|
-
|
|
25
|
-
const createEcdhEsKey = () =>
|
|
26
|
-
KryptosKit.generate.enc.ec({ algorithm: "ECDH-ES", curve: "P-256" });
|
|
27
|
-
|
|
28
|
-
// ---------------------------------------------------------------------------
|
|
29
|
-
// Helper: export public-only JWK for jose encryption
|
|
30
|
-
// ---------------------------------------------------------------------------
|
|
31
|
-
|
|
32
|
-
const toPublicJwk = (jwk: Record<string, unknown>): Record<string, unknown> => {
|
|
33
|
-
const { d, dp, dq, p, q, qi, ...publicParts } = jwk as any;
|
|
34
|
-
return publicParts;
|
|
35
|
-
};
|
|
36
|
-
|
|
37
|
-
// ---------------------------------------------------------------------------
|
|
38
|
-
// A128KW + A128GCM
|
|
39
|
-
// ---------------------------------------------------------------------------
|
|
40
|
-
|
|
41
|
-
describe("JWE interop: aegis <-> jose", () => {
|
|
42
|
-
describe("A128KW + A128GCM", () => {
|
|
43
|
-
test("aegis encrypt -> jose decrypt", async () => {
|
|
44
|
-
const kryptos = createOctKwKey();
|
|
45
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A128GCM" });
|
|
46
|
-
|
|
47
|
-
const { token } = kit.encrypt(PLAINTEXT);
|
|
48
|
-
|
|
49
|
-
const jwk = kryptos.export("jwk");
|
|
50
|
-
const joseKey = await importJWK(jwk, "A128KW");
|
|
51
|
-
|
|
52
|
-
const result = await compactDecrypt(token, joseKey);
|
|
53
|
-
|
|
54
|
-
expect(new TextDecoder().decode(result.plaintext)).toBe(PLAINTEXT);
|
|
55
|
-
expect(result.protectedHeader.alg).toBe("A128KW");
|
|
56
|
-
expect(result.protectedHeader.enc).toBe("A128GCM");
|
|
57
|
-
});
|
|
58
|
-
|
|
59
|
-
test("jose encrypt -> aegis decrypt", async () => {
|
|
60
|
-
const kryptos = createOctKwKey();
|
|
61
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A128GCM" });
|
|
62
|
-
|
|
63
|
-
const jwk = kryptos.export("jwk");
|
|
64
|
-
const joseKey = await importJWK(jwk, "A128KW");
|
|
65
|
-
|
|
66
|
-
const token = await new CompactEncrypt(new TextEncoder().encode(PLAINTEXT))
|
|
67
|
-
.setProtectedHeader({
|
|
68
|
-
alg: "A128KW",
|
|
69
|
-
enc: "A128GCM",
|
|
70
|
-
typ: "JWE",
|
|
71
|
-
kid: kryptos.id,
|
|
72
|
-
cty: "text/plain; charset=utf-8",
|
|
73
|
-
})
|
|
74
|
-
.encrypt(joseKey);
|
|
75
|
-
|
|
76
|
-
const result = kit.decrypt(token);
|
|
77
|
-
|
|
78
|
-
expect(result.payload).toBe(PLAINTEXT);
|
|
79
|
-
expect(result.header.algorithm).toBe("A128KW");
|
|
80
|
-
expect(result.header.encryption).toBe("A128GCM");
|
|
81
|
-
});
|
|
82
|
-
});
|
|
83
|
-
|
|
84
|
-
// ---------------------------------------------------------------------------
|
|
85
|
-
// A128KW + A256GCM
|
|
86
|
-
// ---------------------------------------------------------------------------
|
|
87
|
-
|
|
88
|
-
describe("A128KW + A256GCM", () => {
|
|
89
|
-
test("aegis encrypt -> jose decrypt", async () => {
|
|
90
|
-
const kryptos = createOctKwKey();
|
|
91
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A256GCM" });
|
|
92
|
-
|
|
