@lindorm/aegis 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +84 -5
- package/dist/classes/Aegis.d.ts +20 -5
- package/dist/classes/Aegis.d.ts.map +1 -1
- package/dist/classes/Aegis.js +259 -45
- package/dist/classes/Aegis.js.map +1 -1
- package/dist/classes/CoseKit.d.ts +31 -0
- package/dist/classes/CoseKit.d.ts.map +1 -0
- package/dist/classes/CoseKit.js +64 -0
- package/dist/classes/CoseKit.js.map +1 -0
- package/dist/classes/CweKit.d.ts +24 -0
- package/dist/classes/CweKit.d.ts.map +1 -0
- package/dist/classes/CweKit.js +73 -0
- package/dist/classes/CweKit.js.map +1 -0
- package/dist/classes/CwmKit.d.ts +22 -0
- package/dist/classes/CwmKit.d.ts.map +1 -0
- package/dist/classes/CwmKit.js +54 -0
- package/dist/classes/CwmKit.js.map +1 -0
- package/dist/classes/CwsKit.d.ts +24 -0
- package/dist/classes/CwsKit.d.ts.map +1 -0
- package/dist/classes/CwsKit.js +60 -0
- package/dist/classes/CwsKit.js.map +1 -0
- package/dist/classes/CwtKit.d.ts +31 -0
- package/dist/classes/CwtKit.d.ts.map +1 -0
- package/dist/classes/CwtKit.js +65 -0
- package/dist/classes/CwtKit.js.map +1 -0
- package/dist/classes/JoseKit.d.ts +32 -0
- package/dist/classes/JoseKit.d.ts.map +1 -0
- package/dist/classes/JoseKit.js +66 -0
- package/dist/classes/JoseKit.js.map +1 -0
- package/dist/classes/JweKit.d.ts.map +1 -1
- package/dist/classes/JweKit.js +31 -3
- package/dist/classes/JweKit.js.map +1 -1
- package/dist/classes/JwsKit.d.ts.map +1 -1
- package/dist/classes/JwsKit.js +19 -3
- package/dist/classes/JwsKit.js.map +1 -1
- package/dist/classes/JwtKit.d.ts +4 -1
- package/dist/classes/JwtKit.d.ts.map +1 -1
- package/dist/classes/JwtKit.js +100 -20
- package/dist/classes/JwtKit.js.map +1 -1
- package/dist/classes/SignatureKit.d.ts.map +1 -1
- package/dist/classes/SignatureKit.js +5 -1
- package/dist/classes/SignatureKit.js.map +1 -1
- package/dist/constants/token-type.d.ts +1 -1
- package/dist/constants/token-type.d.ts.map +1 -1
- package/dist/constants/token-type.js +2 -0
- package/dist/constants/token-type.js.map +1 -1
- package/dist/errors/AegisError.d.ts +1 -0
- package/dist/errors/AegisError.d.ts.map +1 -1
- package/dist/errors/AegisError.js +1 -0
- package/dist/errors/AegisError.js.map +1 -1
- package/dist/errors/JweError.d.ts +1 -0
- package/dist/errors/JweError.d.ts.map +1 -1
- package/dist/errors/JweError.js +1 -0
- package/dist/errors/JweError.js.map +1 -1
- package/dist/errors/JwsError.d.ts +1 -0
- package/dist/errors/JwsError.d.ts.map +1 -1
- package/dist/errors/JwsError.js +1 -0
- package/dist/errors/JwsError.js.map +1 -1
- package/dist/errors/JwtError.d.ts +1 -0
- package/dist/errors/JwtError.d.ts.map +1 -1
- package/dist/errors/JwtError.js +1 -0
- package/dist/errors/JwtError.js.map +1 -1
- package/dist/interfaces/Aegis.d.ts +6 -1
- package/dist/interfaces/Aegis.d.ts.map +1 -1
- package/dist/internal/claims/events.d.ts +5 -0
- package/dist/internal/claims/events.d.ts.map +1 -0
- package/dist/internal/claims/events.js +3 -0
- package/dist/internal/claims/events.js.map +1 -0
- package/dist/internal/claims/registry.d.ts +14 -0
- package/dist/internal/claims/registry.d.ts.map +1 -0
- package/dist/internal/claims/registry.js +61 -0
- package/dist/internal/claims/registry.js.map +1 -0
- package/dist/internal/claims/sub-id.d.ts +7 -0
- package/dist/internal/claims/sub-id.d.ts.map +1 -0
- package/dist/internal/claims/sub-id.js +11 -0
- package/dist/internal/claims/sub-id.js.map +1 -0
- package/dist/internal/cose/act-claim.d.ts +4 -0
- package/dist/internal/cose/act-claim.d.ts.map +1 -0
- package/dist/internal/cose/act-claim.js +8 -0
- package/dist/internal/cose/act-claim.js.map +1 -0
- package/dist/internal/cose/alg-labels.d.ts +4 -0
- package/dist/internal/cose/alg-labels.d.ts.map +1 -0
- package/dist/internal/cose/alg-labels.js +42 -0
- package/dist/internal/cose/alg-labels.js.map +1 -0
- package/dist/internal/cose/cbor.d.ts +11 -0
- package/dist/internal/cose/cbor.d.ts.map +1 -0
- package/dist/internal/cose/cbor.js +37 -0
- package/dist/internal/cose/cbor.js.map +1 -0
- package/dist/internal/cose/compact-map.d.ts +11 -0
- package/dist/internal/cose/compact-map.d.ts.map +1 -0
- package/dist/internal/cose/compact-map.js +43 -0
- package/dist/internal/cose/compact-map.js.map +1 -0
- package/dist/internal/cose/cose-key-thumbprint.d.ts +5 -0
- package/dist/internal/cose/cose-key-thumbprint.d.ts.map +1 -0
- package/dist/internal/cose/cose-key-thumbprint.js +60 -0
- package/dist/internal/cose/cose-key-thumbprint.js.map +1 -0
- package/dist/internal/cose/cose-key.d.ts +8 -0
- package/dist/internal/cose/cose-key.d.ts.map +1 -0
- package/dist/internal/cose/cose-key.js +98 -0
- package/dist/internal/cose/cose-key.js.map +1 -0
- package/dist/internal/cose/cose-typ.d.ts +2 -0
- package/dist/internal/cose/cose-typ.d.ts.map +1 -0
- package/dist/internal/cose/cose-typ.js +8 -0
- package/dist/internal/cose/cose-typ.js.map +1 -0
- package/dist/internal/cose/cwt-claims.d.ts +7 -0
- package/dist/internal/cose/cwt-claims.d.ts.map +1 -0
- package/dist/internal/cose/cwt-claims.js +94 -0
- package/dist/internal/cose/cwt-claims.js.map +1 -0
- package/dist/internal/cose/enc-labels.d.ts +5 -0
- package/dist/internal/cose/enc-labels.d.ts.map +1 -0
- package/dist/internal/cose/enc-labels.js +47 -0
- package/dist/internal/cose/enc-labels.js.map +1 -0
- package/dist/internal/cose/structures.d.ts +20 -0
- package/dist/internal/cose/structures.d.ts.map +1 -0
- package/dist/internal/cose/structures.js +22 -0
- package/dist/internal/cose/structures.js.map +1 -0
- package/dist/internal/cose/sub-id-claim.d.ts +4 -0
- package/dist/internal/cose/sub-id-claim.d.ts.map +1 -0
- package/dist/internal/cose/sub-id-claim.js +18 -0
- package/dist/internal/cose/sub-id-claim.js.map +1 -0
- package/dist/internal/profiles/definitions/access-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/access-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/access-token.js +31 -0
- package/dist/internal/profiles/definitions/access-token.js.map +1 -0
- package/dist/internal/profiles/definitions/client-assertion.d.ts +3 -0
- package/dist/internal/profiles/definitions/client-assertion.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/client-assertion.js +18 -0
- package/dist/internal/profiles/definitions/client-assertion.js.map +1 -0
- package/dist/internal/profiles/definitions/default.d.ts +3 -0
- package/dist/internal/profiles/definitions/default.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/default.js +14 -0
- package/dist/internal/profiles/definitions/default.js.map +1 -0
- package/dist/internal/profiles/definitions/delegation.d.ts +3 -0
- package/dist/internal/profiles/definitions/delegation.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/delegation.js +19 -0
- package/dist/internal/profiles/definitions/delegation.js.map +1 -0
- package/dist/internal/profiles/definitions/erasure-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/erasure-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/erasure-token.js +28 -0
- package/dist/internal/profiles/definitions/erasure-token.js.map +1 -0
- package/dist/internal/profiles/definitions/id-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/id-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/id-token.js +26 -0
- package/dist/internal/profiles/definitions/id-token.js.map +1 -0
- package/dist/internal/profiles/definitions/introspection.d.ts +3 -0
- package/dist/internal/profiles/definitions/introspection.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/introspection.js +18 -0
- package/dist/internal/profiles/definitions/introspection.js.map +1 -0
- package/dist/internal/profiles/definitions/jarm.d.ts +3 -0
- package/dist/internal/profiles/definitions/jarm.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/jarm.js +19 -0
- package/dist/internal/profiles/definitions/jarm.js.map +1 -0
