@metamask-previews/profile-sync-controller 27.1.0-preview-378ea32e1 → 27.1.0-preview-d7e023427
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -1
- package/dist/controllers/authentication/mocks/mockResponses.cjs +44 -5
- package/dist/controllers/authentication/mocks/mockResponses.cjs.map +1 -1
- package/dist/controllers/authentication/mocks/mockResponses.d.cts +9 -0
- package/dist/controllers/authentication/mocks/mockResponses.d.cts.map +1 -1
- package/dist/controllers/authentication/mocks/mockResponses.d.mts +9 -0
- package/dist/controllers/authentication/mocks/mockResponses.d.mts.map +1 -1
- package/dist/controllers/authentication/mocks/mockResponses.mjs +42 -4
- package/dist/controllers/authentication/mocks/mockResponses.mjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.cjs +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.cjs.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.cts +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.cts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.mts +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.d.mts.map +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.mjs +1 -1
- package/dist/sdk/authentication-jwt-bearer/flow-siwe.mjs.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -30,7 +30,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
30
30
|
- `getBearerToken`, `getSessionProfile`, and `getUserProfileLineage` now resolve `undefined` `entropySourceId` to the primary SRP entropy source ID via the message-signing snap before delegating to the auth SDK
|
|
31
31
|
- This also eliminates a login deduplication race condition where `getBearerToken(undefined)` and `getBearerToken("primary-srp-id")` would trigger two independent OIDC logins for the same identity
|
|
32
32
|
- Add client-side JWT `exp` claim validation to prevent stale cached tokens from being returned ([#8144](https://github.com/MetaMask/core/pull/8144))
|
|
33
|
-
-
|
|
33
|
+
- `validateLoginResponse` now decodes the JWT `exp` claim and rejects tokens that have actually expired, regardless of client-side TTL tracking (`obtainedAt`/`expiresIn`)
|
|
34
|
+
- **BREAKING:** Non-JWT access tokens are now rejected as invalid. In production this has no effect (access tokens are always JWTs from the OIDC server), but E2E test mocks that use raw identifier strings as access tokens must be updated. `getMockAuthAccessTokenResponse` now wraps identifiers in a JWT; consumers should use `getE2EIdentifierFromJwt` (newly exported) to extract the identifier from the bearer token in mock servers.
|
|
34
35
|
- Update `getUserProfileLineage` to accept an optional `entropySourceId` parameter ([#8144](https://github.com/MetaMask/core/pull/8144))
|
|
35
36
|
|
|
36
37
|
## [27.1.0]
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getMockAuthAccessTokenResponse = exports.MOCK_OATH_TOKEN_RESPONSE = exports.getMockAuthLoginResponse = exports.MOCK_LOGIN_RESPONSE = exports.getMockAuthNonceResponse = exports.MOCK_JWT = exports.MOCK_NONCE = exports.MOCK_NONCE_RESPONSE = void 0;
|
|
3
|
+
exports.getMockAuthAccessTokenResponse = exports.getE2EIdentifierFromJwt = exports.MOCK_OATH_TOKEN_RESPONSE = exports.getMockAuthLoginResponse = exports.MOCK_LOGIN_RESPONSE = exports.getMockAuthNonceResponse = exports.MOCK_JWT = exports.MOCK_NONCE = exports.MOCK_NONCE_RESPONSE = void 0;
|
|
4
4
|
const auth_1 = require("../../../sdk/mocks/auth.cjs");
|
|
5
5
|
exports.MOCK_NONCE_RESPONSE = auth_1.MOCK_NONCE_RESPONSE;
|
|
6
6
|
exports.MOCK_NONCE = exports.MOCK_NONCE_RESPONSE.nonce;
|
|
@@ -47,18 +47,57 @@ const getMockAuthLoginResponse = () => {
|
|
|
47
47
|
};
|
|
48
48
|
exports.getMockAuthLoginResponse = getMockAuthLoginResponse;
|
|
49
49
|
exports.MOCK_OATH_TOKEN_RESPONSE = auth_1.MOCK_OIDC_TOKEN_RESPONSE;
|
|
50
|
+
const MOCK_JWT_FAR_FUTURE_EXP = 4102444800; // 2100-01-01
|
|
51
|
+
/**
|
|
52
|
+
* Wraps a plain-text identifier in a minimal JWT so that client-side
|
|
53
|
+
* JWT validation (exp check) passes in E2E tests. The identifier is
|
|
54
|
+
* stored in the `sub` claim and can be extracted via {@link getE2EIdentifierFromJwt}.
|
|
55
|
+
*
|
|
56
|
+
* @param identifier - The plain-text E2E identifier to wrap.
|
|
57
|
+
* @returns A JWT-shaped string containing the identifier.
|
|
58
|
+
*/
|
|
59
|
+
const wrapInMockJwt = (identifier) => {
|
|
60
|
+
const header = btoa(JSON.stringify({ alg: 'none', typ: 'JWT' }));
|
|
61
|
+
const payload = btoa(JSON.stringify({ sub: identifier, exp: MOCK_JWT_FAR_FUTURE_EXP }));
|
|
62
|
+
return `${header}.${payload}.mock`;
|
|
63
|
+
};
|
|
64
|
+
/**
|
|
65
|
+
* Extracts the E2E identifier (`sub` claim) from a mock JWT created
|
|
66
|
+
* by {@link wrapInMockJwt}. Falls back to returning the raw token if
|
|
67
|
+
* decoding fails (backward compatibility with raw-identifier headers).
