npm - @memberjunction/auth-providers - Versions diffs - 0.0.1 → 5.16.0 - Mend

@memberjunction/auth-providers 0.0.1 → 5.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/.turbo/turbo-build.log +4 -0
package/CHANGELOG.md +10 -0
package/dist/AuthProviderFactory.d.ts +68 -0
package/dist/AuthProviderFactory.d.ts.map +1 -0
package/dist/AuthProviderFactory.js +153 -0
package/dist/AuthProviderFactory.js.map +1 -0
package/dist/BaseAuthProvider.d.ts +41 -0
package/dist/BaseAuthProvider.d.ts.map +1 -0
package/dist/BaseAuthProvider.js +102 -0
package/dist/BaseAuthProvider.js.map +1 -0
package/dist/IAuthProvider.d.ts +46 -0
package/dist/IAuthProvider.d.ts.map +1 -0
package/dist/IAuthProvider.js +2 -0
package/dist/IAuthProvider.js.map +1 -0
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +4 -0
package/dist/index.js.map +1 -0
package/dist/providers/Auth0Provider.d.ts +18 -0
package/dist/providers/Auth0Provider.d.ts.map +1 -0
package/dist/providers/Auth0Provider.js +52 -0
package/dist/providers/Auth0Provider.js.map +1 -0
package/dist/providers/CognitoProvider.d.ts +18 -0
package/dist/providers/CognitoProvider.d.ts.map +1 -0
package/dist/providers/CognitoProvider.js +56 -0
package/dist/providers/CognitoProvider.js.map +1 -0
package/dist/providers/GoogleProvider.d.ts +18 -0
package/dist/providers/GoogleProvider.d.ts.map +1 -0
package/dist/providers/GoogleProvider.js +51 -0
package/dist/providers/GoogleProvider.js.map +1 -0
package/dist/providers/MSALProvider.d.ts +18 -0
package/dist/providers/MSALProvider.d.ts.map +1 -0
package/dist/providers/MSALProvider.js +52 -0
package/dist/providers/MSALProvider.js.map +1 -0
package/dist/providers/OktaProvider.d.ts +18 -0
package/dist/providers/OktaProvider.d.ts.map +1 -0
package/dist/providers/OktaProvider.js +52 -0
package/dist/providers/OktaProvider.js.map +1 -0
package/dist/tokenExpiredError.d.ts +5 -0
package/dist/tokenExpiredError.d.ts.map +1 -0
package/dist/tokenExpiredError.js +12 -0
package/dist/tokenExpiredError.js.map +1 -0
package/package.json +28 -7
package/src/AuthProviderFactory.ts +180 -0
package/src/BaseAuthProvider.ts +137 -0
package/src/IAuthProvider.ts +54 -0
package/src/index.ts +7 -0
package/src/providers/Auth0Provider.ts +45 -0
package/src/providers/CognitoProvider.ts +50 -0
package/src/providers/GoogleProvider.ts +45 -0
package/src/providers/MSALProvider.ts +45 -0
package/src/providers/OktaProvider.ts +46 -0
package/src/tokenExpiredError.ts +12 -0
package/tsconfig.json +10 -0
package/vitest.config.ts +11 -0
package/README.md +0 -45

package/src/IAuthProvider.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
+import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
+/**
+ * Interface for authentication providers in MemberJunction
+ * Enables support for any OAuth 2.0/OIDC compliant provider
+ */
+export interface IAuthProvider {
+  /**
+   * Unique name identifier for this provider
+   */
+  name: string;
+  /**
+   * The issuer URL for this provider (must match the 'iss' claim in tokens)
+   */
+  issuer: string;
+  /**
+   * The expected audience for tokens from this provider
+   */
+  audience: string;
+  /**
+   * The JWKS endpoint URL for retrieving signing keys
+   */
+  jwksUri: string;
+  /**
+   * OAuth client ID for this provider (optional, used by OAuth proxy for upstream authentication)
+   */
+  clientId?: string;
+  /**
+   * Validates that the provider configuration is complete and valid
+   */
+  validateConfig(): boolean;
+  /**
+   * Gets the signing key for token verification
+   */
+  getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void;
+  /**
+   * Extracts user information from the JWT payload
+   * Different providers use different claim names
+   */
+  extractUserInfo(payload: JwtPayload): AuthUserInfo;
+  /**
+   * Checks if a given issuer URL belongs to this provider
+   */
+  matchesIssuer(issuer: string): boolean;
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export { IAuthProvider } from './IAuthProvider.js';
+export { BaseAuthProvider } from './BaseAuthProvider.js';
+export { AuthProviderFactory } from './AuthProviderFactory.js';
+export { TokenExpiredError } from './tokenExpiredError.js';
+// Re-export types consumers commonly need alongside the auth providers
+export type { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';