93
|
-
const { token } = kit.encrypt(PLAINTEXT);
|
|
94
|
-
|
|
95
|
-
const jwk = kryptos.export("jwk");
|
|
96
|
-
const joseKey = await importJWK(jwk, "A128KW");
|
|
97
|
-
|
|
98
|
-
const result = await compactDecrypt(token, joseKey);
|
|
99
|
-
|
|
100
|
-
expect(new TextDecoder().decode(result.plaintext)).toBe(PLAINTEXT);
|
|
101
|
-
});
|
|
102
|
-
|
|
103
|
-
test("jose encrypt -> aegis decrypt", async () => {
|
|
104
|
-
const kryptos = createOctKwKey();
|
|
105
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A256GCM" });
|
|
106
|
-
|
|
107
|
-
const jwk = kryptos.export("jwk");
|
|
108
|
-
const joseKey = await importJWK(jwk, "A128KW");
|
|
109
|
-
|
|
110
|
-
const token = await new CompactEncrypt(new TextEncoder().encode(PLAINTEXT))
|
|
111
|
-
.setProtectedHeader({
|
|
112
|
-
alg: "A128KW",
|
|
113
|
-
enc: "A256GCM",
|
|
114
|
-
typ: "JWE",
|
|
115
|
-
kid: kryptos.id,
|
|
116
|
-
cty: "text/plain; charset=utf-8",
|
|
117
|
-
})
|
|
118
|
-
.encrypt(joseKey);
|
|
119
|
-
|
|
120
|
-
const result = kit.decrypt(token);
|
|
121
|
-
|
|
122
|
-
expect(result.payload).toBe(PLAINTEXT);
|
|
123
|
-
});
|
|
124
|
-
});
|
|
125
|
-
|
|
126
|
-
// ---------------------------------------------------------------------------
|
|
127
|
-
// RSA-OAEP-256 + A256GCM
|
|
128
|
-
// ---------------------------------------------------------------------------
|
|
129
|
-
|
|
130
|
-
describe("RSA-OAEP-256 + A256GCM", () => {
|
|
131
|
-
test("aegis encrypt -> jose decrypt", async () => {
|
|
132
|
-
const kryptos = createRsaOaepKey();
|
|
133
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A256GCM" });
|
|
134
|
-
|
|
135
|
-
const { token } = kit.encrypt(PLAINTEXT);
|
|
136
|
-
|
|
137
|
-
// jose needs private key for RSA decryption
|
|
138
|
-
const jwk = kryptos.export("jwk");
|
|
139
|
-
const joseKey = await importJWK(jwk, "RSA-OAEP-256");
|
|
140
|
-
|
|
141
|
-
const result = await compactDecrypt(token, joseKey);
|
|
142
|
-
|
|
143
|
-
expect(new TextDecoder().decode(result.plaintext)).toBe(PLAINTEXT);
|
|
144
|
-
expect(result.protectedHeader.alg).toBe("RSA-OAEP-256");
|
|
145
|
-
expect(result.protectedHeader.enc).toBe("A256GCM");
|
|
146
|
-
});
|
|
147
|
-
|
|
148
|
-
test("jose encrypt -> aegis decrypt", async () => {
|
|
149
|
-
const kryptos = createRsaOaepKey();
|
|
150
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A256GCM" });
|
|
151
|
-
|
|
152
|
-
// jose encrypts with public key
|
|
153
|
-
const jwk = kryptos.export("jwk");
|
|
154
|
-
const publicJwk = toPublicJwk(jwk);
|
|
155
|
-
const joseKey = await importJWK(publicJwk, "RSA-OAEP-256");
|
|
156
|
-
|
|
157
|
-
const token = await new CompactEncrypt(new TextEncoder().encode(PLAINTEXT))
|
|
158
|
-
.setProtectedHeader({
|
|
159
|
-
alg: "RSA-OAEP-256",
|
|
160
|
-
enc: "A256GCM",
|
|
161
|
-
typ: "JWE",
|
|
162
|
-
kid: kryptos.id,
|
|
163
|
-
cty: "text/plain; charset=utf-8",
|
|
164
|
-
})
|
|
165
|
-
.encrypt(joseKey);
|
|
166
|
-
|
|
167
