@memberjunction/server 3.4.0 → 4.0.0

package/dist/auth/APIKeyScopeAuth.d.ts

@@ -1,18 +1,81 @@
+/**
+ * API Key Scope Authorization Utilities
+ * Provides utilities for checking API key scopes in resolvers
+ * @module @memberjunction/server
+ */
 import { AuthorizationResult } from '@memberjunction/api-keys';
 import { UserInfo } from '@memberjunction/core';
+/**
+ * Application names used by the API Key authorization system
+ */
 export type ApplicationName = 'MJAPI' | 'MCPServer' | 'A2AServer' | string;
+/**
+ * Options for scope authorization
+ */
 export interface ScopeAuthOptions {
+    /** The application making the request (default: 'MJAPI') */
     applicationName?: ApplicationName;
+    /** Resource being accessed (e.g., entity name, action name) */
     resource?: string;
+    /** Whether to throw an error on denied access (default: true) */
     throwOnDenied?: boolean;
 }
+/**
+ * Result of scope authorization check
+ */
 export interface ScopeAuthResult {
+    /** Whether access is allowed */
     Allowed: boolean;
+    /** Human-readable reason for the decision */
     Reason?: string;
+    /** Whether scope checking was performed (false if no API key or enforcement disabled) */
     Checked: boolean;
+    /** All rules evaluated during the check */
     EvaluatedRules?: AuthorizationResult['EvaluatedRules'];
 }
+/**
+ * Check if an API key has the required scope for an operation.
+ *
+ * This function implements the three-tier permission model:
+ * 1. User Permissions - What the user can do (already checked by authentication)
+ * 2. Application Ceiling - Maximum scope the application allows
+ * 3. API Key Scopes - Specific scopes granted to this key
+ *
+ * @param apiKeyId - The API key ID from context.userPayload.apiKeyId
+ * @param scopePath - The scope path required (e.g., 'view:run', 'agent:execute')
+ * @param contextUser - The authenticated user from context.userPayload.userRecord
+ * @param options - Additional options for scope checking
+ * @returns ScopeAuthResult with authorization details
+ * @throws AuthorizationError if access is denied and throwOnDenied is true
+ *
+ * @example
+ * ```typescript
+ * // In a resolver
+ * async runView(@Ctx() ctx: AppContext): Promise<ViewResult> {
+ *   await CheckAPIKeyScope(
+ *     ctx.userPayload.apiKeyId,
+ *     'view:run',
+ *     ctx.userPayload.userRecord,
+ *     { resource: 'User' }
+ *   );
+ *   // ... proceed with operation
+ * }
+ * ```
+ */
 export declare function CheckAPIKeyScope(apiKeyId: string | undefined, scopePath: string, contextUser: UserInfo, options?: ScopeAuthOptions): Promise<ScopeAuthResult>;
+/**
+ * Check if an API key has the required scope and log usage.
+ *
+ * Same as CheckAPIKeyScope but also logs the authorization attempt.
+ * Use this for operations where you want detailed audit trails.
+ *
+ * @param apiKeyId - The API key ID from context.userPayload.apiKeyId
+ * @param scopePath - The scope path required
+ * @param contextUser - The authenticated user
+ * @param usageDetails - Details about the request for logging
+ * @param options - Additional options for scope checking
+ * @returns ScopeAuthResult with authorization details and optional log ID
+ */
 export declare function CheckAPIKeyScopeAndLog(apiKeyId: string | undefined, scopePath: string, contextUser: UserInfo, usageDetails: {
     endpoint: string;
     method: string;
@@ -24,6 +87,25 @@ export declare function CheckAPIKeyScopeAndLog(apiKeyId: string | undefined, sco
 }, options?: ScopeAuthOptions): Promise<ScopeAuthResult & {
     LogId?: string;
 }>;
+/**
+ * Decorator-style function for common scope checks.
+ * Returns a function that can be used in resolvers.
+ *
+ * @param scopePath - The scope path required
+ * @param options - Additional options
+ * @returns A function that performs the scope check
+ *
+ * @example
+ * ```typescript
+ * const requireViewRun = RequireScope('view:run');
+ *
+ * // In resolver
+ * async runView(@Ctx() ctx: AppContext): Promise<ViewResult> {
+ *   await requireViewRun(ctx);
+ *   // ... proceed
+ * }
+ * ```
+ */
 export declare function RequireScope(scopePath: string, options?: Omit<ScopeAuthOptions, 'resource'>): (ctx: {
     userPayload: {
         apiKeyId?: string;