- package/dist/internal/profiles/definitions/logout-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/logout-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/logout-token.js +20 -0
- package/dist/internal/profiles/definitions/logout-token.js.map +1 -0
- package/dist/internal/profiles/definitions/security-event.d.ts +3 -0
- package/dist/internal/profiles/definitions/security-event.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/security-event.js +20 -0
- package/dist/internal/profiles/definitions/security-event.js.map +1 -0
- package/dist/internal/profiles/definitions/userinfo.d.ts +3 -0
- package/dist/internal/profiles/definitions/userinfo.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/userinfo.js +18 -0
- package/dist/internal/profiles/definitions/userinfo.js.map +1 -0
- package/dist/internal/profiles/registry.d.ts +4 -0
- package/dist/internal/profiles/registry.d.ts.map +1 -0
- package/dist/internal/profiles/registry.js +41 -0
- package/dist/internal/profiles/registry.js.map +1 -0
- package/dist/internal/utils/assemble-common-claims.d.ts +12 -0
- package/dist/internal/utils/assemble-common-claims.d.ts.map +1 -0
- package/dist/internal/utils/assemble-common-claims.js +66 -0
- package/dist/internal/utils/assemble-common-claims.js.map +1 -0
- package/dist/internal/utils/build-profile-claims.d.ts +14 -0
- package/dist/internal/utils/build-profile-claims.d.ts.map +1 -0
- package/dist/internal/utils/build-profile-claims.js +75 -0
- package/dist/internal/utils/build-profile-claims.js.map +1 -0
- package/dist/internal/utils/compute-jwk-thumbprint.js +8 -1
- package/dist/internal/utils/compute-jwk-thumbprint.js.map +1 -1
- package/dist/internal/utils/compute-typ-header.d.ts.map +1 -1
- package/dist/internal/utils/compute-typ-header.js +20 -5
- package/dist/internal/utils/compute-typ-header.js.map +1 -1
- package/dist/internal/utils/create-hash.d.ts.map +1 -1
- package/dist/internal/utils/create-hash.js +7 -7
- package/dist/internal/utils/create-hash.js.map +1 -1
- package/dist/internal/utils/enforce-verify-floor.d.ts +12 -0
- package/dist/internal/utils/enforce-verify-floor.d.ts.map +1 -0
- package/dist/internal/utils/enforce-verify-floor.js +43 -0
- package/dist/internal/utils/enforce-verify-floor.js.map +1 -0
- package/dist/internal/utils/extract-claims.d.ts +2 -1
- package/dist/internal/utils/extract-claims.d.ts.map +1 -1
- package/dist/internal/utils/extract-claims.js +10 -4
- package/dist/internal/utils/extract-claims.js.map +1 -1
- package/dist/internal/utils/jose-header.d.ts.map +1 -1
- package/dist/internal/utils/jose-header.js +38 -7
- package/dist/internal/utils/jose-header.js.map +1 -1
- package/dist/internal/utils/jwt-payload.d.ts +8 -6
- package/dist/internal/utils/jwt-payload.d.ts.map +1 -1
- package/dist/internal/utils/jwt-payload.js +32 -96
- package/dist/internal/utils/jwt-payload.js.map +1 -1
- package/dist/internal/utils/jwt-validate.d.ts.map +1 -1
- package/dist/internal/utils/jwt-validate.js +7 -1
- package/dist/internal/utils/jwt-validate.js.map +1 -1
- package/dist/internal/utils/jwt-verify.d.ts.map +1 -1
- package/dist/internal/utils/jwt-verify.js +17 -4
- package/dist/internal/utils/jwt-verify.js.map +1 -1
- package/dist/internal/utils/map-content-to-claims.d.ts +8 -0
- package/dist/internal/utils/map-content-to-claims.d.ts.map +1 -0
- package/dist/internal/utils/map-content-to-claims.js +89 -0
- package/dist/internal/utils/map-content-to-claims.js.map +1 -0
- package/dist/internal/utils/parse-introspection.d.ts.map +1 -1
- package/dist/internal/utils/parse-introspection.js +5 -1
- package/dist/internal/utils/parse-introspection.js.map +1 -1
- package/dist/internal/utils/parse-userinfo.d.ts.map +1 -1
- package/dist/internal/utils/parse-userinfo.js +5 -1
- package/dist/internal/utils/parse-userinfo.js.map +1 -1
- package/dist/internal/utils/resolve-cert-binding.d.ts.map +1 -1
- package/dist/internal/utils/resolve-cert-binding.js +3 -0
- package/dist/internal/utils/resolve-cert-binding.js.map +1 -1
- package/dist/internal/utils/rules/act-chain-shape.d.ts +4 -0
- package/dist/internal/utils/rules/act-chain-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/act-chain-shape.js +52 -0
- package/dist/internal/utils/rules/act-chain-shape.js.map +1 -0
- package/dist/internal/utils/rules/alg-permitted.d.ts +6 -0
- package/dist/internal/utils/rules/alg-permitted.d.ts.map +1 -0
- package/dist/internal/utils/rules/alg-permitted.js +35 -0
- package/dist/internal/utils/rules/alg-permitted.js.map +1 -0
- package/dist/internal/utils/rules/at-least-one-of.d.ts +4 -0
- package/dist/internal/utils/rules/at-least-one-of.d.ts.map +1 -0
- package/dist/internal/utils/rules/at-least-one-of.js +13 -0
- package/dist/internal/utils/rules/at-least-one-of.js.map +1 -0
- package/dist/internal/utils/rules/aud-single-resource.d.ts +4 -0
- package/dist/internal/utils/rules/aud-single-resource.d.ts.map +1 -0
- package/dist/internal/utils/rules/aud-single-resource.js +18 -0
- package/dist/internal/utils/rules/aud-single-resource.js.map +1 -0
- package/dist/internal/utils/rules/cnf-shape.d.ts +4 -0
- package/dist/internal/utils/rules/cnf-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/cnf-shape.js +55 -0
- package/dist/internal/utils/rules/cnf-shape.js.map +1 -0
- package/dist/internal/utils/rules/cross-field.d.ts +4 -0
- package/dist/internal/utils/rules/cross-field.d.ts.map +1 -0
- package/dist/internal/utils/rules/cross-field.js +21 -0
- package/dist/internal/utils/rules/cross-field.js.map +1 -0
- package/dist/internal/utils/rules/events-shape.d.ts +4 -0
- package/dist/internal/utils/rules/events-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/events-shape.js +33 -0
- package/dist/internal/utils/rules/events-shape.js.map +1 -0
- package/dist/internal/utils/rules/every-element-has-key.d.ts +4 -0
- package/dist/internal/utils/rules/every-element-has-key.d.ts.map +1 -0
- package/dist/internal/utils/rules/every-element-has-key.js +20 -0
- package/dist/internal/utils/rules/every-element-has-key.js.map +1 -0
- package/dist/internal/utils/rules/forbid-present.d.ts +4 -0
- package/dist/internal/utils/rules/forbid-present.d.ts.map +1 -0
- package/dist/internal/utils/rules/forbid-present.js +10 -0
- package/dist/internal/utils/rules/forbid-present.js.map +1 -0
- package/dist/internal/utils/rules/index.d.ts +14 -0
- package/dist/internal/utils/rules/index.d.ts.map +1 -0
- package/dist/internal/utils/rules/index.js +14 -0
- package/dist/internal/utils/rules/index.js.map +1 -0
- package/dist/internal/utils/rules/iss-uri.d.ts +4 -0
- package/dist/internal/utils/rules/iss-uri.d.ts.map +1 -0
- package/dist/internal/utils/rules/iss-uri.js +11 -0
- package/dist/internal/utils/rules/iss-uri.js.map +1 -0
- package/dist/internal/utils/rules/require-present.d.ts +4 -0
- package/dist/internal/utils/rules/require-present.d.ts.map +1 -0
- package/dist/internal/utils/rules/require-present.js +10 -0
- package/dist/internal/utils/rules/require-present.js.map +1 -0
- package/dist/internal/utils/rules/required-when.d.ts +8 -0
- package/dist/internal/utils/rules/required-when.d.ts.map +1 -0
- package/dist/internal/utils/rules/required-when.js +13 -0
- package/dist/internal/utils/rules/required-when.js.map +1 -0
- package/dist/internal/utils/rules/sub-id-shape.d.ts +4 -0
- package/dist/internal/utils/rules/sub-id-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/sub-id-shape.js +26 -0
- package/dist/internal/utils/rules/sub-id-shape.js.map +1 -0
- package/dist/internal/utils/select-encoder.d.ts +6 -0
- package/dist/internal/utils/select-encoder.d.ts.map +1 -0
- package/dist/internal/utils/select-encoder.js +4 -0
- package/dist/internal/utils/select-encoder.js.map +1 -0
- package/dist/internal/utils/validate-actor.d.ts +8 -1
- package/dist/internal/utils/validate-actor.d.ts.map +1 -1
- package/dist/internal/utils/validate-actor.js +32 -7
- package/dist/internal/utils/validate-actor.js.map +1 -1
- package/dist/internal/utils/validate-profile-claims.d.ts +8 -0