|
|
68
|
+
*
|
|
69
|
+
* @param token - A bearer token string (JWT or raw identifier).
|
|
70
|
+
* @returns The decoded identifier, or the original token as-is.
|
|
71
|
+
*/
|
|
72
|
+
const getE2EIdentifierFromJwt = (token) => {
|
|
73
|
+
try {
|
|
74
|
+
const parts = token.split('.');
|
|
75
|
+
if (parts.length === 3) {
|
|
76
|
+
const { sub } = JSON.parse(atob(parts[1]));
|
|
77
|
+
if (typeof sub === 'string' && sub.length > 0) {
|
|
78
|
+
return sub;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
// not a JWT — fall through
|
|
84
|
+
}
|
|
85
|
+
return token;
|
|
86
|
+
};
|
|
87
|
+
exports.getE2EIdentifierFromJwt = getE2EIdentifierFromJwt;
|
|
50
88
|
const getMockAuthAccessTokenResponse = () => {
|
|
51
89
|
return {
|
|
52
90
|
url: auth_1.MOCK_OIDC_TOKEN_URL,
|
|
53
91
|
requestMethod: 'POST',
|
|
54
92
|
response: (requestJsonBody) => {
|
|
55
|
-
// We
|
|
56
|
-
//
|
|
57
|
-
// and used to segregate data in the test environment
|
|
93
|
+
// We wrap the e2eIdentifier in a JWT so client-side JWT validation passes.
|
|
94
|
+
// The mock server extracts the identifier back via getE2EIdentifierFromJwt.
|
|
58
95
|
const e2eIdentifier = new URLSearchParams(requestJsonBody).get('assertion');
|
|
59
96
|
return {
|
|
60
97
|
...exports.MOCK_OATH_TOKEN_RESPONSE,
|
|
61
|
-
access_token: e2eIdentifier
|
|
98
|
+
access_token: e2eIdentifier
|
|
99
|
+
? wrapInMockJwt(e2eIdentifier)
|
|
100
|
+
: exports.MOCK_OATH_TOKEN_RESPONSE.access_token,
|
|
62
101
|
};
|
|
63
102
|
},
|
|
64
103
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.cjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":";;;AAAA,sDAQiC;AAQpB,QAAA,mBAAmB,GAAG,0BAAuB,CAAC;AAC9C,QAAA,UAAU,GAAG,2BAAmB,CAAC,KAAK,CAAC;AACvC,QAAA,QAAQ,GAAG,eAAY,CAAC;AAE9B,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,qBAAc;QACnB,aAAa,EAAE,KAAK;QACpB,QAAQ,EAAE,CACR,CAAW,EACX,IAAa,EACb,+BAA+D,EAC/D,EAAE;YACF,2FAA2F;YAC3F,oEAAoE;YACpE,MAAM,UAAU,GAAG,IAAI,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,+BAA+B,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,2BAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,2BAAmB,CAAC,KAAK;gBACjD,UAAU,EAAE,2BAAmB,CAAC,UAAU;aAC3C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AArBW,QAAA,wBAAwB,4BAqBnC;AAEW,QAAA,mBAAmB,GAAG,8BAA2B,CAAC;AAExD,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,yBAAkB;QACvB,aAAa,EAAE,MAAM;QACrB,mHAAmH;QACnH,+DAA+D;QAC/D,QAAQ,EAAE,CAAC,eAAyC,EAAE,EAAE;YACtD,MAAM,kBAAkB,GAAG,eAAe,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,kBAAkB,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,2BAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,2BAAmB,CAAC,KAAK;gBACjD,OAAO,EAAE;oBACP,GAAG,2BAAmB,CAAC,OAAO;oBAC9B,UAAU,EAAE,aAAa,IAAI,2BAAmB,CAAC,OAAO,CAAC,UAAU;oBACnE,aAAa,EACX,aAAa,IAAI,2BAAmB,CAAC,OAAO,CAAC,aAAa;iBAC7D;aACF,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAtBW,QAAA,wBAAwB,4BAsBnC;AAEW,QAAA,wBAAwB,GAAG,+BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"mockResponses.cjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":";;;AAAA,sDAQiC;AAQpB,QAAA,mBAAmB,GAAG,0BAAuB,CAAC;AAC9C,QAAA,UAAU,GAAG,2BAAmB,CAAC,KAAK,CAAC;AACvC,QAAA,QAAQ,GAAG,eAAY,CAAC;AAE9B,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,qBAAc;QACnB,aAAa,EAAE,KAAK;QACpB,QAAQ,EAAE,CACR,CAAW,EACX,IAAa,EACb,+BAA+D,EAC/D,EAAE;YACF,2FAA2F;YAC3F,oEAAoE;YACpE,MAAM,UAAU,GAAG,IAAI,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,+BAA+B,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,2BAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,2BAAmB,CAAC,KAAK;gBACjD,UAAU,EAAE,2BAAmB,CAAC,UAAU;aAC3C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AArBW,QAAA,wBAAwB,4BAqBnC;AAEW,QAAA,mBAAmB,GAAG,8BAA2B,CAAC;AAExD,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,yBAAkB;QACvB,aAAa,EAAE,MAAM;QACrB,mHAAmH;QACnH,+DAA+D;QAC/D,QAAQ,EAAE,CAAC,eAAyC,EAAE,EAAE;YACtD,MAAM,kBAAkB,GAAG,eAAe,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,kBAAkB,