package/dist/auth/APIKeyScopeAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"APIKeyScopeAuth.d.ts","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"AAOA,OAAO,EAAmB,mBAAmB,EAAwB,MAAM,0BAA0B,CAAC;AACtG,OAAO,EAAE,QAAQ,EAAW,MAAM,sBAAsB,CAAC;AAMzD,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,WAAW,GAAG,WAAW,GAAG,MAAM,CAAC;AAK3E,MAAM,WAAW,gBAAgB;IAE7B,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,aAAa,CAAC,EAAE,OAAO,CAAC;CAC3B;AAKD,MAAM,WAAW,eAAe;IAE5B,OAAO,EAAE,OAAO,CAAC;IAEjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,OAAO,EAAE,OAAO,CAAC;IAEjB,cAAc,CAAC,EAAE,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;CAC1D;AA+BD,wBAAsB,gBAAgB,CAClC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,QAAQ,EACrB,OAAO,GAAE,gBAAqB,GAC/B,OAAO,CAAC,eAAe,CAAC,CAmG1B;AAeD,wBAAsB,sBAAsB,CACxC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,QAAQ,EACrB,YAAY,EAAE;IACV,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B,EACD,OAAO,GAAE,gBAAqB,GAC/B,OAAO,CAAC,eAAe,GAAG;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA8H/C;AAqBD,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,GAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAM,SACzE;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,mBAQrG;AAGD,eAAO,MAAM,cAAc,QAXJ;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAWhD,CAAC;AACvD,eAAO,MAAM,eAAe,QAZL;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAY9C,CAAC;AACzD,eAAO,MAAM,mBAAmB,QAbT;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAatC,CAAC"}
+{"version":3,"file":"APIKeyScopeAuth.d.ts","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAmB,mBAAmB,EAAwB,MAAM,0BAA0B,CAAC;AACtG,OAAO,EAAE,QAAQ,EAAW,MAAM,sBAAsB,CAAC;AAGzD;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,WAAW,GAAG,WAAW,GAAG,MAAM,CAAC;AAE3E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC7B,4DAA4D;IAC5D,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,aAAa,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC5B,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yFAAyF;IACzF,OAAO,EAAE,OAAO,CAAC;IACjB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;CAC1D;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAsB,gBAAgB,CAClC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,QAAQ,EACrB,OAAO,GAAE,gBAAqB,GAC/B,OAAO,CAAC,eAAe,CAAC,CAmG1B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,sBAAsB,CACxC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,QAAQ,EACrB,YAAY,EAAE;IACV,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B,EACD,OAAO,GAAE,gBAAqB,GAC/B,OAAO,CAAC,eAAe,GAAG;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA8H/C;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,GAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAM,IAC9E,KAAK;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,EAAE,WAAW,MAAM,mBAQrG;AAGD,eAAO,MAAM,cAAc,QAXJ;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAWhD,CAAC;AACvD,eAAO,MAAM,eAAe,QAZL;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAY9C,CAAC;AACzD,eAAO,MAAM,mBAAmB,QAbT;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAatC,CAAC"}

