@logto/js 2.0.1 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.cjs +2 -0
- package/lib/index.js +1 -0
- package/lib/utils/access-token.cjs +40 -0
- package/lib/utils/access-token.d.ts +11 -0
- package/lib/utils/access-token.js +38 -0
- package/lib/utils/access-token.test.d.ts +1 -0
- package/lib/utils/index.d.ts +1 -0
- package/package.json +1 -1
package/lib/index.cjs
CHANGED
|
@@ -9,6 +9,7 @@ var userInfo = require('./core/user-info.cjs');
|
|
|
9
9
|
var callbackUri = require('./utils/callback-uri.cjs');
|
|
10
10
|
var errors = require('./utils/errors.cjs');
|
|
11
11
|
var idToken = require('./utils/id-token.cjs');
|
|
12
|
+
var accessToken = require('./utils/access-token.cjs');
|
|
12
13
|
var scopes = require('./utils/scopes.cjs');
|
|
13
14
|
var arbitraryObject = require('./utils/arbitrary-object.cjs');
|
|
14
15
|
var index = require('./consts/index.cjs');
|
|
@@ -31,6 +32,7 @@ exports.OidcError = errors.OidcError;
|
|
|
31
32
|
exports.isLogtoRequestError = errors.isLogtoRequestError;
|
|
32
33
|
exports.decodeIdToken = idToken.decodeIdToken;
|
|
33
34
|
exports.verifyIdToken = idToken.verifyIdToken;
|
|
35
|
+
exports.decodeAccessToken = accessToken.decodeAccessToken;
|
|
34
36
|
exports.withDefaultScopes = scopes.withDefaultScopes;
|
|
35
37
|
exports.isArbitraryObject = arbitraryObject.isArbitraryObject;
|
|
36
38
|
exports.ContentType = index.ContentType;
|
package/lib/index.js
CHANGED
|
@@ -7,6 +7,7 @@ export { fetchUserInfo } from './core/user-info.js';
|
|
|
7
7
|
export { parseUriParameters, verifyAndParseCodeFromCallbackUri } from './utils/callback-uri.js';
|
|
8
8
|
export { LogtoError, LogtoRequestError, OidcError, isLogtoRequestError } from './utils/errors.js';
|
|
9
9
|
export { decodeIdToken, verifyIdToken } from './utils/id-token.js';
|
|
10
|
+
export { decodeAccessToken } from './utils/access-token.js';
|
|
10
11
|
export { withDefaultScopes } from './utils/scopes.js';
|
|
11
12
|
export { isArbitraryObject } from './utils/arbitrary-object.js';
|
|
12
13
|
export { ContentType, Prompt, QueryKey, ReservedScope, TokenGrantType, UserScope } from './consts/index.js';
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var essentials = require('@silverhand/essentials');
|
|
4
|
+
var arbitraryObject = require('./arbitrary-object.cjs');
|
|
5
|
+
|
|
6
|
+
// https://docs.logto.io/docs/recipes/protect-your-api/
|
|
7
|
+
function assertAccessTokenClaims(data) {
|
|
8
|
+
if (!arbitraryObject.isArbitraryObject(data)) {
|
|
9
|
+
throw new TypeError('AccessToken is expected to be an object');
|
|
10
|
+
}
|
|
11
|
+
for (const key of ['jti', 'iss', 'sub', 'aud', 'client_id', 'scope']) {
|
|
12
|
+
if (data[key] === undefined) {
|
|
13
|
+
continue;
|
|
14
|
+
}
|
|
15
|
+
if (typeof data[key] !== 'string' && data[key] !== null) {
|
|
16
|
+
throw new TypeError(`At path: AccessToken.${key}: expected null or a string`);
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
for (const key of ['exp', 'iat']) {
|
|
20
|
+
if (data[key] === undefined) {
|
|
21
|
+
continue;
|
|
22
|
+
}
|
|
23
|
+
if (typeof data[key] !== 'number' && data[key] !== null) {
|
|
24
|
+
throw new TypeError(`At path: AccessToken.${key}: expected null or a number`);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
const decodeAccessToken = (accessToken) => {
|
|
29
|
+
const { 1: encodedPayload } = accessToken.split('.');
|
|
30
|
+
if (!encodedPayload) {
|
|
31
|
+
// Non-JWT format token string
|
|
32
|
+
return {};
|
|
33
|
+
}
|
|
34
|
+
const json = essentials.urlSafeBase64.decode(encodedPayload);
|
|
35
|
+
const accessTokenClaims = JSON.parse(json);
|
|
36
|
+
assertAccessTokenClaims(accessTokenClaims);
|
|
37
|
+
return accessTokenClaims;
|
|
38
|
+
};
|
|
39
|
+
|
|
40
|
+
exports.decodeAccessToken = decodeAccessToken;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export type AccessTokenClaims = {
|
|
2
|
+
jti?: string;
|
|
3
|
+
iss?: string;
|
|
4
|
+
sub?: string;
|
|
5
|
+
aud?: string;
|
|
6
|
+
exp?: number;
|
|
7
|
+
iat?: number;
|
|
8
|
+
client_id?: string;
|
|
9
|
+
scope?: string;
|
|
10
|
+
} & Record<string, unknown>;
|
|
11
|
+
export declare const decodeAccessToken: (accessToken: string) => AccessTokenClaims;
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { urlSafeBase64 } from '@silverhand/essentials';
|
|
2
|
+
import { isArbitraryObject } from './arbitrary-object.js';
|
|
3
|
+
|
|
4
|
+
// https://docs.logto.io/docs/recipes/protect-your-api/
|
|
5
|
+
function assertAccessTokenClaims(data) {
|
|
6
|
+
if (!isArbitraryObject(data)) {
|
|
7
|
+
throw new TypeError('AccessToken is expected to be an object');
|
|
8
|
+
}
|
|
9
|
+
for (const key of ['jti', 'iss', 'sub', 'aud', 'client_id', 'scope']) {
|
|
10
|
+
if (data[key] === undefined) {
|
|
11
|
+
continue;
|
|
12
|
+
}
|
|
13
|
+
if (typeof data[key] !== 'string' && data[key] !== null) {
|
|
14
|
+
throw new TypeError(`At path: AccessToken.${key}: expected null or a string`);
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
for (const key of ['exp', 'iat']) {
|
|
18
|
+
if (data[key] === undefined) {
|
|
19
|
+
continue;
|
|
20
|
+
}
|
|
21
|
+
if (typeof data[key] !== 'number' && data[key] !== null) {
|
|
22
|
+
throw new TypeError(`At path: AccessToken.${key}: expected null or a number`);
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
const decodeAccessToken = (accessToken) => {
|
|
27
|
+
const { 1: encodedPayload } = accessToken.split('.');
|
|
28
|
+
if (!encodedPayload) {
|
|
29
|
+
// Non-JWT format token string
|
|
30
|
+
return {};
|
|
31
|
+
}
|
|
32
|
+
const json = urlSafeBase64.decode(encodedPayload);
|
|
33
|
+
const accessTokenClaims = JSON.parse(json);
|
|
34
|
+
assertAccessTokenClaims(accessTokenClaims);
|
|
35
|
+
return accessTokenClaims;
|
|
36
|
+
};
|
|
37
|
+
|
|
38
|
+
export { decodeAccessToken };
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/lib/utils/index.d.ts
CHANGED