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,2BAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,2BAAmB,CAAC,KAAK;gBACjD,OAAO,EAAE;oBACP,GAAG,2BAAmB,CAAC,OAAO;oBAC9B,UAAU,EAAE,aAAa,IAAI,2BAAmB,CAAC,OAAO,CAAC,UAAU;oBACnE,aAAa,EACX,aAAa,IAAI,2BAAmB,CAAC,OAAO,CAAC,aAAa;iBAC7D;aACF,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAtBW,QAAA,wBAAwB,4BAsBnC;AAEW,QAAA,wBAAwB,GAAG,+BAA4B,CAAC;AAErE,MAAM,uBAAuB,GAAG,UAAU,CAAC,CAAC,aAAa;AAEzD;;;;;;;GAOG;AACH,MAAM,aAAa,GAAG,CAAC,UAAkB,EAAU,EAAE;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,IAAI,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,uBAAuB,EAAE,CAAC,CAClE,CAAC;IACF,OAAO,GAAG,MAAM,IAAI,OAAO,OAAO,CAAC;AACrC,CAAC,CAAC;AAEF;;;;;;;GAOG;AACI,MAAM,uBAAuB,GAAG,CAAC,KAAa,EAAU,EAAE;IAC/D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9C,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAbW,QAAA,uBAAuB,2BAalC;AAEK,MAAM,8BAA8B,GAAG,GAAG,EAAE;IACjD,OAAO;QACL,GAAG,EAAE,0BAAmB;QACxB,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,CAAC,eAAwB,EAAE,EAAE;YACrC,2EAA2E;YAC3E,4EAA4E;YAC5E,MAAM,aAAa,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC,GAAG,CAC5D,WAAW,CACZ,CAAC;YAEF,OAAO;gBACL,GAAG,gCAAwB;gBAC3B,YAAY,EAAE,aAAa;oBACzB,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC;oBAC9B,CAAC,CAAC,gCAAwB,CAAC,YAAY;aAC1C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAnBW,QAAA,8BAA8B,kCAmBzC","sourcesContent":["import {\n MOCK_NONCE_RESPONSE as SDK_MOCK_NONCE_RESPONSE,\n MOCK_JWT as SDK_MOCK_JWT,\n MOCK_SRP_LOGIN_RESPONSE as SDK_MOCK_SRP_LOGIN_RESPONSE,\n MOCK_OIDC_TOKEN_RESPONSE as SDK_MOCK_OIDC_TOKEN_RESPONSE,\n MOCK_NONCE_URL,\n MOCK_SRP_LOGIN_URL,\n MOCK_OIDC_TOKEN_URL,\n} from '../../../sdk/mocks/auth';\n\ntype MockResponse = {\n url: string;\n requestMethod: 'GET' | 'POST' | 'PUT';\n response: unknown;\n};\n\nexport const MOCK_NONCE_RESPONSE = SDK_MOCK_NONCE_RESPONSE;\nexport const MOCK_NONCE = MOCK_NONCE_RESPONSE.nonce;\nexport const MOCK_JWT = SDK_MOCK_JWT;\n\nexport const getMockAuthNonceResponse = () => {\n return {\n url: MOCK_NONCE_URL,\n requestMethod: 'GET',\n response: (\n _?: unknown,\n path?: string,\n getE2ESrpIdentifierForPublicKey?: (publicKey: string) => string,\n ) => {\n // The goal here is to have this identifier bubble all the way up to being the access token\n // That way, we can use it to segregate data in the test environment\n const identifier = path?.split('?identifier=')[1];\n const e2eIdentifier = getE2ESrpIdentifierForPublicKey?.(identifier ?? '');\n\n return {\n ...MOCK_NONCE_RESPONSE,\n nonce: e2eIdentifier ?? MOCK_NONCE_RESPONSE.nonce,\n identifier: MOCK_NONCE_RESPONSE.identifier,\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_LOGIN_RESPONSE = SDK_MOCK_SRP_LOGIN_RESPONSE;\n\nexport const getMockAuthLoginResponse = () => {\n return {\n url: MOCK_SRP_LOGIN_URL,\n requestMethod: 'POST',\n // In case this mock is used in an E2E test, we populate token, profile_id and identifier_id with the e2eIdentifier\n // to make it easier to segregate data in the test environment.\n response: (requestJsonBody?: { raw_message: string }) => {\n const splittedRawMessage = requestJsonBody?.raw_message.split(':');\n const e2eIdentifier = splittedRawMessage?.[splittedRawMessage.length - 2];\n\n return {\n ...MOCK_LOGIN_RESPONSE,\n token: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.token,\n profile: {\n ...MOCK_LOGIN_RESPONSE.profile,\n profile_id: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.profile_id,\n identifier_id:\n e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.identifier_id,\n },\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_OATH_TOKEN_RESPONSE = SDK_MOCK_OIDC_TOKEN_RESPONSE;\n\nconst MOCK_JWT_FAR_FUTURE_EXP = 4102444800; // 2100-01-01\n\n/**\n * Wraps a plain-text identifier in a minimal JWT so that client-side\n * JWT validation (exp check) passes in E2E tests. The identifier is\n * stored in the `sub` claim and can be extracted via {@link getE2EIdentifierFromJwt}.