package/dist/auth/APIKeyScopeAuth.js

@@ -1,8 +1,43 @@
+/**
+ * API Key Scope Authorization Utilities
+ * Provides utilities for checking API key scopes in resolvers
+ * @module @memberjunction/server
+ */
 import { AuthorizationError } from 'type-graphql';
 import { GetAPIKeyEngine } from '@memberjunction/api-keys';
 import { RunView } from '@memberjunction/core';
+/**
+ * Check if an API key has the required scope for an operation.
+ *
+ * This function implements the three-tier permission model:
+ * 1. User Permissions - What the user can do (already checked by authentication)
+ * 2. Application Ceiling - Maximum scope the application allows
+ * 3. API Key Scopes - Specific scopes granted to this key
+ *
+ * @param apiKeyId - The API key ID from context.userPayload.apiKeyId
+ * @param scopePath - The scope path required (e.g., 'view:run', 'agent:execute')
+ * @param contextUser - The authenticated user from context.userPayload.userRecord
+ * @param options - Additional options for scope checking
+ * @returns ScopeAuthResult with authorization details
+ * @throws AuthorizationError if access is denied and throwOnDenied is true
+ *
+ * @example
+ * ```typescript
+ * // In a resolver
+ * async runView(@Ctx() ctx: AppContext): Promise<ViewResult> {
+ *   await CheckAPIKeyScope(
+ *     ctx.userPayload.apiKeyId,
+ *     'view:run',
+ *     ctx.userPayload.userRecord,
+ *     { resource: 'User' }
+ *   );
+ *   // ... proceed with operation
+ * }
+ * ```
+ */
 export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options = {}) {
     const { applicationName = 'MJAPI', resource = '*', throwOnDenied = true } = options;
+    // If no API key ID, not authenticated via API key - skip scope check
     if (!apiKeyId) {
         return {
             Allowed: true,
@@ -11,6 +46,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
         };
     }
     const engine = GetAPIKeyEngine();
+    // Get the API key to find the user ID
     const rv = new RunView();
     const keyResult = await rv.RunView({
         EntityName: 'MJ: API Keys',
@@ -29,6 +65,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
         return result;
     }
     const apiKey = keyResult.Results[0];
+    // Get the application by name
     const appResult = await rv.RunView({
         EntityName: 'MJ: API Applications',
         ExtraFilter: `Name='${applicationName}'`,
@@ -57,6 +94,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
         }
         return result;
     }
+    // Build the authorization request
     const request = {
         APIKeyId: apiKeyId,
         UserId: apiKey.UserID,
@@ -64,6 +102,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
         ScopePath: scopePath,
         Resource: resource
     };
+    // Use the scope evaluator directly (since we already have the key ID)
     const scopeEvaluator = engine.GetScopeEvaluator();
     const authResult = await scopeEvaluator.EvaluateAccess(request, contextUser);
     if (!authResult.Allowed && throwOnDenied) {
@@ -77,8 +116,22 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
         EvaluatedRules: authResult.EvaluatedRules
     };
 }
+/**
+ * Check if an API key has the required scope and log usage.
+ *
+ * Same as CheckAPIKeyScope but also logs the authorization attempt.
+ * Use this for operations where you want detailed audit trails.
+ *
+ * @param apiKeyId - The API key ID from context.userPayload.apiKeyId
+ * @param scopePath - The scope path required
+ * @param contextUser - The authenticated user
+ * @param usageDetails - Details about the request for logging
+ * @param options - Additional options for scope checking
+ * @returns ScopeAuthResult with authorization details and optional log ID
+ */
 export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, usageDetails, options = {}) {
     const { applicationName = 'MJAPI', resource = '*', throwOnDenied = true } = options;
+    // If no API key ID, not authenticated via API key - skip scope check
     if (!apiKeyId) {
         return {
             Allowed: true,
@@ -88,6 +141,7 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
     }
     const engine = GetAPIKeyEngine();
     const rv = new RunView();
+    // Get the API key
     const keyResult = await rv.RunView({
         EntityName: 'MJ: API Keys',
         ExtraFilter: `ID='${apiKeyId}'`,
@@ -105,6 +159,7 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
         return result;
     }
     const apiKey = keyResult.Results[0];
+    // Get the application
     const appResult = await rv.RunView({
         EntityName: 'MJ: API Applications',
         ExtraFilter: `Name='${applicationName}'`,
@@ -122,6 +177,7 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
         return result;
     }
     const app = appResult.Results[0];
+    // Build the authorization request
     const request = {
         APIKeyId: apiKeyId,
         UserId: apiKey.UserID,
@@ -129,8 +185,10 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
         ScopePath: scopePath,
         Resource: resource
     };
+    // Evaluate access
     const scopeEvaluator = engine.GetScopeEvaluator();
     const authResult = await scopeEvaluator.EvaluateAccess(request, contextUser);
+    // Log the usage
     const usageLogger = engine.GetUsageLogger();
     const statusCode = usageDetails.statusCode ?? (authResult.Allowed ? 200 : 403);
     let logId;
@@ -152,11 +210,31 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
         LogId: logId
     };
 }
+/**
+ * Decorator-style function for common scope checks.
+ * Returns a function that can be used in resolvers.
+ *
+ * @param scopePath - The scope path required
+ * @param options - Additional options
+ * @returns A function that performs the scope check
+ *
+ * @example
+ * ```typescript
+ * const requireViewRun = RequireScope('view:run');
+ *
+ * // In resolver
+ * async runView(@Ctx() ctx: AppContext): Promise<ViewResult> {
+ *   await requireViewRun(ctx);
+ *   // ... proceed
+ * }
+ * ```
+ */
 export function RequireScope(scopePath, options = {}) {
     return async (ctx, resource) => {
         await CheckAPIKeyScope(ctx.userPayload.apiKeyId, scopePath, ctx.userPayload.userRecord, { ...options, resource });
     };
 }
+// Pre-built scope checkers for common operations
 export const RequireViewRun = RequireScope('view:run');
 export const RequireQueryRun = RequireScope('query:run');
 export const RequireAgentExecute = RequireScope('agent:execute');