package/src/providers/Auth0Provider.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { JwtPayload } from 'jsonwebtoken';
+import { RegisterClass } from '@memberjunction/global';
+import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
+import { BaseAuthProvider } from '../BaseAuthProvider.js';
+/**
+ * Auth0 authentication provider implementation
+ */
+@RegisterClass(BaseAuthProvider, 'auth0')
+export class Auth0Provider extends BaseAuthProvider {
+  constructor(config: AuthProviderConfig) {
+    super(config);
+  }
+  /**
+   * Extracts user information from Auth0 JWT payload
+   */
+  extractUserInfo(payload: JwtPayload): AuthUserInfo {
+    // Auth0 uses standard OIDC claims
+    const email = payload.email as string | undefined;
+    const fullName = payload.name as string | undefined;
+    const firstName = payload.given_name as string | undefined;
+    const lastName = payload.family_name as string | undefined;
+    const preferredUsername = payload.preferred_username as string | undefined || email;
+    return {
+      email,
+      firstName: firstName || fullName?.split(' ')[0],
+      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
+      fullName,
+      preferredUsername
+    };
+  }
+  /**
+   * Validates Auth0-specific configuration
+   */
+  validateConfig(): boolean {
+    const baseValid = super.validateConfig();
+    const hasClientId = !!this.config.clientId;
+    const hasDomain = !!this.config.domain;
+    return baseValid && hasClientId && hasDomain;
+  }
+}

package/src/providers/CognitoProvider.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { JwtPayload } from 'jsonwebtoken';
+import { RegisterClass } from '@memberjunction/global';
+import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
+import { BaseAuthProvider } from '../BaseAuthProvider.js';
+/**
+ * AWS Cognito authentication provider implementation
+ */
+@RegisterClass(BaseAuthProvider, 'cognito')
+export class CognitoProvider extends BaseAuthProvider {
+  constructor(config: AuthProviderConfig) {
+    super(config);
+  }
+  /**
+   * Extracts user information from Cognito JWT payload
+   */
+  extractUserInfo(payload: JwtPayload): AuthUserInfo {
+    // Cognito uses custom claims with 'cognito:' prefix for some fields
+    const email = payload.email as string | undefined ||
+                  payload['cognito:username'] as string | undefined;
+    const fullName = payload.name as string | undefined;
+    const firstName = payload.given_name as string | undefined;
+    const lastName = payload.family_name as string | undefined;
+    const preferredUsername = payload['cognito:username'] as string | undefined ||
+                             payload.preferred_username as string | undefined ||
+                             email;
+    return {
+      email,
+      firstName: firstName || fullName?.split(' ')[0],
+      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
+      fullName,
+      preferredUsername
+    };
+  }
+  /**
+   * Validates Cognito-specific configuration
+   */
+  validateConfig(): boolean {
+    const baseValid = super.validateConfig();
+    const hasClientId = !!this.config.clientId;
+    const hasRegion = !!this.config.region;
+    const hasUserPoolId = !!this.config.userPoolId;
+    return baseValid && hasClientId && hasRegion && hasUserPoolId;
+  }
+}

package/src/providers/GoogleProvider.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { JwtPayload } from 'jsonwebtoken';
+import { RegisterClass } from '@memberjunction/global';
+import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
+import { BaseAuthProvider } from '../BaseAuthProvider.js';
+/**
+ * Google Identity Platform authentication provider implementation
+ */
+@RegisterClass(BaseAuthProvider, 'google')
+export class GoogleProvider extends BaseAuthProvider {
+  constructor(config: AuthProviderConfig) {
+    super(config);
+  }
+  /**
+   * Extracts user information from Google JWT payload
+   */
+  extractUserInfo(payload: JwtPayload): AuthUserInfo {
+    // Google uses standard OIDC claims
+    const email = payload.email as string | undefined;
+    const fullName = payload.name as string | undefined;
+    const firstName = payload.given_name as string | undefined;
+    const lastName = payload.family_name as string | undefined;
+    const preferredUsername = email; // Google typically uses email as username
+    return {
+      email,
+      firstName: firstName || fullName?.split(' ')[0],
+      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
+      fullName,
+      preferredUsername
+    };
+  }
+  /**
+   * Validates Google-specific configuration
+   */
+  validateConfig(): boolean {
+    const baseValid = super.validateConfig();
+    const hasClientId = !!this.config.clientId;
+    return baseValid && hasClientId;
+  }
+}