- package/dist/internal/utils/validate-profile-claims.d.ts.map +1 -0
- package/dist/internal/utils/validate-profile-claims.js +45 -0
- package/dist/internal/utils/validate-profile-claims.js.map +1 -0
- package/dist/internal/utils/validate.d.ts.map +1 -1
- package/dist/internal/utils/validate.js +8 -1
- package/dist/internal/utils/validate.js.map +1 -1
- package/dist/internal/utils/verify-cert-binding.d.ts.map +1 -1
- package/dist/internal/utils/verify-cert-binding.js +9 -1
- package/dist/internal/utils/verify-cert-binding.js.map +1 -1
- package/dist/internal/utils/verify-dpop-proof.d.ts.map +1 -1
- package/dist/internal/utils/verify-dpop-proof.js +41 -7
- package/dist/internal/utils/verify-dpop-proof.js.map +1 -1
- package/dist/types/claims/aegis-introspection.d.ts +2 -1
- package/dist/types/claims/aegis-introspection.d.ts.map +1 -1
- package/dist/types/claims/index.d.ts +2 -0
- package/dist/types/claims/index.d.ts.map +1 -1
- package/dist/types/claims/index.js +2 -0
- package/dist/types/claims/index.js.map +1 -1
- package/dist/types/claims/jwt/index.d.ts +2 -0
- package/dist/types/claims/jwt/index.d.ts.map +1 -1
- package/dist/types/claims/jwt/index.js +2 -0
- package/dist/types/claims/jwt/index.js.map +1 -1
- package/dist/types/claims/jwt/jwt-claims.d.ts +3 -1
- package/dist/types/claims/jwt/jwt-claims.d.ts.map +1 -1
- package/dist/types/claims/jwt/lindorm-claims-wire.d.ts +1 -2
- package/dist/types/claims/jwt/lindorm-claims-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/oidc-claims-wire.d.ts +2 -0
- package/dist/types/claims/jwt/oidc-claims-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/rar-claims-wire.d.ts +5 -0
- package/dist/types/claims/jwt/rar-claims-wire.d.ts.map +1 -0
- package/dist/types/claims/jwt/rar-claims-wire.js +2 -0
- package/dist/types/claims/jwt/rar-claims-wire.js.map +1 -0
- package/dist/types/claims/jwt/set-claims-wire.d.ts +9 -0
- package/dist/types/claims/jwt/set-claims-wire.d.ts.map +1 -0
- package/dist/types/claims/jwt/set-claims-wire.js +2 -0
- package/dist/types/claims/jwt/set-claims-wire.js.map +1 -0
- package/dist/types/claims/lindorm-claims.d.ts +1 -2
- package/dist/types/claims/lindorm-claims.d.ts.map +1 -1
- package/dist/types/claims/oidc-claims.d.ts +2 -0
- package/dist/types/claims/oidc-claims.d.ts.map +1 -1
- package/dist/types/claims/rar-claims.d.ts +5 -0
- package/dist/types/claims/rar-claims.d.ts.map +1 -0
- package/dist/types/claims/rar-claims.js +2 -0
- package/dist/types/claims/rar-claims.js.map +1 -0
- package/dist/types/claims/set-claims.d.ts +8 -0
- package/dist/types/claims/set-claims.d.ts.map +1 -0
- package/dist/types/claims/set-claims.js +2 -0
- package/dist/types/claims/set-claims.js.map +1 -0
- package/dist/types/jwt/index.d.ts +1 -0
- package/dist/types/jwt/index.d.ts.map +1 -1
- package/dist/types/jwt/index.js +1 -0
- package/dist/types/jwt/index.js.map +1 -1
- package/dist/types/jwt/jwt-claim-matchers.d.ts +2 -1
- package/dist/types/jwt/jwt-claim-matchers.d.ts.map +1 -1
- package/dist/types/jwt/jwt-parse.d.ts +2 -2
- package/dist/types/jwt/jwt-parse.d.ts.map +1 -1
- package/dist/types/jwt/jwt-sign.d.ts +8 -6
- package/dist/types/jwt/jwt-sign.d.ts.map +1 -1
- package/dist/types/jwt/jwt-verify.d.ts +5 -1
- package/dist/types/jwt/jwt-verify.d.ts.map +1 -1
- package/dist/types/jwt/profile.d.ts +99 -0
- package/dist/types/jwt/profile.d.ts.map +1 -0
- package/dist/types/jwt/profile.js +2 -0
- package/dist/types/jwt/profile.js.map +1 -0
- package/dist/types/level-of-assurance.d.ts +0 -1
- package/dist/types/level-of-assurance.d.ts.map +1 -1
- package/package.json +19 -18
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enforce-verify-floor.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/enforce-verify-floor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEzD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAM/B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IAMnC,OAAO,EAAE,IAAI,CAAC;IACd,OAAO,EAAE,YAAY,CAAC;CACvB,CAAC;AAeF,eAAO,MAAM,kBAAkB,GAAI,OAAO,gBAAgB,KAAG,IAmD5D,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { isArray } from "@lindorm/is";
|
|
2
|
+
import { JwtError } from "../../errors/index.js";
|
|
3
|
+
export const enforceVerifyFloor = (input) => {
|
|
4
|
+
const { audience, decodedTyp, expectedIssuer, payload, profile } = input;
|
|
5
|
+
const expectedTyp = input.expectedTyp ?? profile.typ;
|
|
6
|
+
if (expectedTyp !== null && decodedTyp !== expectedTyp) {
|
|
7
|
+
throw new JwtError("Invalid token", {
|
|
8
|
+
code: "jwt_typ_mismatch",
|
|
9
|
+
data: { typ: decodedTyp },
|
|
10
|
+
debug: { expected: expectedTyp, profile: profile.name },
|
|
11
|
+
title: "JWT Typ Mismatch",
|
|
12
|
+
details: "The header typ does not match the typ mandated by the profile being verified.",
|
|
13
|
+
});
|
|
14
|
+
}
|
|
15
|
+
if (expectedIssuer !== undefined && payload.issuer !== expectedIssuer) {
|
|
16
|
+
throw new JwtError("Invalid token", {
|
|
17
|
+
code: "jwt_issuer_mismatch",
|
|
18
|
+
data: { issuer: payload.issuer },
|
|
19
|
+
debug: { expected: expectedIssuer, profile: profile.name },
|
|
20
|
+
title: "JWT Issuer Mismatch",
|
|
21
|
+
details: "The token issuer (iss) does not exactly match the issuer expected for this profile.",
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
const audList = isArray(payload.audience) ? payload.audience : [];
|
|
25
|
+
if (!audList.includes(audience)) {
|
|
26
|
+
throw new JwtError("Invalid token", {
|
|
27
|
+
code: "jwt_audience_mismatch",
|
|
28
|
+
data: { audience: payload.audience },
|
|
29
|
+
debug: { expected: audience, profile: profile.name },
|
|
30
|
+
title: "JWT Audience Mismatch",
|
|
31
|
+
details: "The token audience (aud) does not contain the verifier's own identity supplied to verify.",
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
if (profile.lifetime !== null && payload.expiresAt === undefined) {
|
|
35
|
+
throw new JwtError("Invalid token", {
|
|
36
|
+
code: "jwt_missing_claim_exp",
|
|
37
|
+
debug: { profile: profile.name },
|
|
38
|
+
title: "JWT Missing Claim Exp",
|
|
39
|
+
details: "This profile mandates an exp claim, but the token has none; it is rejected unconditionally.",
|
|
40
|
+
});
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
//# sourceMappingURL=enforce-verify-floor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enforce-verify-floor.js","sourceRoot":"","sources":["../../../src/internal/utils/enforce-verify-floor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAmCjD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAuB,EAAQ,EAAE;IAClE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAIzE,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;IAErD,IAAI,WAAW,KAAK,IAAI,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;QACvD,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE;YAClC,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE;YACzB,KAAK,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE;YACvD,KAAK,EAAE,kBAAkB;YACzB,OAAO,EACL,+EAA+E;SAClF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,cAAc,KAAK,SAAS,IAAI,OAAO,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACtE,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE;YAClC,IAAI,EAAE,qBAAqB;YAC3B,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE;YAChC,KAAK,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE;YAC1D,KAAK,EAAE,qBAAqB;YAC5B,OAAO,EACL,qFAAqF;SACxF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAE,OAAO,CAAC,QAA0B,CAAC,CAAC,CAAC,EAAE,CAAC;IAErF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE;YAClC,IAAI,EAAE,uBAAuB;YAC7B,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE;YACpC,KAAK,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE;YACpD,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EACL,2FAA2F;SAC9F,CAAC,CAAC;IACL,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACjE,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE;YAClC,IAAI,EAAE,uBAAuB;YAC7B,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE;YAChC,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EACL,6FAA6F;SAChG,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -3,9 +3,10 @@ import type { LindormClaims } from "../../types/claims/lindorm-claims.js";