package/dist/auth/APIKeyScopeAuth.js.map

@@ -1 +1 @@
-{"version":3,"file":"APIKeyScopeAuth.js","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,eAAe,EAA6C,MAAM,0BAA0B,CAAC;AACtG,OAAO,EAAY,OAAO,EAAE,MAAM,sBAAsB,CAAC;AA+DzD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAClC,QAA4B,EAC5B,SAAiB,EACjB,WAAqB,EACrB,UAA4B,EAAE;IAE9B,MAAM,EACF,eAAe,GAAG,OAAO,EACzB,QAAQ,GAAG,GAAG,EACd,aAAa,GAAG,IAAI,EACvB,GAAG,OAAO,CAAC;IAGZ,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,OAAO;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,+BAA+B;SAC1C,CAAC;IACN,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IAGjC,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAe;QAC7C,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE,OAAO,QAAQ,GAAG;QAC/B,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,mBAAmB;SAC9B,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAGpC,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAuB;QACrD,UAAU,EAAE,sBAAsB;QAClC,WAAW,EAAE,SAAS,eAAe,GAAG;QACxC,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,wBAAwB,eAAe,EAAE;SACpD,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAChB,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,8BAA8B,eAAe,EAAE;SAC1D,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAGD,MAAM,OAAO,GAAyB;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,aAAa,EAAE,GAAG,CAAC,EAAE;QACrB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IAGF,MAAM,cAAc,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAE7E,IAAI,CAAC,UAAU,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,IAAI,kBAAkB,CACxB,+CAA+C,YAAY,KAAK,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,CAC5F,CAAC;IACN,CAAC;IAED,OAAO;QACH,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,UAAU,CAAC,cAAc;KAC5C,CAAC;AACN,CAAC;AAeD,MAAM,CAAC,KAAK,UAAU,sBAAsB,CACxC,QAA4B,EAC5B,SAAiB,EACjB,WAAqB,EACrB,YAQC,EACD,UAA4B,EAAE;IAE9B,MAAM,EACF,eAAe,GAAG,OAAO,EACzB,QAAQ,GAAG,GAAG,EACd,aAAa,GAAG,IAAI,EACvB,GAAG,OAAO,CAAC;IAGZ,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,OAAO;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,+BAA+B;SAC1C,CAAC;IACN,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;IAGzB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAe;QAC7C,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE,OAAO,QAAQ,GAAG;QAC/B,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAyC;YACjD,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,mBAAmB;SAC9B,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAGpC,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAuB;QACrD,UAAU,EAAE,sBAAsB;QAClC,WAAW,EAAE,SAAS,eAAe,GAAG;QACxC,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAyC;YACjD,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,wBAAwB,eAAe,EAAE;SACpD,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAGjC,MAAM,OAAO,GAAyB;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,aAAa,EAAE,GAAG,CAAC,EAAE;QACrB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IAGF,MAAM,cAAc,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAG7E,MAAM,WAAW,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IAC5C,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE/E,IAAI,KAAyB,CAAC;IAC9B,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACrB,KAAK,GAAG,CAAC,MAAM,WAAW,CAAC,UAAU,CACjC,QAAQ,EACR,GAAG,CAAC,EAAE,EACN,YAAY,CAAC,QAAQ,EACrB,YAAY,CAAC,aAAa,IAAI,IAAI,EAClC,YAAY,CAAC,MAAM,EACnB,UAAU,EACV,YAAY,CAAC,cAAc,IAAI,IAAI,EACnC,QAAQ,EACR,UAAU,CAAC,cAAc,EACzB,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,WAAW,CACd,CAAC,IAAI,SAAS,CAAC;IACpB,CAAC;SAAM,CAAC;QACJ,KAAK,GAAG,CAAC,MAAM,WAAW,CAAC,SAAS,CAChC,QAAQ,EACR,GAAG,CAAC,EAAE,EACN,YAAY,CAAC,QAAQ,EACrB,YAAY,CAAC,aAAa,IAAI,IAAI,EAClC,YAAY,CAAC,MAAM,EACnB,UAAU,EACV,YAAY,CAAC,cAAc,IAAI,IAAI,EACnC,QAAQ,EACR,UAAU,CAAC,cAAc,EACzB,UAAU,CAAC,MAAM,EACjB,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,WAAW,CACd,CAAC,IAAI,SAAS,CAAC;IACpB,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,IAAI,kBAAkB,CACxB,+CAA+C,YAAY,KAAK,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,CAC5F,CAAC;IACN,CAAC;IAED,OAAO;QACH,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,KAAK,EAAE,KAAK;KACf,CAAC;AACN,CAAC;AAqBD,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,UAA8C,EAAE;IAC5F,OAAO,KAAK,EAAE,GAAiE,EAAE,QAAiB,EAAE,EAAE;QAClG,MAAM,gBAAgB,CAClB,GAAG,CAAC,WAAW,CAAC,QAAQ,EACxB,SAAS,EACT,GAAG,CAAC,WAAW,CAAC,UAAU,EAC1B,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE,CAC3B,CAAC;IACN,CAAC,CAAC;AACN,CAAC;AAGD,MAAM,CAAC,MAAM,cAAc,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AACvD,MAAM,CAAC,MAAM,eAAe,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,mBAAmB,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC"}
+{"version":3,"file":"APIKeyScopeAuth.js","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,eAAe,EAA6C,MAAM,0BAA0B,CAAC;AACtG,OAAO,EAAY,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAkCzD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAClC,QAA4B,EAC5B,SAAiB,EACjB,WAAqB,EACrB,UAA4B,EAAE;IAE9B,MAAM,EACF,eAAe,GAAG,OAAO,EACzB,QAAQ,GAAG,GAAG,EACd,aAAa,GAAG,IAAI,EACvB,GAAG,OAAO,CAAC;IAEZ,qEAAqE;IACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,OAAO;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,+BAA+B;SAC1C,CAAC;IACN,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IAEjC,sCAAsC;IACtC,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAe;QAC7C,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE,OAAO,QAAQ,GAAG;QAC/B,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,mBAAmB;SAC9B,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEpC,8BAA8B;IAC9B,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAuB;QACrD,UAAU,EAAE,sBAAsB;QAClC,WAAW,EAAE,SAAS,eAAe,GAAG;QACxC,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,wBAAwB,eAAe,EAAE;SACpD,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAChB,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,8BAA8B,eAAe,EAAE;SAC1D,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAyB;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,aAAa,EAAE,GAAG,CAAC,EAAE;QACrB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IAEF,sEAAsE;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAE7E,IAAI,CAAC,UAAU,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,IAAI,kBAAkB,CACxB,+CAA+C,YAAY,KAAK,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,CAC5F,CAAC;IACN,CAAC;IAED,OAAO;QACH,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,UAAU,CAAC,cAAc;KAC5C,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CACxC,QAA4B,EAC5B,SAAiB,EACjB,WAAqB,EACrB,YAQC,EACD,UAA4B,EAAE;IAE9B,MAAM,EACF,eAAe,GAAG,OAAO,EACzB,QAAQ,GAAG,GAAG,EACd,aAAa,GAAG,IAAI,EACvB,GAAG,OAAO,CAAC;IAEZ,qEAAqE;IACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,OAAO;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,+BAA+B;SAC1C,CAAC;IACN,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;IAEzB,kBAAkB;IAClB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAe;QAC7C,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE,OAAO,QAAQ,GAAG;QAC/B,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAyC;YACjD,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,mBAAmB;SAC9B,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEpC,sBAAsB;IACtB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAuB;QACrD,UAAU,EAAE,sBAAsB;QAClC,WAAW,EAAE,SAAS,eAAe,GAAG;QACxC,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAyC;YACjD,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,wBAAwB,eAAe,EAAE;SACpD,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEjC,kCAAkC;IAClC,MAAM,OAAO,GAAyB;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,aAAa,EAAE,GAAG,CAAC,EAAE;QACrB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IAEF,kBAAkB;IAClB,MAAM,cAAc,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAE7E,gBAAgB;IAChB,MAAM,WAAW,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IAC5C,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE/E,IAAI,KAAyB,CAAC;IAC9B,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACrB,KAAK,GAAG,CAAC,MAAM,WAAW,CAAC,UAAU,CACjC,QAAQ,EACR,GAAG,CAAC,EAAE,EACN,YAAY,CAAC,QAAQ,EACrB,YAAY,CAAC,aAAa,IAAI,IAAI,EAClC,YAAY,CAAC,MAAM,EACnB,UAAU,EACV,YAAY,CAAC,cAAc,IAAI,IAAI,EACnC,QAAQ,EACR,UAAU,CAAC,cAAc,EACzB,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,WAAW,CACd,CAAC,IAAI,SAAS,CAAC;IACpB,CAAC;SAAM,CAAC;QACJ,KAAK,GAAG,CAAC,MAAM,WAAW,CAAC,SAAS,CAChC,QAAQ,EACR,GAAG,CAAC,EAAE,EACN,YAAY,CAAC,QAAQ,EACrB,YAAY,CAAC,aAAa,IAAI,IAAI,EAClC,YAAY,CAAC,MAAM,EACnB,UAAU,EACV,YAAY,CAAC,cAAc,IAAI,IAAI,EACnC,QAAQ,EACR,UAAU,CAAC,cAAc,EACzB,UAAU,CAAC,MAAM,EACjB,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,WAAW,CACd,CAAC,IAAI,SAAS,CAAC;IACpB,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,IAAI,kBAAkB,CACxB,+CAA+C,YAAY,KAAK,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,CAC5F,CAAC;IACN,CAAC;IAED,OAAO;QACH,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,KAAK,EAAE,KAAK;KACf,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,UAA8C,EAAE;IAC5F,OAAO,KAAK,EAAE,GAAiE,EAAE,QAAiB,EAAE,EAAE;QAClG,MAAM,gBAAgB,CAClB,GAAG,CAAC,WAAW,CAAC,QAAQ,EACxB,SAAS,EACT,GAAG,CAAC,WAAW,CAAC,UAAU,EAC1B,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE,CAC3B,CAAC;IACN,CAAC,CAAC;AACN,CAAC;AAED,iDAAiD;AACjD,MAAM,CAAC,MAAM,cAAc,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AACvD,MAAM,CAAC,MAAM,eAAe,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,mBAAmB,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC"}