package/src/providers/MSALProvider.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { JwtPayload } from 'jsonwebtoken';
+import { RegisterClass } from '@memberjunction/global';
+import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
+import { BaseAuthProvider } from '../BaseAuthProvider.js';
+/**
+ * Microsoft Authentication Library (MSAL) provider implementation
+ */
+@RegisterClass(BaseAuthProvider, 'msal')
+export class MSALProvider extends BaseAuthProvider {
+  constructor(config: AuthProviderConfig) {
+    super(config);
+  }
+  /**
+   * Extracts user information from MSAL/Azure AD JWT payload
+   */
+  extractUserInfo(payload: JwtPayload): AuthUserInfo {
+    // MSAL/Azure AD uses some custom claims
+    const email = payload.email as string | undefined || payload.preferred_username as string | undefined;
+    const fullName = payload.name as string | undefined;
+    const firstName = payload.given_name as string | undefined;
+    const lastName = payload.family_name as string | undefined;
+    const preferredUsername = payload.preferred_username as string | undefined;
+    return {
+      email,
+      firstName: firstName || fullName?.split(' ')[0],
+      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
+      fullName,
+      preferredUsername
+    };
+  }
+  /**
+   * Validates MSAL-specific configuration
+   */
+  validateConfig(): boolean {
+    const baseValid = super.validateConfig();
+    const hasClientId = !!this.config.clientId;
+    const hasTenantId = !!this.config.tenantId;
+    return baseValid && hasClientId && hasTenantId;
+  }
+}

package/src/providers/OktaProvider.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import { JwtPayload } from 'jsonwebtoken';
+import { RegisterClass } from '@memberjunction/global';
+import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
+import { BaseAuthProvider } from '../BaseAuthProvider.js';
+/**
+ * Okta authentication provider implementation
+ */
+@RegisterClass(BaseAuthProvider, 'okta')
+export class OktaProvider extends BaseAuthProvider {
+  constructor(config: AuthProviderConfig) {
+    super(config);
+  }
+  /**
+   * Extracts user information from Okta JWT payload
+   */
+  extractUserInfo(payload: JwtPayload): AuthUserInfo {
+    // Okta uses standard OIDC claims plus some custom ones
+    const email = payload.email as string | undefined || payload.preferred_username as string | undefined;
+    const fullName = payload.name as string | undefined;
+    const firstName = payload.given_name as string | undefined;
+    const lastName = payload.family_name as string | undefined;
+    const preferredUsername = payload.preferred_username as string | undefined || email;
+    return {
+      email,
+      firstName: firstName || fullName?.split(' ')[0],
+      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
+      fullName,
+      preferredUsername
+    };
+  }
+  /**
+   * Validates Okta-specific configuration
+   */
+  validateConfig(): boolean {
+    const baseValid = super.validateConfig();
+    const hasClientId = !!this.config.clientId;
+    const hasDomain = !!this.config.domain;
+    return baseValid && hasClientId && hasDomain;
+  }
+}

package/src/tokenExpiredError.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { GraphQLError } from 'graphql';
+export class TokenExpiredError extends GraphQLError {
+  constructor(expiryDate: Date, message = 'The provided token has expired. Please authenticate again.') {
+    super(message, {
+      extensions: {
+        code: 'JWT_EXPIRED',
+        expiryDate: expiryDate.toISOString(),
+      },
+    });
+  }
+}

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "extends": "../../tsconfig.server.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src",
+    "module": "es2022"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "src/__tests__/**", "src/**/*.test.ts", "src/**/*.spec.ts", "vitest.config.ts"]
+}

package/vitest.config.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { defineProject, mergeConfig } from 'vitest/config';
+import sharedConfig from '../../vitest.shared';
+export default mergeConfig(
+  sharedConfig,
+  defineProject({
+    test: {
+      environment: 'node',
+    },
+  })
+);

package/README.md DELETED Viewed

@@ -1,45 +0,0 @@
-# @memberjunction/auth-providers
-## ⚠️ IMPORTANT NOTICE ⚠️
-**This package is created solely for the purpose of setting up OIDC (OpenID Connect) trusted publishing with npm.**
-This is **NOT** a functional package and contains **NO** code or functionality beyond the OIDC setup configuration.
-## Purpose
-This package exists to:
-1. Configure OIDC trusted publishing for the package name `@memberjunction/auth-providers`
-2. Enable secure, token-less publishing from CI/CD workflows
-3. Establish provenance for packages published under this name
-## What is OIDC Trusted Publishing?
-OIDC trusted publishing allows package maintainers to publish packages directly from their CI/CD workflows without needing to manage npm access tokens. Instead, it uses OpenID Connect to establish trust between the CI/CD provider (like GitHub Actions) and npm.
-## Setup Instructions
-To properly configure OIDC trusted publishing for this package:
-1. Go to [npmjs.com](https://www.npmjs.com/) and navigate to your package settings
-2. Configure the trusted publisher (e.g., GitHub Actions)
-3. Specify the repository and workflow that should be allowed to publish
-4. Use the configured workflow to publish your actual package
-## DO NOT USE THIS PACKAGE
-This package is a placeholder for OIDC configuration only. It:
-- Contains no executable code
-- Provides no functionality
-- Should not be installed as a dependency
-- Exists only for administrative purposes
-## More Information
-For more details about npm's trusted publishing feature, see:
-- [npm Trusted Publishing Documentation](https://docs.npmjs.com/generating-provenance-statements)
-- [GitHub Actions OIDC Documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
----
-**Maintained for OIDC setup purposes only**