|
|
|
3
3
|
import type { OAuthClaims } from "../../types/claims/oauth-claims.js";
|
|
4
4
|
import type { OidcClaims } from "../../types/claims/oidc-claims.js";
|
|
5
5
|
import type { PopClaims } from "../../types/claims/pop-claims.js";
|
|
6
|
+
import type { RarClaims } from "../../types/claims/rar-claims.js";
|
|
6
7
|
import type { DelegationClaims } from "../../types/claims/delegation-claims.js";
|
|
7
8
|
import type { StdClaims } from "../../types/claims/std-claims.js";
|
|
8
|
-
export type DomainClaims = StdClaims & OidcClaims & PopClaims & DelegationClaims & OAuthClaims & LindormClaims;
|
|
9
|
+
export type DomainClaims = StdClaims & OidcClaims & PopClaims & DelegationClaims & OAuthClaims & RarClaims & LindormClaims;
|
|
9
10
|
export type ExtractClaimsResult = {
|
|
10
11
|
claims: DomainClaims;
|
|
11
12
|
rest: Dict;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extract-claims.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/extract-claims.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"extract-claims.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/extract-claims.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAuB,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAIhE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAC;AAKlE,MAAM,MAAM,YAAY,GAAG,SAAS,GAClC,UAAU,GACV,SAAS,GACT,gBAAgB,GAChB,WAAW,GACX,SAAS,GACT,aAAa,CAAC;AAEhB,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC;CACZ,CAAC;AA4IF,eAAO,MAAM,mBAAmB,GAAI,OAAO,IAAI,KAAG,mBAmHjD,CAAC;AAIF,eAAO,MAAM,iBAAiB,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAI7E,CAAC"}
|
|
@@ -16,10 +16,12 @@ const FIELD_KEYS = {
|
|
|
16
16
|
codeHash: ["codeHash", "c_hash"],
|
|
17
17
|
nonce: ["nonce"],
|
|
18
18
|
stateHash: ["stateHash", "s_hash"],
|
|
19
|
+
vectorOfTrust: ["vectorOfTrust", "vot"],
|
|
20
|
+
vectorTrustMark: ["vectorTrustMark", "vtm"],
|
|
19
21
|
entitlements: ["entitlements"],
|
|
20
22
|
groups: ["groups"],
|
|
21
23
|
roles: ["roles"],
|
|
22
|
-
|
|
24
|
+
authorizationDetails: ["authorizationDetails", "authorization_details"],
|
|
23
25
|
authFactor: ["authFactor", "afr"],
|
|
24
26
|
clientId: ["clientId", "client_id"],
|
|
25
27
|
grantType: ["grantType", "gty"],
|
|
@@ -127,10 +129,12 @@ export const extractDomainClaims = (input) => {
|
|
|
127
129
|
const codeHash = consume(FIELD_KEYS.codeHash);
|
|
128
130
|
const nonce = consume(FIELD_KEYS.nonce);
|
|
129
131
|
const stateHash = consume(FIELD_KEYS.stateHash);
|
|
132
|
+
const vectorOfTrust = consume(FIELD_KEYS.vectorOfTrust);
|
|
133
|
+
const vectorTrustMark = consume(FIELD_KEYS.vectorTrustMark);
|
|
130
134
|
const entitlements = consume(FIELD_KEYS.entitlements);
|
|
131
135
|
const groups = consume(FIELD_KEYS.groups);
|
|
132
136
|
const roles = consume(FIELD_KEYS.roles);
|
|
133
|
-
const
|
|
137
|
+
const authorizationDetails = consume(FIELD_KEYS.authorizationDetails);
|
|
134
138
|
const authFactor = consume(FIELD_KEYS.authFactor);
|
|
135
139
|
const clientId = consume(FIELD_KEYS.clientId);
|
|
136
140
|
const grantType = consume(FIELD_KEYS.grantType);
|
|
@@ -160,14 +164,16 @@ export const extractDomainClaims = (input) => {
|
|
|
160
164
|
codeHash: isString(codeHash) ? codeHash : undefined,
|
|
161
165
|
nonce: isString(nonce) ? nonce : undefined,
|
|
162
166
|
stateHash: isString(stateHash) ? stateHash : undefined,
|
|
167
|
+
vectorOfTrust: isString(vectorOfTrust) ? vectorOfTrust : undefined,
|
|
168
|
+
vectorTrustMark: isString(vectorTrustMark) ? vectorTrustMark : undefined,
|
|
163
169
|
confirmation: toConfirmation(confirmation),
|
|
164
170
|
act: toActClaim(act),
|
|
165
171
|
mayAct: toActClaim(mayAct),
|
|
166
172
|
entitlements: isArray(entitlements) ? entitlements : undefined,
|
|
167
173
|
groups: isArray(groups) ? groups : undefined,
|
|
168
174
|
roles: toStringArray(roles),
|
|
169
|
-
|
|
170
|
-
?
|
|
175
|
+
authorizationDetails: isArray(authorizationDetails)
|
|
176
|
+
? authorizationDetails
|
|
171
177
|
: undefined,
|
|
172
178
|
authFactor: isArray(authFactor) ? authFactor : undefined,
|
|
173
179
|
clientId: isString(clientId) ? clientId : undefined,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extract-claims.js","sourceRoot":"","sources":["../../../src/internal/utils/extract-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"extract-claims.js","sourceRoot":"","sources":["../../../src/internal/utils/extract-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAkCjD,MAAM,UAAU,GAA0C;IAExD,OAAO,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;IAC3B,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,QAAQ,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC;IAC7B,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,MAAM,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;IACzB,QAAQ,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC;IAC7B,OAAO,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;IAG3B,eAAe,EAAE,CAAC,iBAAiB,EAAE,SAAS,CAAC;IAC/C,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,KAAK,CAAC;IAC7C,WAAW,EAAE,CAAC,aAAa,EAAE,KAAK,CAAC;IACnC,eAAe,EAAE,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAC3C,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;IACnC,QAAQ,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC;IAChC,KAAK,EAAE,CAAC,OAAO,CAAC;IAChB,SAAS,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC;IAClC,aAAa,EAAE,CAAC,eAAe,EAAE,KAAK,CAAC;IACvC,eAAe,EAAE,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAG3C,YAAY,EAAE,CAAC,cAAc,CAAC;IAC9B,MAAM,EAAE,CAAC,QAAQ,CAAC;IAClB,KAAK,EAAE,CAAC,OAAO,CAAC;IAGhB,oBAAoB,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;IAGvE,UAAU,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC;IACjC,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;IACnC,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,KAAK,CAAC;IAC7C,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,KAAK,EAAE,CAAC,OAAO,CAAC;IAChB,WAAW,EAAE,CAAC,aAAa,EAAE,KAAK,CAAC;IACnC,SAAS,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;IAC/B,WAAW,EAAE,CAAC,aAAa,EAAE,KAAK,CAAC;IACnC,QAAQ,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;CACpC,CAAC;AAIF,MAAM,YAAY,GAAG;IACnB,GAAG,EAAE,CAAC,KAAK,CAAC;IACZ,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;CACrB,CAAC;AAEX,MAAM,QAAQ,GAAG;IACf,YAAY,EAAE,CAAC,cAAc,EAAE,KAAK,CAAC;CAC7B,CAAC;AAEX,MAAM,MAAM,GAAG,CAAC,KAAc,EAAoB,EAAE;IAClD,IAAI,KAAK,YAAY,IAAI;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IACnD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,KAAc,EAA6B,EAAE;IAClE,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAsB,CAAC;IAClD,IAAI,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,KAAc,EAA6B,EAAE;IAC/D,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAsB,CAAC;IAClD,IAAI,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAIF,MAAM,UAAU,GAAG,CAAC,KAAc,EAAwB,EAAE;IAC1D,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACvC,MAAM,CAAC,GAAG,KAAK,CAAC;IAChB,MAAM,MAAM,GAAa,eAAe,CAAC;QACvC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9E,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC3E,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC;QACzC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC5B,CAAC,CAAC,CAAC,CAAC,QAAQ;YACZ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;gBACrB,CAAC,CAAC,CAAC,CAAC,SAAS;gBACb,CAAC,CAAC,SAAS;QACf,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC;KACvB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7D,CAAC,CAAC;AAKF,MAAM,cAAc,GAAG,CAAC,KAAc,EAAiC,EAAE;IACvE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACvC,MAAM,CAAC,GAAG,KAAK,CAAC;IAChB,MAAM,MAAM,GAAsB,eAAe,CAAC;QAChD,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;YAChC,CAAC,CAAC,CAAC,CAAC,UAAU;YACd,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;gBACf,CAAC,CAAC,CAAC,CAAC,GAAG;gBACP,CAAC,CAAC,SAAS;QACf,kBAAkB,EAAE,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC;YAChD,CAAC,CAAC,CAAC,CAAC,kBAAkB;YACtB,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;gBACvB,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;gBACf,CAAC,CAAC,SAAS;QACf,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAClB,CAAC,CAAE,CAAC,CAAC,GAAgC;YACrC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;gBACf,CAAC,CAAE,CAAC,CAAC,GAAgC;gBACrC,CAAC,CAAC,SAAS;QACf,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACxE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;KACrF,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7D,CAAC,CAAC;AAcF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,KAAW,EAAuB,EAAE;IACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,MAAM,OAAO,GAAG,CAAC,IAA2B,EAAW,EAAE;QACvD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,GAAG,IAAI,KAAK,EAAE,CAAC;gBACjB,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IAGF,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACxD,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAE5D,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,oBAAoB,GAAG,OAAO,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IAEtE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE9C,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAEpD,MAAM,MAAM,GAAiB,eAAe,CAAC;QAE3C,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAChD,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;QAC5B,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;QAC1B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;QAC5B,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC7C,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC;QAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAGhD,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QACxE,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC3E,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAE,WAA6B,CAAC,CAAC,CAAC,SAAS;QAC9E,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QACxE,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;QAC1B,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACnD,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1C,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACtD,aAAa,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QAClE,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAGxE,YAAY,EAAE,cAAc,CAAC,YAAY,CAAC;QAG1C,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC;QACpB,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC;QAG1B,YAAY,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAE,YAA8B,CAAC,CAAC,CAAC,SAAS;QACjF,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAE,MAAwB,CAAC,CAAC,CAAC,SAAS;QAC/D,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC;QAG3B,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,CAAC;YACjD,CAAC,CAAE,oBAAmD;YACtD,CAAC,CAAC,SAAS;QAGb,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAE,UAA4B,CAAC,CAAC,CAAC,SAAS;QAC3E,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACnD,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACtD,gBAAgB,EAAE,QAAQ,CAAmB,gBAAgB,CAAC;YAC5D,CAAC,CAAC,gBAAgB;YAClB,CAAC,CAAC,SAAS;QACb,WAAW,EAAE,aAAa,CAAC,WAAW,CAAC;QACvC,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC;QAC3B,WAAW,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC5D,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACtD,WAAW,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC5D,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACpD,CAAC,CAAC;IAGH,MAAM,IAAI,GAAS,EAAE,CAAC;IACtB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC,CAAC;AAIF,MAAM,CAAC,MAAM,iBAAiB,GAAoD;IAChF,GAAG,UAAU;IACb,GAAG,YAAY;IACf,GAAG,QAAQ;CACZ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jose-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"jose-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,uBAAuB,EACvB,kBAAkB,EAElB,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,eAAO,MAAM,gBAAgB,GAC3B,SAAS,kBAAkB,EAC3B,OAAO,uBAAuB,KAC7B,MAgDF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,QAAQ,MAAM,KAAG,kBAqCjD,CAAC"}
|
|
@@ -1,19 +1,37 @@
|
|
|
1
1
|
import { B64 } from "@lindorm/b64";
|
|
2
2
|
import { B64U } from "../constants/format.js";
|
|
3
3
|
import { TOKEN_HEADER_ALGORITHMS } from "../constants/header.js";
|
|
4
|
+
import { AegisError } from "../../errors/index.js";
|
|
4
5
|
import { mapTokenHeader } from "./token-header.js";
|
|
5
6
|
export const encodeJoseHeader = (options, cert) => {
|
|
6
7
|
if (!options.algorithm) {
|
|
7
|
-
throw new
|
|
8
|
+
throw new AegisError("Algorithm is required", {
|
|
9
|
+
code: "jose_header_algorithm_required",
|
|
10
|
+
title: "JOSE Header Algorithm Required",
|
|
11
|
+
details: "No alg was provided, so the protected JOSE header cannot be encoded.",
|
|
12
|
+
});
|
|
8
13
|
}
|
|
9
14
|
if (!TOKEN_HEADER_ALGORITHMS.includes(options.algorithm)) {
|
|
10
|
-
throw new
|
|
15
|
+
throw new AegisError(`Invalid algorithm: ${options.algorithm}`, {
|
|
16
|
+
code: "jose_header_invalid_algorithm",
|
|
17
|
+
data: { algorithm: options.algorithm },
|
|
18
|
+
title: "JOSE Header Invalid Algorithm",
|
|
19
|
+
details: "The requested alg is not in the set of JOSE algorithms Aegis supports, so the header cannot be encoded.",
|
|
20
|
+
});
|
|
11
21
|
}
|
|
12
22
|
if (!options.headerType) {
|
|
13
|
-
throw new
|
|
23
|
+
throw new AegisError("Header type is required", {
|
|
24
|
+
code: "jose_header_type_required",
|
|
25
|
+
title: "JOSE Header Type Required",
|
|
26
|
+
details: "No typ was provided, so the protected JOSE header cannot be encoded.",
|
|
27
|
+
});
|
|
14
28
|
}
|
|
15
29
|
if (!options.keyId) {
|
|
16
|
-
throw new
|
|
30
|
+
throw new AegisError("Key ID is required", {
|
|
31
|
+
code: "jose_header_key_id_required",
|
|
32
|
+
title: "JOSE Header Key ID Required",
|
|
33
|
+
details: "No kid was provided, so verifiers could not look up the signing key in Amphora; the header cannot be encoded.",
|
|
34
|
+
});
|
|
17
35
|
}
|
|
18
36
|
const raw = mapTokenHeader(options, cert);
|
|
19
37
|
const claims = {
|
|
@@ -29,13 +47,26 @@ export const decodeJoseHeader = (header) => {
|
|
|
29
47
|
const string = B64.toString(header);
|
|
30
48
|
const json = JSON.parse(string);
|
|
31
49
|
if (!json.alg || typeof json.alg !== "string") {
|
|
32
|
-
throw new
|
|
50
|
+
throw new AegisError("Missing or invalid token header: alg", {
|
|
51
|
+
code: "jose_header_alg_invalid",
|
|
52
|
+
title: "JOSE Header Alg Invalid",
|
|
53
|
+
details: "The decoded JOSE header has no alg, or alg is not a string.",
|
|
54
|
+
});
|
|
33
55
|
}
|
|
34
56
|
if (!TOKEN_HEADER_ALGORITHMS.includes(json.alg)) {
|
|
35
|
-
throw new
|
|
57
|
+
throw new AegisError(`Unsupported algorithm: ${json.alg}`, {
|
|
58
|
+
code: "jose_header_unsupported_algorithm",
|
|
59
|
+
data: { alg: json.alg },
|
|
60
|
+
title: "JOSE Header Unsupported Algorithm",
|
|
61
|
+
details: "The decoded header alg is not in the allowlist of supported algorithms, rejecting weak or disallowed algorithms such as none.",
|
|
62
|
+
});
|
|
36
63
|
}
|
|
37
64
|
if (json.typ !== undefined && typeof json.typ !== "string") {
|
|
38
|
-
throw new
|
|
65
|
+
throw new AegisError("Invalid token header: typ must be a string", {
|
|
66
|
+
code: "jose_header_typ_invalid",
|
|
67
|
+
title: "JOSE Header Typ Invalid",
|
|
68
|
+
details: "The decoded header typ is present but is not a string, which RFC 7515 requires.",
|
|
69
|
+
});
|
|
39
70
|
}
|
|
40
71
|
return json;
|
|
41
72