package/dist/auth/AuthProviderFactory.d.ts

@@ -5,20 +5,55 @@ import './providers/MSALProvider.js';
 import './providers/OktaProvider.js';
 import './providers/CognitoProvider.js';
 import './providers/GoogleProvider.js';
+/**
+ * Factory and registry for managing authentication providers
+ * Combines provider creation and lifecycle management in a single class
+ */
 export declare class AuthProviderFactory {
     private static instance;
     private providers;
     private issuerCache;
     private constructor();
+    /**
+     * Gets the singleton instance of the factory
+     */
     static getInstance(): AuthProviderFactory;
+    /**
+     * Creates an authentication provider instance based on configuration
+     * Uses MJGlobal ClassFactory to instantiate the correct provider class
+     */
     static createProvider(config: AuthProviderConfig): IAuthProvider;
+    /**
+     * Registers a new authentication provider
+     */
     register(provider: IAuthProvider): void;
+    /**
+     * Gets a provider by its issuer URL
+     */
     getByIssuer(issuer: string): IAuthProvider | undefined;
+    /**
+     * Gets a provider by its name
+     */
     getByName(name: string): IAuthProvider | undefined;
+    /**
+     * Gets all registered providers
+     */
     getAllProviders(): IAuthProvider[];
+    /**
+     * Checks if any providers are registered
+     */
     hasProviders(): boolean;
+    /**
+     * Clears all registered providers (useful for testing)
+     */
     clear(): void;
+    /**
+     * Gets all registered provider types from the ClassFactory
+     */
     static getRegisteredProviderTypes(): string[];
+    /**
+     * Checks if a provider type is registered
+     */
     static isProviderTypeRegistered(type: string): boolean;
 }
 //# sourceMappingURL=AuthProviderFactory.d.ts.map