\n *\n * @param identifier - The plain-text E2E identifier to wrap.\n * @returns A JWT-shaped string containing the identifier.\n */\nconst wrapInMockJwt = (identifier: string): string => {\n const header = btoa(JSON.stringify({ alg: 'none', typ: 'JWT' }));\n const payload = btoa(\n JSON.stringify({ sub: identifier, exp: MOCK_JWT_FAR_FUTURE_EXP }),\n );\n return `${header}.${payload}.mock`;\n};\n\n/**\n * Extracts the E2E identifier (`sub` claim) from a mock JWT created\n * by {@link wrapInMockJwt}. Falls back to returning the raw token if\n * decoding fails (backward compatibility with raw-identifier headers).\n *\n * @param token - A bearer token string (JWT or raw identifier).\n * @returns The decoded identifier, or the original token as-is.\n */\nexport const getE2EIdentifierFromJwt = (token: string): string => {\n try {\n const parts = token.split('.');\n if (parts.length === 3) {\n const { sub } = JSON.parse(atob(parts[1]));\n if (typeof sub === 'string' && sub.length > 0) {\n return sub;\n }\n }\n } catch {\n // not a JWT — fall through\n }\n return token;\n};\n\nexport const getMockAuthAccessTokenResponse = () => {\n return {\n url: MOCK_OIDC_TOKEN_URL,\n requestMethod: 'POST',\n response: (requestJsonBody?: string) => {\n // We wrap the e2eIdentifier in a JWT so client-side JWT validation passes.\n // The mock server extracts the identifier back via getE2EIdentifierFromJwt.\n const e2eIdentifier = new URLSearchParams(requestJsonBody).get(\n 'assertion',\n );\n\n return {\n ...MOCK_OATH_TOKEN_RESPONSE,\n access_token: e2eIdentifier\n ? wrapInMockJwt(e2eIdentifier)\n : MOCK_OATH_TOKEN_RESPONSE.access_token,\n };\n },\n } satisfies MockResponse;\n};\n"]}
|
|
@@ -46,6 +46,15 @@ export declare const MOCK_OATH_TOKEN_RESPONSE: {
|
|
|
46
46
|
access_token: string;
|
|
47
47
|
expires_in: number;
|
|
48
48
|
};
|
|
49
|
+
/**
|
|
50
|
+
* Extracts the E2E identifier (`sub` claim) from a mock JWT created
|
|
51
|
+
* by {@link wrapInMockJwt}. Falls back to returning the raw token if
|
|
52
|
+
* decoding fails (backward compatibility with raw-identifier headers).
|
|
53
|
+
*
|
|
54
|
+
* @param token - A bearer token string (JWT or raw identifier).
|
|
55
|
+
* @returns The decoded identifier, or the original token as-is.
|
|
56
|
+
*/
|
|
57
|
+
export declare const getE2EIdentifierFromJwt: (token: string) => string;
|
|
49
58
|
export declare const getMockAuthAccessTokenResponse: () => {
|
|
50
59
|
url: string;
|
|
51
60
|
requestMethod: "POST";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.d.cts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,mBAAmB;;;;CAA0B,CAAC;AAC3D,eAAO,MAAM,UAAU,QAA4B,CAAC;AACpD,eAAO,MAAM,QAAQ,upBAAe,CAAC;AAErC,eAAO,MAAM,wBAAwB;;;mBAK3B,OAAO,SACJ,MAAM,iDACiC,MAAM,KAAK,MAAM;;;;;CAcpE,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;;;CAA8B,CAAC;AAE/D,eAAO,MAAM,wBAAwB;;;iCAMJ;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;;;;;;;;;;;CAgBvD,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"mockResponses.d.cts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,mBAAmB;;;;CAA0B,CAAC;AAC3D,eAAO,MAAM,UAAU,QAA4B,CAAC;AACpD,eAAO,MAAM,QAAQ,upBAAe,CAAC;AAErC,eAAO,MAAM,wBAAwB;;;mBAK3B,OAAO,SACJ,MAAM,iDACiC,MAAM,KAAK,MAAM;;;;;CAcpE,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;;;CAA8B,CAAC;AAE/D,eAAO,MAAM,wBAAwB;;;iCAMJ;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;;;;;;;;;;;CAgBvD,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAA+B,CAAC;AAoBrE;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,UAAW,MAAM,KAAG,MAavD,CAAC;AAEF,eAAO,MAAM,8BAA8B;;;iCAIV,MAAM;;;;CAetC,CAAC"}
|
|
@@ -46,6 +46,15 @@ export declare const MOCK_OATH_TOKEN_RESPONSE: {
|
|
|
46
46
|
access_token: string;
|
|
47
47
|
expires_in: number;
|
|
48
48
|
};
|
|
49
|
+
/**
|
|
50
|
+
* Extracts the E2E identifier (`sub` claim) from a mock JWT created
|
|
51
|
+
* by {@link wrapInMockJwt}. Falls back to returning the raw token if
|
|
52
|
+
* decoding fails (backward compatibility with raw-identifier headers).