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jose-header.js","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"jose-header.js","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAOnD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,OAA2B,EAC3B,IAA8B,EACtB,EAAE;IACV,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,UAAU,CAAC,uBAAuB,EAAE;YAC5C,IAAI,EAAE,gCAAgC;YACtC,KAAK,EAAE,gCAAgC;YACvC,OAAO,EAAE,sEAAsE;SAChF,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,UAAU,CAAC,sBAAsB,OAAO,CAAC,SAAS,EAAE,EAAE;YAC9D,IAAI,EAAE,+BAA+B;YACrC,IAAI,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;YACtC,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,yGAAyG;SAC5G,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,yBAAyB,EAAE;YAC9C,IAAI,EAAE,2BAA2B;YACjC,KAAK,EAAE,2BAA2B;YAClC,OAAO,EAAE,sEAAsE;SAChF,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,UAAU,CAAC,oBAAoB,EAAE;YACzC,IAAI,EAAE,6BAA6B;YACnC,KAAK,EAAE,6BAA6B;YACpC,OAAO,EACL,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAM1C,MAAM,MAAM,GAAsB;QAChC,GAAG,GAAG;QACN,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACpD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;IAEF,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;AAClD,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAsB,EAAE;IACrE,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA+B,CAAC;IAE9D,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,UAAU,CAAC,sCAAsC,EAAE;YAC3D,IAAI,EAAE,yBAAyB;YAC/B,KAAK,EAAE,yBAAyB;YAChC,OAAO,EAAE,6DAA6D;SACvE,CAAC,CAAC;IACL,CAAC;IAMD,IAAI,CAAE,uBAAiD,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,UAAU,CAAC,0BAA0B,IAAI,CAAC,GAAG,EAAE,EAAE;YACzD,IAAI,EAAE,mCAAmC;YACzC,IAAI,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE;YACvB,KAAK,EAAE,mCAAmC;YAC1C,OAAO,EACL,+HAA+H;SAClI,CAAC,CAAC;IACL,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,UAAU,CAAC,4CAA4C,EAAE;YACjE,IAAI,EAAE,yBAAyB;YAC/B,KAAK,EAAE,yBAAyB;YAChC,OAAO,EACL,iFAAiF;SACpF,CAAC,CAAC;IACL,CAAC;IAGD,OAAO,IAA0B,CAAC;AACpC,CAAC,CAAC"}
|
|
@@ -3,17 +3,19 @@ import type { Dict } from "@lindorm/types";
|
|
|
3
3
|
import type { JwtClaims, ParsedJwtPayload, SignJwtContent, SignJwtOptions } from "../../types/index.js";
|
|
4
4
|
type Config = {
|
|
5
5
|
algorithm: KryptosAlgorithm;
|
|
6
|
-
issuer: string;
|
|
7
6
|
};
|
|
8
7
|
type DecodeClaims<C extends Dict = Dict> = JwtClaims & C;
|
|
9
8
|
type Result = {
|
|
10
|
-
expiresAt: Date;
|
|
11
|
-
expiresIn: number;
|
|
12
|
-
expiresOn: number;
|
|
9
|
+
expiresAt: Date | undefined;
|
|
10
|
+
expiresIn: number | undefined;
|
|
11
|
+
expiresOn: number | undefined;
|
|
13
12
|
payload: string;
|
|
14
|
-
tokenId: string;
|
|
13
|
+
tokenId: string | undefined;
|
|
14
|
+
};
|
|
15
|
+
export declare const encodeClaimsPayload: <C extends Dict = Dict>(claims: Dict, content: Pick<SignJwtContent<C>, "claims" | "profile" | "sensitiveIdentity">) => {
|
|
16
|
+
payload: string;
|
|
17
|
+
tokenId: string | undefined;
|
|
15
18
|
};
|
|
16
|
-
export declare const mapJwtContentToClaims: <C extends Dict = Dict>(config: Config, content: SignJwtContent<C>, options: SignJwtOptions) => JwtClaims;
|
|
17
19
|
export declare const encodeJwtPayload: <C extends Dict = Dict>(config: Config, content: SignJwtContent<C>, options: SignJwtOptions) => Result;
|
|
18
20
|
export declare const decodeJwtPayload: <C extends Dict = Dict<never>>(payload: string) => DecodeClaims<C>;
|
|
19
21
|
export declare const parseTokenPayload: <C extends Dict = Dict<never>>(decoded: DecodeClaims<C>) => ParsedJwtPayload<C>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAI3C,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAI3C,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,cAAc,EACf,MAAM,sBAAsB,CAAC;AAM9B,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,gBAAgB,CAAC;CAC7B,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAAG,CAAC,CAAC;AAEzD,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,IAAI,GAAG,SAAS,CAAC;IAC5B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B,CAAC;AAOF,eAAO,MAAM,mBAAmB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACvD,QAAQ,IAAI,EACZ,SAAS,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,mBAAmB,CAAC,KAC3E;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;CA0BhD,CAAC;AAQF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACpD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,MAcF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC3D,SAAS,MAAM,KACd,YAAY,CAAC,CAAC,CAAyD,CAAC;AAE3E,eAAO,MAAM,iBAAiB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC5D,SAAS,YAAY,CAAC,CAAC,CAAC,KACvB,gBAAgB,CAAC,CAAC,CAmDpB,CAAC"}
|
|
@@ -1,103 +1,15 @@
|
|
|
1
1
|
import { B64 } from "@lindorm/b64";
|
|
2
2
|
import { snakeKeys } from "@lindorm/case";
|
|
3
|
-
import { expires
|
|
4
|
-
import {
|
|
3
|
+
import { expires } from "@lindorm/date";
|
|
4
|
+
import { isFinite, isObject, isString } from "@lindorm/is";
|
|
5
5
|
import { removeUndefined } from "@lindorm/utils";
|
|
6
6
|
import { B64U } from "../constants/format.js";
|
|
7
7
|
import { JwtError } from "../../errors/index.js";
|
|
8
|
-
import { createAccessTokenHash, createCodeHash, createStateHash } from "./create-hash.js";
|
|
9
8
|
import { extractAegisProfile } from "./extract-aegis-profile.js";
|
|
10
9
|
import { extractDomainClaims } from "./extract-claims.js";
|
|
11
10
|
import { extractSensitiveIdentity } from "./extract-sensitive-identity.js";
|
|
12
|
-
import {
|
|
13
|
-
const
|
|
14
|
-
sub: claim.subject,
|
|
15
|
-
iss: claim.issuer,
|
|
16
|
-
aud: claim.audience,
|
|
17
|
-
client_id: claim.clientId,
|
|
18
|
-
act: isObject(claim.act) ? actClaimToWire(claim.act) : undefined,
|
|
19
|
-
});
|
|
20
|
-
export const mapJwtContentToClaims = (config, content, options) => {
|
|
21
|
-
if (!isString(config.algorithm)) {
|
|
22
|
-
throw new JwtError("Algorithm is required");
|
|
23
|
-
}
|
|
24
|
-
if (!isUrlLike(config.issuer)) {
|
|
25
|
-
throw new JwtError("Issuer is required");
|
|
26
|
-
}
|
|
27
|
-
if (!content.expires) {
|
|
28
|
-
throw new JwtError("Expires is required");
|
|
29
|
-
}
|
|
30
|
-
if (!isString(content.subject)) {
|
|
31
|
-
throw new JwtError("Subject is required");
|
|
32
|
-
}
|
|
33
|
-
const { expiresOn } = expires(content.expires);
|
|
34
|
-
const at_hash = isString(options.accessTokenHash)
|
|
35
|
-
? options.accessTokenHash
|
|
36
|
-
: isString(content.accessToken)
|
|
37
|
-
? createAccessTokenHash(config.algorithm, content.accessToken)
|
|
38
|
-
: undefined;
|
|
39
|
-
const c_hash = isString(options.codeHash)
|
|
40
|
-
? options.codeHash
|
|
41
|
-
: isString(content.authCode)
|
|
42
|
-
? createCodeHash(config.algorithm, content.authCode)
|
|
43
|
-
: undefined;
|
|
44
|
-
const s_hash = isString(options.stateHash)
|
|
45
|
-
? options.stateHash
|
|
46
|
-
: isString(content.authState)
|
|
47
|
-
? createStateHash(config.algorithm, content.authState)
|
|
48
|
-
: undefined;
|
|
49
|
-
const tokenId = isString(options.tokenId) ? options.tokenId : generateTokenId();
|
|
50
|
-
const cnf = isObject(content.confirmation)
|
|
51
|
-
? removeUndefined({
|
|
52
|
-
jkt: content.confirmation.thumbprint,
|
|
53
|
-
"x5t#S256": content.confirmation.mtlsCertThumbprint,
|
|
54
|
-
jwk: content.confirmation.key,
|
|
55
|
-
kid: content.confirmation.keyId,
|
|
56
|
-
jku: content.confirmation.jwkSetUri,
|
|
57
|
-
})
|
|
58
|
-
: undefined;
|
|
59
|
-
return removeUndefined({
|
|
60
|
-
aal: isFinite(content.adjustedAccessLevel) ? content.adjustedAccessLevel : undefined,
|
|
61
|
-
acr: isString(content.authContextClass) ? content.authContextClass : undefined,
|
|
62
|
-
act: isObject(content.act) ? actClaimToWire(content.act) : undefined,
|
|
63
|
-
afr: isArray(content.authFactor) ? content.authFactor : undefined,
|
|
64
|
-
amr: isArray(content.authMethods) ? content.authMethods : undefined,
|
|
65
|
-
at_hash,
|
|
66
|
-
aud: isArray(content.audience) ? content.audience : undefined,
|
|
67
|
-
auth_time: isDate(content.authTime) ? getUnixTime(content.authTime) : undefined,