package/dist/auth/AuthProviderFactory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthProviderFactory.d.ts","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKnD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAMvC,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAsB;IAC7C,OAAO,CAAC,SAAS,CAAyC;IAC1D,OAAO,CAAC,WAAW,CAAyC;IAE5D,OAAO;IAKP,MAAM,CAAC,WAAW,IAAI,mBAAmB;IAWzC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,kBAAkB,GAAG,aAAa;IAyBhE,QAAQ,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI;IAgBvC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAqBtD,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAOlD,eAAe,IAAI,aAAa,EAAE;IAOlC,YAAY,IAAI,OAAO;IAOvB,KAAK,IAAI,IAAI;IAQb,MAAM,CAAC,0BAA0B,IAAI,MAAM,EAAE;IAc7C,MAAM,CAAC,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CASvD"}
+{"version":3,"file":"AuthProviderFactory.d.ts","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKnD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAEvC;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAsB;IAC7C,OAAO,CAAC,SAAS,CAAyC;IAC1D,OAAO,CAAC,WAAW,CAAyC;IAE5D,OAAO;IAEP;;OAEG;IACH,MAAM,CAAC,WAAW,IAAI,mBAAmB;IAOzC;;;OAGG;IACH,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,kBAAkB,GAAG,aAAa;IAsBhE;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI;IAavC;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAkBtD;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAIlD;;OAEG;IACH,eAAe,IAAI,aAAa,EAAE;IAIlC;;OAEG;IACH,YAAY,IAAI,OAAO;IAIvB;;OAEG;IACH,KAAK,IAAI,IAAI;IAKb;;OAEG;IACH,MAAM,CAAC,0BAA0B,IAAI,MAAM,EAAE;IAW7C;;OAEG;IACH,MAAM,CAAC,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CASvD"}

package/dist/auth/AuthProviderFactory.js

@@ -1,23 +1,38 @@
 import { BaseAuthProvider } from './BaseAuthProvider.js';
 import { MJGlobal } from '@memberjunction/global';
+// Import providers to ensure they're registered
 import './providers/Auth0Provider.js';
 import './providers/MSALProvider.js';
 import './providers/OktaProvider.js';
 import './providers/CognitoProvider.js';
 import './providers/GoogleProvider.js';
+/**
+ * Factory and registry for managing authentication providers
+ * Combines provider creation and lifecycle management in a single class
+ */
 export class AuthProviderFactory {
-    static instance;
-    providers = new Map();
-    issuerCache = new Map();
-    constructor() { }
+    constructor() {
+        this.providers = new Map();
+        this.issuerCache = new Map();
+    }
+    /**
+     * Gets the singleton instance of the factory
+     */
     static getInstance() {
         if (!AuthProviderFactory.instance) {
             AuthProviderFactory.instance = new AuthProviderFactory();
         }
         return AuthProviderFactory.instance;
     }
+    /**
+     * Creates an authentication provider instance based on configuration
+     * Uses MJGlobal ClassFactory to instantiate the correct provider class
+     */
     static createProvider(config) {
         try {
+            // Use MJGlobal ClassFactory to create the provider instance
+            // The provider type in config should match the key used in @RegisterClass
+            // The config is passed as a constructor parameter via the spread operator
             const provider = MJGlobal.Instance.ClassFactory.CreateInstance(BaseAuthProvider, config.type.toLowerCase(), config);
             if (!provider) {
                 throw new Error(`No provider registered for type: ${config.type}`);
@@ -29,48 +44,80 @@ export class AuthProviderFactory {
             throw new Error(`Failed to create authentication provider for type '${config.type}': ${message}`);
         }
     }
+    /**
+     * Registers a new authentication provider
+     */
     register(provider) {
         if (!provider.validateConfig()) {
             throw new Error(`Invalid configuration for provider: ${provider.name}`);
         }
         this.providers.set(provider.name, provider);
+        // Clear issuer cache when registering new provider
         this.issuerCache.clear();
         console.log(`Registered auth provider: ${provider.name} with issuer: ${provider.issuer}`);
     }
+    /**
+     * Gets a provider by its issuer URL
+     */
     getByIssuer(issuer) {
+        // Check cache first
         if (this.issuerCache.has(issuer)) {
             return this.issuerCache.get(issuer);
         }
+        // Search through providers
         for (const provider of this.providers.values()) {
             if (provider.matchesIssuer(issuer)) {
+                // Cache for future lookups
                 this.issuerCache.set(issuer, provider);
                 return provider;
             }
         }
         return undefined;
     }
+    /**
+     * Gets a provider by its name
+     */
     getByName(name) {
         return this.providers.get(name);
     }
+    /**
+     * Gets all registered providers
+     */
     getAllProviders() {
         return Array.from(this.providers.values());
     }
+    /**
+     * Checks if any providers are registered
+     */
     hasProviders() {
         return this.providers.size > 0;
     }
+    /**
+     * Clears all registered providers (useful for testing)
+     */
     clear() {
         this.providers.clear();
         this.issuerCache.clear();
     }
+    /**
+     * Gets all registered provider types from the ClassFactory
+     */
     static getRegisteredProviderTypes() {
+        // Get all registrations for BaseAuthProvider from ClassFactory
         const registrations = MJGlobal.Instance.ClassFactory.GetAllRegistrations(BaseAuthProvider);
+        // Extract unique keys (provider types) from registrations
         const providerTypes = registrations
             .map(reg => reg.Key)
             .filter((key) => key !== null && key !== undefined);
+        // Return unique provider types
         return Array.from(new Set(providerTypes));
     }
+    /**
+     * Checks if a provider type is registered
+     */
     static isProviderTypeRegistered(type) {
         try {
+            // Try to get the registration for this specific type
             const registration = MJGlobal.Instance.ClassFactory.GetRegistration(BaseAuthProvider, type.toLowerCase());
             return registration !== null && registration !== undefined;
         }