|
|
53
|
+
*
|
|
54
|
+
* @param token - A bearer token string (JWT or raw identifier).
|
|
55
|
+
* @returns The decoded identifier, or the original token as-is.
|
|
56
|
+
*/
|
|
57
|
+
export declare const getE2EIdentifierFromJwt: (token: string) => string;
|
|
49
58
|
export declare const getMockAuthAccessTokenResponse: () => {
|
|
50
59
|
url: string;
|
|
51
60
|
requestMethod: "POST";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.d.mts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,mBAAmB;;;;CAA0B,CAAC;AAC3D,eAAO,MAAM,UAAU,QAA4B,CAAC;AACpD,eAAO,MAAM,QAAQ,upBAAe,CAAC;AAErC,eAAO,MAAM,wBAAwB;;;mBAK3B,OAAO,SACJ,MAAM,iDACiC,MAAM,KAAK,MAAM;;;;;CAcpE,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;;;CAA8B,CAAC;AAE/D,eAAO,MAAM,wBAAwB;;;iCAMJ;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;;;;;;;;;;;CAgBvD,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"mockResponses.d.mts","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,mBAAmB;;;;CAA0B,CAAC;AAC3D,eAAO,MAAM,UAAU,QAA4B,CAAC;AACpD,eAAO,MAAM,QAAQ,upBAAe,CAAC;AAErC,eAAO,MAAM,wBAAwB;;;mBAK3B,OAAO,SACJ,MAAM,iDACiC,MAAM,KAAK,MAAM;;;;;CAcpE,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;;;CAA8B,CAAC;AAE/D,eAAO,MAAM,wBAAwB;;;iCAMJ;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;;;;;;;;;;;CAgBvD,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAA+B,CAAC;AAoBrE;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,UAAW,MAAM,KAAG,MAavD,CAAC;AAEF,eAAO,MAAM,8BAA8B;;;iCAIV,MAAM;;;;CAetC,CAAC"}
|
|
@@ -42,18 +42,56 @@ export const getMockAuthLoginResponse = () => {
|
|
|
42
42
|
};
|
|
43
43
|
};
|
|
44
44
|
export const MOCK_OATH_TOKEN_RESPONSE = SDK_MOCK_OIDC_TOKEN_RESPONSE;
|
|
45
|
+
const MOCK_JWT_FAR_FUTURE_EXP = 4102444800; // 2100-01-01
|
|
46
|
+
/**
|
|
47
|
+
* Wraps a plain-text identifier in a minimal JWT so that client-side
|
|
48
|
+
* JWT validation (exp check) passes in E2E tests. The identifier is
|
|
49
|
+
* stored in the `sub` claim and can be extracted via {@link getE2EIdentifierFromJwt}.
|
|
50
|
+
*
|
|
51
|
+
* @param identifier - The plain-text E2E identifier to wrap.
|
|
52
|
+
* @returns A JWT-shaped string containing the identifier.
|
|
53
|
+
*/
|
|
54
|
+
const wrapInMockJwt = (identifier) => {
|
|
55
|
+
const header = btoa(JSON.stringify({ alg: 'none', typ: 'JWT' }));
|
|
56
|
+
const payload = btoa(JSON.stringify({ sub: identifier, exp: MOCK_JWT_FAR_FUTURE_EXP }));
|
|
57
|
+
return `${header}.${payload}.mock`;
|
|
58
|
+
};
|
|
59
|
+
/**
|
|
60
|
+
* Extracts the E2E identifier (`sub` claim) from a mock JWT created
|
|
61
|
+
* by {@link wrapInMockJwt}. Falls back to returning the raw token if
|
|
62
|
+
* decoding fails (backward compatibility with raw-identifier headers).
|
|
63
|
+
*
|
|
64
|
+
* @param token - A bearer token string (JWT or raw identifier).
|
|
65
|
+
* @returns The decoded identifier, or the original token as-is.
|
|
66
|
+
*/
|
|
67
|
+
export const getE2EIdentifierFromJwt = (token) => {
|
|
68
|
+
try {
|
|
69
|
+
const parts = token.split('.');
|
|
70
|
+
if (parts.length === 3) {
|
|
71
|
+
const { sub } = JSON.parse(atob(parts[1]));
|
|
72
|
+
if (typeof sub === 'string' && sub.length > 0) {
|
|
73
|
+
return sub;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
catch {
|
|
78
|
+
// not a JWT — fall through
|
|
79
|
+
}
|
|
80
|
+
return token;
|
|
81
|
+
};
|
|
45
82
|
export const getMockAuthAccessTokenResponse = () => {
|
|
46
83
|
return {
|
|
47
84
|
url: MOCK_OIDC_TOKEN_URL,
|
|
48
85
|
requestMethod: 'POST',
|
|
49
86
|
response: (requestJsonBody) => {
|
|
50
|
-
// We
|
|
51
|
-
//
|
|
52
|
-
// and used to segregate data in the test environment
|
|
87
|
+
// We wrap the e2eIdentifier in a JWT so client-side JWT validation passes.
|
|
88
|
+
// The mock server extracts the identifier back via getE2EIdentifierFromJwt.