|
-
const result = kit.decrypt(token);
|
|
168
|
-
|
|
169
|
-
expect(result.payload).toBe(PLAINTEXT);
|
|
170
|
-
expect(result.header.algorithm).toBe("RSA-OAEP-256");
|
|
171
|
-
expect(result.header.encryption).toBe("A256GCM");
|
|
172
|
-
});
|
|
173
|
-
});
|
|
174
|
-
|
|
175
|
-
// ---------------------------------------------------------------------------
|
|
176
|
-
// RSA-OAEP-256 + A128CBC-HS256
|
|
177
|
-
// ---------------------------------------------------------------------------
|
|
178
|
-
|
|
179
|
-
describe("RSA-OAEP-256 + A128CBC-HS256", () => {
|
|
180
|
-
test("aegis encrypt -> jose decrypt", async () => {
|
|
181
|
-
const kryptos = createRsaOaepKey();
|
|
182
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A128CBC-HS256" });
|
|
183
|
-
|
|
184
|
-
const { token } = kit.encrypt(PLAINTEXT);
|
|
185
|
-
|
|
186
|
-
const jwk = kryptos.export("jwk");
|
|
187
|
-
const joseKey = await importJWK(jwk, "RSA-OAEP-256");
|
|
188
|
-
|
|
189
|
-
const result = await compactDecrypt(token, joseKey);
|
|
190
|
-
|
|
191
|
-
expect(new TextDecoder().decode(result.plaintext)).toBe(PLAINTEXT);
|
|
192
|
-
expect(result.protectedHeader.enc).toBe("A128CBC-HS256");
|
|
193
|
-
});
|
|
194
|
-
|
|
195
|
-
test("jose encrypt -> aegis decrypt", async () => {
|
|
196
|
-
const kryptos = createRsaOaepKey();
|
|
197
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A128CBC-HS256" });
|
|
198
|
-
|
|
199
|
-
const jwk = kryptos.export("jwk");
|
|
200
|
-
const publicJwk = toPublicJwk(jwk);
|
|
201
|
-
const joseKey = await importJWK(publicJwk, "RSA-OAEP-256");
|
|
202
|
-
|
|
203
|
-
const token = await new CompactEncrypt(new TextEncoder().encode(PLAINTEXT))
|
|
204
|
-
.setProtectedHeader({
|
|
205
|
-
alg: "RSA-OAEP-256",
|
|
206
|
-
enc: "A128CBC-HS256",
|
|
207
|
-
typ: "JWE",
|
|
208
|
-
kid: kryptos.id,
|
|
209
|
-
cty: "text/plain; charset=utf-8",
|
|
210
|
-
})
|
|
211
|
-
.encrypt(joseKey);
|
|
212
|
-
|
|
213
|
-
const result = kit.decrypt(token);
|
|
214
|
-
|
|
215
|
-
expect(result.payload).toBe(PLAINTEXT);
|
|
216
|
-
expect(result.header.encryption).toBe("A128CBC-HS256");
|
|
217
|
-
});
|
|
218
|
-
});
|
|
219
|
-
|
|
220
|
-
// ---------------------------------------------------------------------------
|
|
221
|
-
// A128KW + A128CBC-HS256
|
|
222
|
-
// ---------------------------------------------------------------------------
|
|
223
|
-
|
|
224
|
-
describe("A128KW + A128CBC-HS256", () => {
|
|
225
|
-
test("aegis encrypt -> jose decrypt", async () => {
|
|
226
|
-
const kryptos = createOctKwKey();
|
|
227
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A128CBC-HS256" });
|
|
228
|
-
|
|
229
|
-
const { token } = kit.encrypt(PLAINTEXT);
|
|
230
|
-
|
|
231
|
-
const jwk = kryptos.export("jwk");
|
|
232
|
-
const joseKey = await importJWK(jwk, "A128KW");
|
|
233
|
-
|
|
234
|
-
const result = await compactDecrypt(token, joseKey);
|
|
235
|
-
|
|
236
|
-
expect(new TextDecoder().decode(result.plaintext)).toBe(PLAINTEXT);