|
|
68
|
-
azp: isString(content.authorizedParty) ? content.authorizedParty : undefined,
|
|
69
|
-
c_hash,
|
|
70
|
-
client_id: isString(content.clientId) ? content.clientId : undefined,
|
|
71
|
-
cnf: cnf && Object.keys(cnf).length > 0 ? cnf : undefined,
|
|
72
|
-
entitlements: isArray(content.entitlements) ? content.entitlements : undefined,
|
|
73
|
-
exp: expiresOn,
|
|
74
|
-
groups: isArray(content.groups) ? content.groups : undefined,
|
|
75
|
-
gty: isString(content.grantType) ? content.grantType : undefined,
|
|
76
|
-
may_act: isObject(content.mayAct) ? actClaimToWire(content.mayAct) : undefined,
|
|
77
|
-
iat: isDate(options.issuedAt)
|
|
78
|
-
? getUnixTime(options.issuedAt)
|
|
79
|
-
: getUnixTime(new Date()),
|
|
80
|
-
iss: config.issuer,
|
|
81
|
-
jti: tokenId,
|
|
82
|
-
loa: isFinite(content.levelOfAssurance) ? content.levelOfAssurance : undefined,
|
|
83
|
-
nbf: isDate(content.notBefore)
|
|
84
|
-
? getUnixTime(content.notBefore)
|
|
85
|
-
: getUnixTime(new Date()),
|
|
86
|
-
nonce: isString(content.nonce) ? content.nonce : undefined,
|
|
87
|
-
permissions: isArray(content.permissions) ? content.permissions : undefined,
|
|
88
|
-
roles: isArray(content.roles) ? content.roles : undefined,
|
|
89
|
-
s_hash,
|
|
90
|
-
scope: isArray(content.scope) ? content.scope : undefined,
|
|
91
|
-
sid: isString(content.sessionId) ? content.sessionId : undefined,
|
|
92
|
-
sih: isString(content.sessionHint) ? content.sessionHint : undefined,
|
|
93
|
-
sub: content.subject,
|
|
94
|
-
suh: isString(content.subjectHint) ? content.subjectHint : undefined,
|
|
95
|
-
tenant_id: isString(content.tenantId) ? content.tenantId : undefined,
|
|
96
|
-
});
|
|
97
|
-
};
|
|
98
|
-
export const encodeJwtPayload = (config, content, options) => {
|
|
99
|
-
const claims = mapJwtContentToClaims(config, content, options);
|
|
100
|
-
const { expiresAt, expiresIn, expiresOn } = expires(content.expires);
|
|
11
|
+
import { mapContentToClaims } from "./map-content-to-claims.js";
|
|
12
|
+
export const encodeClaimsPayload = (claims, content) => {
|
|
101
13
|
const profileWire = isObject(content.profile) ? snakeKeys(content.profile) : {};
|
|
102
14
|
const sensitiveIdentityWire = isObject(content.sensitiveIdentity)
|
|
103
15
|
? { sensitive_identity: snakeKeys(content.sensitiveIdentity) }
|
|
@@ -108,18 +20,42 @@ export const encodeJwtPayload = (config, content, options) => {
|
|
|
108
20
|
...sensitiveIdentityWire,
|
|
109
21
|
...(content.claims ?? {}),
|
|
110
22
|
}), B64U);
|
|
111
|
-
return {
|
|
23
|
+
return { payload, tokenId: isString(claims.jti) ? claims.jti : undefined };
|
|
24
|
+
};
|
|
25
|
+
export const encodeJwtPayload = (config, content, options) => {
|
|
26
|
+
const claims = mapContentToClaims({ algorithm: config.algorithm }, content, options);
|
|
27
|
+
const { payload, tokenId } = encodeClaimsPayload(claims, content);
|
|
28
|
+
const expiry = content.expires ? expires(content.expires) : undefined;
|
|
29
|
+
return {
|
|
30
|
+
expiresAt: expiry?.expiresAt,
|
|
31
|
+
expiresIn: expiry?.expiresIn,
|
|
32
|
+
expiresOn: isFinite(claims.exp) ? claims.exp : undefined,
|
|
33
|
+
payload,
|
|
34
|
+
tokenId,
|
|
35
|
+
};
|
|
112
36
|
};
|
|
113
37
|
export const decodeJwtPayload = (payload) => JSON.parse(B64.toString(payload));
|
|
114
38
|
export const parseTokenPayload = (decoded) => {
|
|
115
39
|
if (!isFinite(decoded.exp)) {
|
|
116
|
-
throw new JwtError("Missing claim: exp"
|
|
40
|
+
throw new JwtError("Missing claim: exp", {
|
|
41
|
+
code: "jwt_missing_claim_exp",
|
|
42
|
+
title: "JWT Missing Claim Exp",
|
|
43
|
+
details: "The payload has no finite exp claim, which is required to parse a JWT.",
|
|
44
|
+
});
|
|
117
45
|
}
|
|
118
46
|
if (!isFinite(decoded.iat)) {
|
|
119
|
-
throw new JwtError("Missing claim: iat"
|
|
47
|
+
throw new JwtError("Missing claim: iat", {
|
|
48
|
+
code: "jwt_missing_claim_iat",
|
|
49
|
+
title: "JWT Missing Claim IAT",
|
|
50
|
+
details: "The payload has no finite iat claim, which is required to parse a JWT.",
|
|
51
|
+
});
|
|
120
52
|
}
|
|
121
53
|
if (!isString(decoded.iss)) {
|
|
122
|
-
throw new JwtError("Missing claim: iss"
|
|
54
|
+
throw new JwtError("Missing claim: iss", {
|
|
55
|
+
code: "jwt_missing_claim_iss",
|
|
56
|
+
title: "JWT Missing Claim ISS",
|
|
57
|
+
details: "The payload has no string iss claim, which is required to parse a JWT.",
|
|
58
|
+
});
|
|
123
59
|
}
|
|
124
60
|
const { claims: domain, rest } = extractDomainClaims(decoded);
|
|
125
61
|
const { profile, rest: afterProfile } = extractAegisProfile(rest);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAOjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAqBhE,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,MAAY,EACZ,OAA4E,EAC1B,EAAE;IAKpD,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAMhF,MAAM,qBAAqB,GAAG,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC;QAC/D,CAAC,CAAC,EAAE,kBAAkB,EAAE,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE;QAC9D,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CACxB,IAAI,CAAC,SAAS,CAAC;QACb,GAAG,MAAM;QACT,GAAG,WAAW;QACd,GAAG,qBAAqB;QACxB,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;KAC1B,CAAC,EACF,IAAI,CACL,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;AAC7E,CAAC,CAAC;AAQF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,MAAM,MAAM,GAAG,kBAAkB,CAAI,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAExF,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,mBAAmB,CAAI,MAAM,EAAE,OAAO,CAAC,CAAC;IAErE,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEtE,OAAO;QACL,SAAS,EAAE,MAAM,EAAE,SAAS;QAC5B,SAAS,EAAE,MAAM,EAAE,SAAS;QAC5B,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACxD,OAAO;QACP,OAAO;KACR,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,OAAe,EACE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAC;AAE3E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACH,EAAE;IACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,EAAE;YACvC,IAAI,EAAE,uBAAuB;YAC7B,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,wEAAwE;SAClF,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,EAAE;YACvC,IAAI,EAAE,uBAAuB;YAC7B,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,wEAAwE;SAClF,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,QAAQ,CAAC,oBAAoB,EAAE;YACvC,IAAI,EAAE,uBAAuB;YAC7B,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,wEAAwE;SAClF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE,GAC7C,wBAAwB,CAAC,YAAY,CAAC,CAAC;IAIzC,OAAO,eAAe,CAAC;QACrB,GAAG,MAAM;QAET,MAAM,EAAE,MAAM,CAAC,MAAO;QACtB,SAAS,EAAE,MAAM,CAAC,SAAU;QAC5B,QAAQ,EAAE,MAAM,CAAC,QAAS;QAE1B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;QACvC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QACzB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QAEzB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO;QACP,iBAAiB;QACjB,MAAM,EAAE,YAAiB;KAC1B,CAAC,CAAC;AACL,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-validate.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-validate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-validate.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-validate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;AAEzE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAG/D,eAAO,MAAM,iBAAiB,GAAI,UAAU,kBAAkB,KAAG,SAAS,CAAC,IAAI,CA8C9E,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { isArray, isNumber, isObject, isString } from "@lindorm/is";
|
|
2
|
+
import { JwtError } from "../../errors/index.js";
|
|
2
3
|
import { createAccessTokenHash, createCodeHash, createStateHash } from "./create-hash.js";
|
|
3
4
|
export const createJwtValidate = (validate) => {
|
|
4
5
|
const algorithm = validate.algorithm;
|
|
@@ -34,7 +35,12 @@ export const createJwtValidate = (validate) => {
|
|
|
34
35
|
predicate[key] = value;
|
|
35
36
|
continue;
|
|