|
|
53
89
|
const e2eIdentifier = new URLSearchParams(requestJsonBody).get('assertion');
|
|
54
90
|
return {
|
|
55
91
|
...MOCK_OATH_TOKEN_RESPONSE,
|
|
56
|
-
access_token: e2eIdentifier
|
|
92
|
+
access_token: e2eIdentifier
|
|
93
|
+
? wrapInMockJwt(e2eIdentifier)
|
|
94
|
+
: MOCK_OATH_TOKEN_RESPONSE.access_token,
|
|
57
95
|
};
|
|
58
96
|
},
|
|
59
97
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mockResponses.mjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,IAAI,uBAAuB,EAC9C,QAAQ,IAAI,YAAY,EACxB,uBAAuB,IAAI,2BAA2B,EACtD,wBAAwB,IAAI,4BAA4B,EACxD,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACpB,oCAAgC;AAQjC,MAAM,CAAC,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;AAC3D,MAAM,CAAC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;AACpD,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAC;AAErC,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,cAAc;QACnB,aAAa,EAAE,KAAK;QACpB,QAAQ,EAAE,CACR,CAAW,EACX,IAAa,EACb,+BAA+D,EAC/D,EAAE;YACF,2FAA2F;YAC3F,oEAAoE;YACpE,MAAM,UAAU,GAAG,IAAI,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,+BAA+B,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,mBAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,mBAAmB,CAAC,KAAK;gBACjD,UAAU,EAAE,mBAAmB,CAAC,UAAU;aAC3C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,2BAA2B,CAAC;AAE/D,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,kBAAkB;QACvB,aAAa,EAAE,MAAM;QACrB,mHAAmH;QACnH,+DAA+D;QAC/D,QAAQ,EAAE,CAAC,eAAyC,EAAE,EAAE;YACtD,MAAM,kBAAkB,GAAG,eAAe,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,kBAAkB,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,mBAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,mBAAmB,CAAC,KAAK;gBACjD,OAAO,EAAE;oBACP,GAAG,mBAAmB,CAAC,OAAO;oBAC9B,UAAU,EAAE,aAAa,IAAI,mBAAmB,CAAC,OAAO,CAAC,UAAU;oBACnE,aAAa,EACX,aAAa,IAAI,mBAAmB,CAAC,OAAO,CAAC,aAAa;iBAC7D;aACF,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,wBAAwB,GAAG,4BAA4B,CAAC;AAErE,MAAM,CAAC,MAAM,8BAA8B,GAAG,GAAG,EAAE;IACjD,OAAO;QACL,GAAG,EAAE,mBAAmB;QACxB,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,CAAC,eAAwB,EAAE,EAAE;YACrC,
|
|
1
|
+
{"version":3,"file":"mockResponses.mjs","sourceRoot":"","sources":["../../../../src/controllers/authentication/mocks/mockResponses.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,IAAI,uBAAuB,EAC9C,QAAQ,IAAI,YAAY,EACxB,uBAAuB,IAAI,2BAA2B,EACtD,wBAAwB,IAAI,4BAA4B,EACxD,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACpB,oCAAgC;AAQjC,MAAM,CAAC,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;AAC3D,MAAM,CAAC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;AACpD,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAC;AAErC,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,cAAc;QACnB,aAAa,EAAE,KAAK;QACpB,QAAQ,EAAE,CACR,CAAW,EACX,IAAa,EACb,+BAA+D,EAC/D,EAAE;YACF,2FAA2F;YAC3F,oEAAoE;YACpE,MAAM,UAAU,GAAG,IAAI,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,+BAA+B,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,mBAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,mBAAmB,CAAC,KAAK;gBACjD,UAAU,EAAE,mBAAmB,CAAC,UAAU;aAC3C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,2BAA2B,CAAC;AAE/D,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,EAAE;IAC3C,OAAO;QACL,GAAG,EAAE,kBAAkB;QACvB,aAAa,EAAE,MAAM;QACrB,mHAAmH;QACnH,+DAA+D;QAC/D,QAAQ,EAAE,CAAC,eAAyC,EAAE,EAAE;YACtD,MAAM,kBAAkB,GAAG,eAAe,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,kBAAkB,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAE1E,OAAO;gBACL,GAAG,mBAAmB;gBACtB,KAAK,EAAE,aAAa,IAAI,mBAAmB,CAAC,KAAK;gBACjD,OAAO,EAAE;oBACP,GAAG,mBAAmB,CAAC,OAAO;oBAC9B,UAAU,EAAE,aAAa,IAAI,mBAAmB,CAAC,OAAO,CAAC,UAAU;oBACnE,aAAa,EACX,aAAa,IAAI,mBAAmB,CAAC,OAAO,CAAC,aAAa;iBAC7D;aACF,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,wBAAwB,GAAG,4BAA4B,CAAC;AAErE,MAAM,uBAAuB,GAAG,UAAU,CAAC,CAAC,aAAa;AAEzD;;;;;;;GAOG;AACH,MAAM,aAAa,GAAG,CAAC,UAAkB,EAAU,EAAE;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,IAAI,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,uBAAuB,EAAE,CAAC,CAClE,CAAC;IACF,OAAO,GAAG,MAAM,IAAI,OAAO,OAAO,CAAC;AACrC,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,KAAa,EAAU,EAAE;IAC/D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9C,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,8BAA8B,GAAG,GAAG,EAAE;IACjD,OAAO;QACL,GAAG,EAAE,mBAAmB;QACxB,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,CAAC,eAAwB,EAAE,EAAE;YACrC,2EAA2E;YAC3E,4EAA4E;YAC5E,MAAM,aAAa,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC,GAAG,CAC5D,WAAW,CACZ,CAAC;YAEF,OAAO;gBACL,GAAG,wBAAwB;gBAC3B,YAAY,EAAE,aAAa;oBACzB,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC;oBAC9B,CAAC,CAAC,wBAAwB,CAAC,YAAY;aAC1C,CAAC;QACJ,CAAC;KACqB,CAAC;AAC3B,CAAC,CAAC","sourcesContent":["import {\n MOCK_NONCE_RESPONSE as SDK_MOCK_NONCE_RESPONSE,\n MOCK_JWT as SDK_MOCK_JWT,\n MOCK_SRP_LOGIN_RESPONSE as SDK_MOCK_SRP_LOGIN_RESPONSE,\n MOCK_OIDC_TOKEN_RESPONSE as SDK_MOCK_OIDC_TOKEN_RESPONSE,\n MOCK_NONCE_URL,\n MOCK_SRP_LOGIN_URL,\n MOCK_OIDC_TOKEN_URL,\n} from '../../../sdk/mocks/auth';\n\ntype MockResponse = {\n url: string;\n requestMethod: 'GET' | 'POST' | 'PUT';\n response: unknown;\n};\n\nexport const MOCK_NONCE_RESPONSE = SDK_MOCK_NONCE_RESPONSE;\nexport const MOCK_NONCE = MOCK_NONCE_RESPONSE.nonce;\nexport const MOCK_JWT = SDK_MOCK_JWT;\n\nexport const getMockAuthNonceResponse = () => {\n return {\n url: MOCK_NONCE_URL,\n requestMethod: 'GET',\n response: (\n _?: unknown,\n path?: string,\n getE2ESrpIdentifierForPublicKey?: (publicKey: string) => string,\n ) => {\n // The goal here is to have this identifier bubble all the way up to being the access token\n // That way, we can use it to segregate data in the test environment\n const identifier = path?.split('?identifier=')[1];\n const e2eIdentifier = getE2ESrpIdentifierForPublicKey?.(identifier ?? '');\n\n return {\n ...MOCK_NONCE_RESPONSE,\n nonce: e2eIdentifier ?? MOCK_NONCE_RESPONSE.nonce,\n identifier: MOCK_NONCE_RESPONSE.identifier,\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_LOGIN_RESPONSE = SDK_MOCK_SRP_LOGIN_RESPONSE;\n\nexport const getMockAuthLoginResponse = () => {\n return {\n url: MOCK_SRP_LOGIN_URL,\n requestMethod: 'POST',\n // In case this mock is used in an E2E test, we populate token, profile_id and identifier_id with the e2eIdentifier\n // to make it easier to segregate data in the test environment.\n response: (requestJsonBody?: { raw_message: string }) => {\n const splittedRawMessage = requestJsonBody?.raw_message.split(':');\n const e2eIdentifier = splittedRawMessage?.[splittedRawMessage.length - 2];\n\n return {\n ...MOCK_LOGIN_RESPONSE,\n token: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.token,\n profile: {\n ...MOCK_LOGIN_RESPONSE.profile,\n profile_id: e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.profile_id,\n identifier_id:\n e2eIdentifier ?? MOCK_LOGIN_RESPONSE.profile.identifier_id,\n },\n };\n },\n } satisfies MockResponse;\n};\n\nexport const MOCK_OATH_TOKEN_RESPONSE = SDK_MOCK_OIDC_TOKEN_RESPONSE;\n\nconst MOCK_JWT_FAR_FUTURE_EXP = 4102444800; // 2100-01-01\n\n/**\n * Wraps a plain-text identifier in a minimal JWT so that client-side\n * JWT validation (exp check) passes in E2E tests. The identifier is\n * stored in the `sub` claim and can be extracted via {@link getE2EIdentifierFromJwt}.\n *\n * @param identifier - The plain-text E2E identifier to wrap.\n * @returns A JWT-shaped string containing the identifier.\n */\nconst wrapInMockJwt = (identifier: string): string => {\n const header = btoa(JSON.stringify({ alg: 'none', typ: 'JWT' }));\n const payload = btoa(\n JSON.stringify({ sub: identifier, exp: MOCK_JWT_FAR_FUTURE_EXP }),\n );\n return `${header}.${payload}.mock`;\n};\n\n/**\n * Extracts the E2E identifier (`sub` claim) from a mock JWT created\n * by {@link wrapInMockJwt}. Falls back to returning the raw token if\n * decoding fails (backward compatibility with raw-identifier headers).\n *\n * @param token - A bearer token string (JWT or raw identifier).\n * @returns The decoded identifier, or the original token as-is.\n */\nexport const getE2EIdentifierFromJwt = (token: string): string => {\n try {\n const parts = token.split('.');\n if (parts.length === 3) {\n const { sub } = JSON.parse(atob(parts[1]));\n if (typeof sub === 'string' && sub.length > 0) {\n return sub;\n }\n }\n } catch {\n // not a JWT — fall through\n }\n return token;\n};\n\nexport const getMockAuthAccessTokenResponse = () => {\n return {\n url: MOCK_OIDC_TOKEN_URL,\n requestMethod: 'POST',\n response: (requestJsonBody?: string) => {\n // We wrap the e2eIdentifier in a JWT so client-side JWT validation passes.\n // The mock server extracts the identifier back via getE2EIdentifierFromJwt.\n const e2eIdentifier = new URLSearchParams(requestJsonBody).get(\n 'assertion',\n );\n\n return {\n ...MOCK_OATH_TOKEN_RESPONSE,\n access_token: e2eIdentifier\n ? wrapInMockJwt(e2eIdentifier)\n : MOCK_OATH_TOKEN_RESPONSE.access_token,\n };\n },\n } satisfies MockResponse;\n};\n"]}
|
|
@@ -46,7 +46,7 @@ class SIWEJwtBearerAuth {
|
|
|
46
46
|
__classPrivateFieldGet(this, _SIWEJwtBearerAuth_instances, "m", _SIWEJwtBearerAuth_assertSigner).call(this, __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f"));
|
|
47
47
|
return __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f").address;
|
|
48
48
|
}
|
|
49
|
-
async getUserProfileLineage(
|
|
49
|
+
async getUserProfileLineage() {