|
|
237
|
-
expect(result.protectedHeader.enc).toBe("A128CBC-HS256");
|
|
238
|
-
});
|
|
239
|
-
|
|
240
|
-
test("jose encrypt -> aegis decrypt", async () => {
|
|
241
|
-
const kryptos = createOctKwKey();
|
|
242
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A128CBC-HS256" });
|
|
243
|
-
|
|
244
|
-
const jwk = kryptos.export("jwk");
|
|
245
|
-
const joseKey = await importJWK(jwk, "A128KW");
|
|
246
|
-
|
|
247
|
-
const token = await new CompactEncrypt(new TextEncoder().encode(PLAINTEXT))
|
|
248
|
-
.setProtectedHeader({
|
|
249
|
-
alg: "A128KW",
|
|
250
|
-
enc: "A128CBC-HS256",
|
|
251
|
-
typ: "JWE",
|
|
252
|
-
kid: kryptos.id,
|
|
253
|
-
cty: "text/plain; charset=utf-8",
|
|
254
|
-
})
|
|
255
|
-
.encrypt(joseKey);
|
|
256
|
-
|
|
257
|
-
const result = kit.decrypt(token);
|
|
258
|
-
|
|
259
|
-
expect(result.payload).toBe(PLAINTEXT);
|
|
260
|
-
expect(result.header.encryption).toBe("A128CBC-HS256");
|
|
261
|
-
});
|
|
262
|
-
});
|
|
263
|
-
|
|
264
|
-
// ---------------------------------------------------------------------------
|
|
265
|
-
// dir + A256GCM
|
|
266
|
-
// ---------------------------------------------------------------------------
|
|
267
|
-
|
|
268
|
-
describe("dir + A256GCM", () => {
|
|
269
|
-
test("aegis encrypt -> jose decrypt", async () => {
|
|
270
|
-
const kryptos = createOctDirKey("A256GCM");
|
|
271
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A256GCM" });
|
|
272
|
-
|
|
273
|
-
const { token } = kit.encrypt(PLAINTEXT);
|
|
274
|
-
|
|
275
|
-
const jwk = kryptos.export("jwk");
|
|
276
|
-
const joseKey = await importJWK(jwk, "dir");
|
|
277
|
-
|
|
278
|
-
const result = await compactDecrypt(token, joseKey);
|
|
279
|
-
|
|
280
|
-
expect(new TextDecoder().decode(result.plaintext)).toBe(PLAINTEXT);
|
|
281
|
-
expect(result.protectedHeader.alg).toBe("dir");
|
|
282
|
-
expect(result.protectedHeader.enc).toBe("A256GCM");
|
|
283
|
-
});
|
|
284
|
-
|
|
285
|
-
test("jose encrypt -> aegis decrypt", async () => {
|
|
286
|
-
const kryptos = createOctDirKey("A256GCM");
|
|
287
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A256GCM" });
|
|
288
|
-
|
|
289
|
-
const jwk = kryptos.export("jwk");
|
|
290
|
-
const joseKey = await importJWK(jwk, "dir");
|
|
291
|
-
|
|
292
|
-
const token = await new CompactEncrypt(new TextEncoder().encode(PLAINTEXT))
|
|
293
|
-
.setProtectedHeader({
|
|
294
|
-
alg: "dir",
|
|
295
|
-
enc: "A256GCM",
|
|
296
|
-
typ: "JWE",
|
|
297
|
-
kid: kryptos.id,
|
|
298
|
-
cty: "text/plain; charset=utf-8",
|
|
299
|
-
})
|
|
300
|
-
.encrypt(joseKey);
|
|
301
|
-
|
|
302
|
-
const result = kit.decrypt(token);
|
|
303
|
-
|
|
304
|
-
expect(result.payload).toBe(PLAINTEXT);
|
|
305
|
-
expect(result.header.algorithm).toBe("dir");
|
|
306
|
-
expect(result.header.encryption).toBe("A256GCM");
|
|
307
|
-
});
|
|
308
|
-
});
|
|
309
|
-
|
|
310
|
-
// ---------------------------------------------------------------------------