package/dist/auth/AuthProviderFactory.js.map

@@ -1 +1 @@
-{"version":3,"file":"AuthProviderFactory.js","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAGlD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAMvC,MAAM,OAAO,mBAAmB;IACtB,MAAM,CAAC,QAAQ,CAAsB;IACrC,SAAS,GAA+B,IAAI,GAAG,EAAE,CAAC;IAClD,WAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IAE5D,gBAAuB,CAAC;IAKxB,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YAClC,mBAAmB,CAAC,QAAQ,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,mBAAmB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAMD,MAAM,CAAC,cAAc,CAAC,MAA0B;QAC9C,IAAI,CAAC;YAIH,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,cAAc,CAC5D,gBAAgB,EAChB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EACzB,MAAM,CACP,CAAC;YAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,sDAAsD,MAAM,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;QACpG,CAAC;IACH,CAAC;IAKD,QAAQ,CAAC,QAAuB;QAC9B,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAG5C,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QAEzB,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,CAAC,IAAI,iBAAiB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAKD,WAAW,CAAC,MAAc;QAExB,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAGD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;gBAEnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKD,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAKD,eAAe;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAKD,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;IACjC,CAAC;IAKD,KAAK;QACH,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAKD,MAAM,CAAC,0BAA0B;QAE/B,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;QAE3F,MAAM,aAAa,GAAG,aAAa;aAChC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;aACnB,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC;QAErE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5C,CAAC;IAKD,MAAM,CAAC,wBAAwB,CAAC,IAAY;QAC1C,IAAI,CAAC;YAEH,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,eAAe,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1G,OAAO,YAAY,KAAK,IAAI,IAAI,YAAY,KAAK,SAAS,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"AuthProviderFactory.js","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAElD,gDAAgD;AAChD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAEvC;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IAK9B;QAHQ,cAAS,GAA+B,IAAI,GAAG,EAAE,CAAC;QAClD,gBAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IAErC,CAAC;IAExB;;OAEG;IACH,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YAClC,mBAAmB,CAAC,QAAQ,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,mBAAmB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,cAAc,CAAC,MAA0B;QAC9C,IAAI,CAAC;YACH,4DAA4D;YAC5D,0EAA0E;YAC1E,0EAA0E;YAC1E,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,cAAc,CAC5D,gBAAgB,EAChB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EACzB,MAAM,CACP,CAAC;YAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,sDAAsD,MAAM,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;QACpG,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,QAAuB;QAC9B,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE5C,mDAAmD;QACnD,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QAEzB,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,CAAC,IAAI,iBAAiB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,MAAc;QACxB,oBAAoB;QACpB,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;gBACnC,2BAA2B;gBAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,0BAA0B;QAC/B,+DAA+D;QAC/D,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;QAC3F,0DAA0D;QAC1D,MAAM,aAAa,GAAG,aAAa;aAChC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;aACnB,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC;QACrE,+BAA+B;QAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,wBAAwB,CAAC,IAAY;QAC1C,IAAI,CAAC;YACH,qDAAqD;YACrD,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,eAAe,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1G,OAAO,YAAY,KAAK,IAAI,IAAI,YAAY,KAAK,SAAS,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/auth/BaseAuthProvider.d.ts

@@ -2,19 +2,40 @@ import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
 import jwksClient from 'jwks-rsa';
 import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
 import { IAuthProvider } from './IAuthProvider.js';
+/**
+ * Base implementation of IAuthProvider with common functionality
+ * Concrete providers should extend this class and use @RegisterClass decorator
+ * with BaseAuthProvider as the base class
+ */
 export declare abstract class BaseAuthProvider implements IAuthProvider {
     name: string;
     issuer: string;
     audience: string;
     jwksUri: string;
+    /** OAuth client ID for this provider (used by OAuth proxy for upstream auth) */
     clientId?: string;
     protected config: AuthProviderConfig;
     protected jwksClient: jwksClient.JwksClient;
     constructor(config: AuthProviderConfig);
+    /**
+     * Validates that required configuration is present
+     */
     validateConfig(): boolean;
+    /**
+     * Gets the signing key for token verification with retry logic
+     */
     getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void;
+    /**
+     * Retrieves signing key with exponential backoff retry logic
+     */
     private getSigningKeyWithRetry;
+    /**
+     * Checks if a given issuer URL belongs to this provider
+     */
     matchesIssuer(issuer: string): boolean;
+    /**
+     * Abstract method for extracting user info - must be implemented by each provider
+     */
     abstract extractUserInfo(payload: JwtPayload): AuthUserInfo;
 }
 //# sourceMappingURL=BaseAuthProvider.d.ts.map