36
37
|
}
|
|
37
|
-
throw new
|
|
38
|
+
throw new JwtError(`Unsupported value: ${value} for key: ${key}`, {
|
|
39
|
+
code: "jwt_validate_unsupported_value",
|
|
40
|
+
data: { key },
|
|
41
|
+
title: "JWT Validate Unsupported Value",
|
|
42
|
+
details: "A claim matcher value must be a string, number, array, or predicate object; this key was given an unsupported type.",
|
|
43
|
+
});
|
|
38
44
|
}
|
|
39
45
|
return predicate;
|
|
40
46
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-validate.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-validate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-validate.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-validate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEjD,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAE1F,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,QAA4B,EAAmB,EAAE;IACjF,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;IACrC,MAAM,SAAS,GAAoB,EAAE,CAAC;IAEtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,IAAI,GAAG,KAAK,WAAW;YAAE,SAAS;QAElC,IAAI,GAAG,KAAK,aAAa,IAAI,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,qBAAqB,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QACD,IAAI,GAAG,KAAK,UAAU,IAAI,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACvD,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,cAAc,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC3D,SAAS;QACX,CAAC;QACD,IAAI,GAAG,KAAK,WAAW,IAAI,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACxD,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC5D,SAAS;QACX,CAAC;QACD,IAAI,OAAO,CAAS,KAAK,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YACjC,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,GAAG,CAAC,GAAG,KAA+B,CAAC;YACjD,SAAS;QACX,CAAC;QAED,MAAM,IAAI,QAAQ,CAAC,sBAAsB,KAAY,aAAa,GAAG,EAAE,EAAE;YACvE,IAAI,EAAE,gCAAgC;YACtC,IAAI,EAAE,EAAE,GAAG,EAAE;YACb,KAAK,EAAE,gCAAgC;YACvC,OAAO,EACL,qHAAqH;SACxH,CAAC,CAAC;IACL,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;AAEzE,OAAO,KAAK,EAAa,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAkExE,eAAO,MAAM,eAAe,GAC1B,WAAW,gBAAgB,EAC3B,QAAQ,gBAAgB,EACxB,gBAAgB,MAAM,KACrB,SAAS,CAAC,IAAI,CAwFhB,CAAC"}
|
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
import { addSeconds, subSeconds } from "@lindorm/date";
|
|
2
2
|
import { isArray, isNumber, isObject, isString } from "@lindorm/is";
|
|
3
|
+
import { JwtError } from "../../errors/index.js";
|
|
3
4
|
import { createAccessTokenHash, createCodeHash, createStateHash } from "./create-hash.js";
|
|
4
5
|
const mapVerify = (key) => {
|
|
5
6
|
switch (key) {
|
|
6
7
|
case "accessToken":
|
|
7
8
|
return "at_hash";
|
|
8
|
-
case "adjustedAccessLevel":
|
|
9
|
-
return "aal";
|
|
10
9
|
case "audience":
|
|
11
10
|
return "aud";
|
|
12
11
|
case "authCode":
|
|
@@ -51,8 +50,17 @@ const mapVerify = (key) => {
|
|
|
51
50
|
return "suh";
|
|
52
51
|
case "tenantId":
|
|
53
52
|
return "tenant_id";
|
|
53
|
+
case "vectorOfTrust":
|
|
54
|
+
return "vot";
|
|
55
|
+
case "vectorTrustMark":
|
|
56
|
+
return "vtm";
|
|
54
57
|
default:
|
|
55
|
-
throw new
|
|
58
|
+
throw new JwtError(`Unsupported key: ${key} for JWT verification`, {
|
|
59
|
+
code: "jwt_verify_unsupported_key",
|
|
60
|
+
data: { key },
|
|
61
|
+
title: "JWT Verify Unsupported Key",
|
|
62
|
+
details: "A verify option key does not map to any known JWT claim, so no predicate can be built for it.",
|
|
63
|
+
});
|
|
56
64
|
}
|
|
57
65
|
};
|
|
58
66
|
export const createJwtVerify = (algorithm, verify, clockTolerance) => {
|
|
@@ -122,7 +130,12 @@ export const createJwtVerify = (algorithm, verify, clockTolerance) => {
|
|
|
122
130
|
predicate[mapped] = value;
|
|
123
131
|
continue;
|
|
124
132
|
}
|
|
125
|
-
throw new
|
|
133
|
+
throw new JwtError(`Unsupported value: ${value} for key: ${key}`, {
|
|
134
|
+
code: "jwt_verify_unsupported_value",
|
|
135
|
+
data: { key },
|
|
136
|
+
title: "JWT Verify Unsupported Value",
|
|
137
|
+
details: "A verify option value must be a string, number, array, or predicate object; this key was given an unsupported type.",
|
|
138
|
+
});
|
|
126
139
|
}
|
|
127
140
|
return predicate;
|
|
128
141
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-verify.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-verify.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAGpE,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEjD,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAE1F,MAAM,SAAS,GAAG,CAAC,GAA2B,EAAmB,EAAE;IACjE,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;QACnB,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,YAAY;YACf,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,iBAAiB;YACpB,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,QAAQ,CAAC;QAClB,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,cAAc;YACjB,OAAO,cAAc,CAAC;QACxB,KAAK,WAAW;YACd,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,aAAa;YAChB,OAAO,aAAa,CAAC;QACvB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,KAAK,CAAC;QACf,KAAK,iBAAiB;YACpB,OAAO,KAAK,CAAC;QACf;YACE,MAAM,IAAI,QAAQ,CAAC,oBAAoB,GAAU,uBAAuB,EAAE;gBACxE,IAAI,EAAE,4BAA4B;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE;gBACb,KAAK,EAAE,4BAA4B;gBACnC,OAAO,EACL,+FAA+F;aAClG,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,SAA2B,EAC3B,MAAwB,EACxB,cAAsB,EACL,EAAE;IACnB,MAAM,SAAS,GAA6D;QAC1E,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,SAAS,EAAE;YACT,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;KACF,CAAC;IAMF,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;QACpD,KAAK;QACL,KAAK;QACL,KAAK;QACL,OAAO;QACP,OAAO;QACP,aAAa;QACb,QAAQ;QACR,cAAc;KACf,CAAC,CAAC;IAEH,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAElD,IAAI,GAAG,KAAK,WAAW;YAAE,SAAS;QAElC,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAE9B,IAAI,GAAG,KAAK,WAAW;YAAE,SAAS;QAElC,IAAI,GAAG,KAAK,sBAAsB;YAAE,SAAS;QAE7C,MAAM,MAAM,GAAG,SAAS,CAAC,GAA6B,CAAC,CAAC;QAExD,IAAI,MAAM,KAAK,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,qBAAqB,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YACrE,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,cAAc,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC9D,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,CAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC/D,SAAS;QACX,CAAC;QACD,IAAI,OAAO,CAAS,KAAK,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAGpB,IAAI,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtC,SAAS;YACX,CAAC;YACD,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,MAAM,CAAC,GAAG,KAA+B,CAAC;YACpD,SAAS;QACX,CAAC;QAED,MAAM,IAAI,QAAQ,CAAC,sBAAsB,KAAY,aAAa,GAAG,EAAE,EAAE;YACvE,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,EAAE,GAAG,EAAE;YACb,KAAK,EAAE,8BAA8B;YACrC,OAAO,EACL,qHAAqH;SACxH,CAAC,CAAC;IACL,CAAC;IAED,OAAO,SAA4B,CAAC;AACtC,CAAC,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { KryptosAlgorithm } from "@lindorm/kryptos";
|
|
2
|
+
import type { Dict } from "@lindorm/types";
|
|
3
|
+
import type { JwtClaims, SignJwtContent, SignJwtOptions } from "../../types/index.js";
|
|
4
|
+
export type MapContentContext = {
|
|
5
|
+
algorithm: KryptosAlgorithm;
|
|
6
|
+
};
|
|
7
|
+
export declare const mapContentToClaims: <C extends Dict = Dict>(ctx: MapContentContext, content: SignJwtContent<C>, options?: SignJwtOptions) => JwtClaims;
|
|
8
|
+
//# sourceMappingURL=map-content-to-claims.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"map-content-to-claims.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/map-content-to-claims.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAI3C,OAAO,KAAK,EAGV,SAAS,EACT,cAAc,EACd,cAAc,EACf,MAAM,sBAAsB,CAAC;AAS9B,MAAM,MAAM,iBAAiB,GAAG;IAC9B,SAAS,EAAE,gBAAgB,CAAC;CAC7B,CAAC;AAwBF,eAAO,MAAM,kBAAkB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACtD,KAAK,iBAAiB,EACtB,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,UAAS,cAAmB,KAC3B,SAgFF,CAAC"}
|