|
|
311
|
-
// ECDH-ES + A256GCM (EC P-256)
|
|
312
|
-
// ---------------------------------------------------------------------------
|
|
313
|
-
|
|
314
|
-
describe("ECDH-ES + A256GCM", () => {
|
|
315
|
-
test("aegis encrypt -> jose decrypt", async () => {
|
|
316
|
-
const kryptos = createEcdhEsKey();
|
|
317
|
-
const kit = new JweKit({ logger, kryptos, encryption: "A256GCM" });
|
|
318
|
-
|
|
319
|
-
const { token } = kit.encrypt(PLAINTEXT);
|
|
320
|
-
|
|
321
|
-
// jose needs private key for ECDH-ES decryption
|
|
322
|
-
const jwk = kryptos.export("jwk");
|
|
323
|
-
const joseKey = await importJWK(jwk, "ECDH-ES");
|
|
324
|
-
|
|
325
|
-
const result = await compactDecrypt(token, joseKey);
|
|
326
|
-
|
|
327
|
-
expect(new TextDecoder().decode(result.plaintext)).toBe(PLAINTEXT);
|
|
328
|
-
expect(result.protectedHeader.alg).toBe("ECDH-ES");
|
|
329
|
-
expect(result.protectedHeader.enc).toBe("A256GCM");
|
|
330
|
-
});
|
|
331
|
-
});
|
|
332
|
-
});
|
|
@@ -1,183 +0,0 @@
|
|
|
1
|
-
import { KryptosKit } from "@lindorm/kryptos";
|
|
2
|
-
import { createMockLogger } from "@lindorm/logger/mocks/vitest";
|
|
3
|
-
import { importJWK, jwtVerify, SignJWT } from "jose";
|
|
4
|
-
import jsonwebtoken, { type JwtPayload } from "jsonwebtoken";
|
|
5
|
-
import { JwtKit } from "../src/classes/JwtKit.js";
|
|
6
|
-
import { describe, expect, test } from "vitest";
|
|
7
|
-
|
|
8
|
-
// ---------------------------------------------------------------------------
|
|
9
|
-
// Shared constants
|
|
10
|
-
// ---------------------------------------------------------------------------
|
|
11
|
-
|
|
12
|
-
const ISSUER = "https://interop.test.lindorm.io/";
|
|
13
|
-
const SUBJECT = "d4e5f6a7-b8c9-4d0e-1a2b-3c4d5e6f7890";
|
|
14
|
-
const logger = createMockLogger();
|
|
15
|
-
|
|
16
|
-
// ---------------------------------------------------------------------------
|
|
17
|
-
// Key generation helpers
|
|
18
|
-
// ---------------------------------------------------------------------------
|
|
19
|
-
|
|
20
|
-
const createEcSigKey = () =>
|
|
21
|
-
KryptosKit.generate.sig.ec({ algorithm: "ES256", curve: "P-256" });
|
|
22
|
-
|
|
23
|
-
const createRsaSigKey = () => KryptosKit.generate.sig.rsa({ algorithm: "RS256" });
|
|
24
|
-
|
|
25
|
-
const createOctSigKey = () => KryptosKit.generate.sig.oct({ algorithm: "HS256" });
|
|
26
|
-
|
|
27
|
-
// ---------------------------------------------------------------------------
|
|
28
|
-
// Helper: export public-only JWK for jose verification
|
|
29
|
-
// ---------------------------------------------------------------------------
|
|
30
|
-
|
|
31
|
-
const toPublicJwk = (jwk: Record<string, unknown>): Record<string, unknown> => {
|
|
32
|
-
const { d, dp, dq, p, q, qi, k, ...publicParts } = jwk as any;
|
|
33
|
-
return publicParts;
|
|
34
|
-
};
|
|
35
|
-
|
|
36
|
-
// ---------------------------------------------------------------------------
|
|
37
|
-
// jose JWT interop
|
|