package/dist/auth/BaseAuthProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"BaseAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AASnD,8BAAsB,gBAAiB,YAAW,aAAa;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACrC,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC;gBAEhC,MAAM,EAAE,kBAAkB;IAuCtC,cAAc,IAAI,OAAO;IAOzB,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;YAetD,sBAAsB;IA0CpC,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAUtC,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY;CAC5D"}
+{"version":3,"file":"BaseAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAInD;;;;GAIG;AACH,8BAAsB,gBAAiB,YAAW,aAAa;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,gFAAgF;IAChF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACrC,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC;gBAEhC,MAAM,EAAE,kBAAkB;IAoCtC;;OAEG;IACH,cAAc,IAAI,OAAO;IAIzB;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;IAYpE;;OAEG;YACW,sBAAsB;IAuCpC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAOtC;;OAEG;IACH,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY;CAC5D"}

package/dist/auth/BaseAuthProvider.js

@@ -1,14 +1,12 @@
 import jwksClient from 'jwks-rsa';
 import https from 'https';
 import http from 'http';
+/**
+ * Base implementation of IAuthProvider with common functionality
+ * Concrete providers should extend this class and use @RegisterClass decorator
+ * with BaseAuthProvider as the base class
+ */
 export class BaseAuthProvider {
-    name;
-    issuer;
-    audience;
-    jwksUri;
-    clientId;
-    config;
-    jwksClient;
     constructor(config) {
         this.config = config;
         this.name = config.name;
@@ -16,6 +14,7 @@ export class BaseAuthProvider {
         this.audience = config.audience;
         this.jwksUri = config.jwksUri;
         this.clientId = config.clientId;
+        // Create HTTP agent with keep-alive to prevent socket hangups
         const agent = this.jwksUri.startsWith('https')
             ? new https.Agent({
                 keepAlive: true,
@@ -31,18 +30,25 @@ export class BaseAuthProvider {
                 maxFreeSockets: 10,
                 timeout: 60000
             });
+        // Initialize JWKS client with connection pooling and extended timeout
         this.jwksClient = jwksClient({
             jwksUri: this.jwksUri,
             cache: true,
             cacheMaxEntries: 5,
-            cacheMaxAge: 600000,
-            timeout: 60000,
+            cacheMaxAge: 600000, // 10 minutes
+            timeout: 60000, // 60 seconds (increased from default 30s)
             requestAgent: agent
         });
     }
+    /**
+     * Validates that required configuration is present
+     */
     validateConfig() {
         return !!(this.name && this.issuer && this.audience && this.jwksUri);
     }
+    /**
+     * Gets the signing key for token verification with retry logic
+     */
     getSigningKey(header, callback) {
         this.getSigningKeyWithRetry(header, 3, 1000)
             .then((key) => {
@@ -54,6 +60,9 @@ export class BaseAuthProvider {
             callback(err);
         });
     }
+    /**
+     * Retrieves signing key with exponential backoff retry logic
+     */
     async getSigningKeyWithRetry(header, maxRetries, initialDelayMs) {
         let lastError;
         for (let attempt = 0; attempt <= maxRetries; attempt++) {
@@ -62,6 +71,7 @@ export class BaseAuthProvider {
             }
             catch (err) {
                 lastError = err instanceof Error ? err : new Error(String(err));
+                // Check if this is a connection error that's worth retrying
                 const isRetryableError = lastError.message.includes('socket hang up') ||
                     lastError.message.includes('ECONNRESET') ||
                     lastError.message.includes('ETIMEDOUT') ||
@@ -70,6 +80,7 @@ export class BaseAuthProvider {
                 if (!isRetryableError || attempt === maxRetries) {
                     throw lastError;
                 }
+                // Exponential backoff: wait longer between each retry
                 const delayMs = initialDelayMs * Math.pow(2, attempt);
                 console.warn(`Attempt ${attempt + 1}/${maxRetries + 1} failed for provider ${this.name}. ` +
                     `Retrying in ${delayMs}ms... Error: ${lastError.message}`);
@@ -78,7 +89,11 @@ export class BaseAuthProvider {
         }
         throw lastError || new Error('Failed to retrieve signing key');
     }
+    /**
+     * Checks if a given issuer URL belongs to this provider
+     */
     matchesIssuer(issuer) {
+        // Handle trailing slashes and case sensitivity
         const normalizedIssuer = issuer.toLowerCase().replace(/\/$/, '');
         const normalizedProviderIssuer = this.issuer.toLowerCase().replace(/\/$/, '');
         return normalizedIssuer === normalizedProviderIssuer;