38
|
-
// ---------------------------------------------------------------------------
|
|
39
|
-
|
|
40
|
-
describe("JWT interop: aegis <-> jose", () => {
|
|
41
|
-
describe.each([
|
|
42
|
-
{ name: "EC / ES256", createKey: createEcSigKey, asymmetric: true },
|
|
43
|
-
{ name: "RSA / RS256", createKey: createRsaSigKey, asymmetric: true },
|
|
44
|
-
{ name: "oct / HS256", createKey: createOctSigKey, asymmetric: false },
|
|
45
|
-
])("$name", ({ createKey, asymmetric }) => {
|
|
46
|
-
test("aegis sign -> jose verify", async () => {
|
|
47
|
-
const kryptos = createKey();
|
|
48
|
-
const kit = new JwtKit({ issuer: ISSUER, logger, kryptos });
|
|
49
|
-
|
|
50
|
-
const { token } = kit.sign({
|
|
51
|
-
expires: "1h",
|
|
52
|
-
subject: SUBJECT,
|
|
53
|
-
tokenType: "access_token",
|
|
54
|
-
});
|
|
55
|
-
|
|
56
|
-
// jose needs public key for asymmetric verification, full key for symmetric
|
|
57
|
-
const jwk = kryptos.export("jwk");
|
|
58
|
-
const verifyJwk = asymmetric ? toPublicJwk(jwk) : jwk;
|
|
59
|
-
const joseKey = await importJWK(verifyJwk, jwk.alg);
|
|
60
|
-
|
|
61
|
-
const result = await jwtVerify(token, joseKey);
|
|
62
|
-
|
|
63
|
-
expect(result.payload.iss).toBe(ISSUER);
|
|
64
|
-
expect(result.payload.sub).toBe(SUBJECT);
|
|
65
|
-
expect(result.protectedHeader.typ).toBe("at+jwt");
|
|
66
|
-
expect(result.payload.exp).toBeDefined();
|
|
67
|
-
});
|
|
68
|
-
|
|
69
|
-
test("jose sign -> aegis verify", async () => {
|
|
70
|
-
const kryptos = createKey();
|
|
71
|
-
const kit = new JwtKit({ issuer: ISSUER, logger, kryptos });
|
|
72
|
-
|
|
73
|
-
// jose needs private key for signing
|
|
74
|
-
const jwk = kryptos.export("jwk");
|
|
75
|
-
const joseKey = await importJWK(jwk, jwk.alg);
|
|
76
|
-
|
|
77
|
-
const token = await new SignJWT({})
|
|
78
|
-
.setProtectedHeader({ alg: jwk.alg, typ: "at+jwt" })
|
|
79
|
-
.setIssuer(ISSUER)
|
|
80
|
-
.setSubject(SUBJECT)
|
|
81
|
-
.setExpirationTime("1h")
|
|
82
|
-
.setIssuedAt()
|
|
83
|
-
.sign(joseKey);
|
|
84
|
-
|
|
85
|
-
const result = kit.verify(token);
|
|
86
|
-
|
|
87
|
-
expect(result.payload.issuer).toBe(ISSUER);
|
|
88
|
-
expect(result.payload.subject).toBe(SUBJECT);
|
|
89
|
-
expect(result.header.tokenType).toBe("access_token");
|
|
90
|
-
expect(result.payload.expiresAt).toBeInstanceOf(Date);
|
|
91
|
-
});
|
|
92
|
-
});
|
|
93
|
-
});
|
|
94
|
-
|
|
95
|
-
// ---------------------------------------------------------------------------
|
|
96
|
-
// jsonwebtoken JWT interop
|
|
97
|
-
// ---------------------------------------------------------------------------
|
|
98
|
-
|
|
99
|
-
describe("JWT interop: aegis <-> jsonwebtoken", () => {
|
|
100
|
-
describe("RS256", () => {
|
|
101
|
-
test("aegis sign -> jsonwebtoken verify", () => {
|
|
102
|
-
const kryptos = createRsaSigKey();
|
|
103
|
-
const kit = new JwtKit({ issuer: ISSUER, logger, kryptos });
|
|
104
|
-
|
|
105
|
-
const { token } = kit.sign({
|
|
106
|
-
expires: "1h",
|
|
107
|
-
subject: SUBJECT,
|
|
108
|
-
tokenType: "access_token",
|
|
109
|
-
});
|
|
110
|
-
|
|
111
|
-
const { publicKey } = kryptos.export("pem");
|
|
112
|
-
const result = jsonwebtoken.verify(token, publicKey!) as JwtPayload;
|
|
113
|
-
|
|
114
|
-
expect(result.iss).toBe(ISSUER);
|
|
115
|
-
expect(result.sub).toBe(SUBJECT);
|
|
116
|
-
// token_type is no longer a claim; jsonwebtoken verify doesn't expose header
|
|
117
|
-
expect(jsonwebtoken.decode(token, { complete: true })?.header.typ).toBe("at+jwt");
|
|
118
|
-
expect(result.exp).toBeDefined();
|
|
119
|
-
});
|
|
120
|
-
|
|
121
|
-
test("jsonwebtoken sign -> aegis verify", () => {
|
|
122
|
-
const kryptos = createRsaSigKey();
|
|
123
|
-
const kit = new JwtKit({ issuer: ISSUER, logger, kryptos });
|
|
124
|
-
|
|
125
|
-
const { privateKey } = kryptos.export("pem");
|
|
126
|
-
|
|
127
|
-
const token = jsonwebtoken.sign({}, privateKey!, {
|
|
128
|
-
algorithm: "RS256",
|
|
129
|
-
expiresIn: "1h",
|
|
130
|
-
header: { alg: "RS256", typ: "at+jwt" },
|
|
131
|
-
issuer: ISSUER,
|
|
132
|
-
subject: SUBJECT,
|
|
133
|
-
});
|
|
134
|
-
|
|
135
|
-
const result = kit.verify(token);
|
|
136
|
-
|
|
137
|
-
expect(result.payload.issuer).toBe(ISSUER);
|
|
138
|
-
expect(result.payload.subject).toBe(SUBJECT);
|
|
139
|
-
expect(result.header.tokenType).toBe("access_token");
|
|
140
|
-
});
|
|
141
|
-
});
|
|
142
|
-
|
|
143
|
-
describe("HS256", () => {
|
|
144
|
-
test("aegis sign -> jsonwebtoken verify", () => {
|
|
145
|
-
const kryptos = createOctSigKey();
|
|
146
|
-
const kit = new JwtKit({ issuer: ISSUER, logger, kryptos });
|
|
147
|
-
|
|
148
|
-
const { token } = kit.sign({
|
|
149
|
-
expires: "1h",
|
|
150
|
-
subject: SUBJECT,
|
|
151
|
-
tokenType: "access_token",
|
|
152
|
-
});
|
|
153
|
-
|
|
154
|
-
const { privateKey } = kryptos.export("der");
|
|
155
|
-
const result = jsonwebtoken.verify(token, privateKey!) as JwtPayload;
|
|
156
|
-
|
|
157
|
-
expect(result.iss).toBe(ISSUER);
|
|
158
|
-
expect(result.sub).toBe(SUBJECT);
|
|
159
|
-
expect(jsonwebtoken.decode(token, { complete: true })?.header.typ).toBe("at+jwt");
|
|
160
|
-
});
|
|
161
|
-
|
|
162
|
-
test("jsonwebtoken sign -> aegis verify", () => {
|
|
163
|
-
const kryptos = createOctSigKey();
|
|
164
|
-
const kit = new JwtKit({ issuer: ISSUER, logger, kryptos });
|
|
165
|
-
|
|
166
|
-
const { privateKey } = kryptos.export("der");
|
|
167
|
-
|
|
168
|
-
const token = jsonwebtoken.sign({}, privateKey!, {
|
|
169
|
-
algorithm: "HS256",
|
|
170
|
-
expiresIn: "1h",
|
|
171
|
-
header: { alg: "HS256", typ: "at+jwt" },
|
|
172
|
-
issuer: ISSUER,
|
|
173
|
-
subject: SUBJECT,
|
|
174
|
-
});
|
|
175
|
-
|
|
176
|
-
const result = kit.verify(token);
|
|
177
|
-
|
|
178
|
-
expect(result.payload.issuer).toBe(ISSUER);
|
|
179
|
-
expect(result.payload.subject).toBe(SUBJECT);
|
|
180
|
-
expect(result.header.tokenType).toBe("access_token");
|
|
181
|
-
});
|
|
182
|
-
});
|
|
183
|
-
});
|