|
|
50
50
|
const accessToken = await this.getAccessToken();
|
|
51
51
|
return await (0, services_1.getUserProfileLineage)(__classPrivateFieldGet(this, _SIWEJwtBearerAuth_config, "f").env, accessToken);
|
|
52
52
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+BAAmC;AAEnC,6CAMoB;AAUpB,0CAA4C;AAC5C,kFAAyE;AAazE,MAAa,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB
|
|
1
|
+
{"version":3,"file":"flow-siwe.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+BAAmC;AAEnC,6CAMoB;AAUpB,0CAA4C;AAC5C,kFAAyE;AAazE,MAAa,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,IAAA,gCAAqB,EAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,MAAM,uBAAA,IAAI,iCAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,MAAiC;QACvC,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;IACxB,CAAC;CA2EF;AA/HD,8CA+HC;;AAzEC,0EAA0E;AAC1E,KAAK;IACH,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC5D,IAAI,CAAC,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,6BAED,KAAK;IACH,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,QAAQ;IACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAQ,EAAC,OAAO,EAAE,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,uBAAA,IAAI,kFAA2B,MAA/B,IAAI,EAA4B,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAErD,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAY,EACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,iCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CACjB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAa,EACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,iCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC,uGAE0B,KAAa;IACtC,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,OAAO,IAAI,kBAAW,CAAC;QACrB,MAAM,EAAE,uBAAA,IAAI,iCAAQ,EAAE,MAAM;QAC5B,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,GAAG,EAAE,IAAA,yBAAc,EAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC;QACrC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,KAAK;QACL,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACnC,CAAC,CAAC,cAAc,EAAE,CAAC;AACtB,CAAC,6EAGC,MAAkC;IAElC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,wBAAe,CAAC,6CAA6C,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC","sourcesContent":["import { SiweMessage } from 'siwe';\n\nimport {\n SIWE_LOGIN_URL,\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { ValidationError } from '../errors';\nimport { validateLoginResponse } from '../utils/validate-login-response';\n\ntype JwtBearerAuth_SIWE_Options = {\n storage: AuthStorageOptions;\n};\n\ntype JwtBearerAuth_SIWE_Signer = {\n address: string;\n chainId: number;\n signMessage: (message: string) => Promise<string>;\n domain: string;\n};\n\nexport class SIWEJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: JwtBearerAuth_SIWE_Options;\n\n #signer: JwtBearerAuth_SIWE_Signer | undefined;\n\n constructor(\n config: AuthConfig & { type: AuthType.SiWE },\n options: JwtBearerAuth_SIWE_Options,\n ) {\n this.#config = config;\n this.#options = options;\n }\n\n async getAccessToken(): Promise<string> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(): Promise<UserProfile> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.profile;\n }\n\n async getIdentifier(): Promise<string> {\n this.#assertSigner(this.#signer);\n return this.#signer.address;\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async signMessage(message: string): Promise<string> {\n this.#assertSigner(this.#signer);\n return await this.#signer.signMessage(message);\n }\n\n prepare(signer: JwtBearerAuth_SIWE_Signer) {\n this.#signer = signer;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(): Promise<LoginResponse | null> {\n const auth = await this.#options.storage.getLoginResponse();\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(): Promise<LoginResponse> {\n this.#assertSigner(this.#signer);\n\n // Nonce\n const address = await this.getIdentifier();\n const nonceRes = await getNonce(address, this.#config.env);\n const rawMessage = this.#createSiWELoginRawMessage(nonceRes.nonce);\n const signature = await this.signMessage(rawMessage);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result);\n\n return result;\n }\n\n #createSiWELoginRawMessage(nonce: string): string {\n this.#assertSigner(this.#signer);\n\n return new SiweMessage({\n domain: this.#signer?.domain,\n address: this.#signer?.address,\n uri: SIWE_LOGIN_URL(this.#config.env),\n version: '1',\n chainId: this.#signer?.chainId,\n nonce,\n issuedAt: new Date().toISOString(),\n }).prepareMessage();\n }\n\n #assertSigner(\n signer?: JwtBearerAuth_SIWE_Signer,\n ): asserts signer is JwtBearerAuth_SIWE_Signer {\n if (!signer) {\n throw new ValidationError(`you must call 'prepare()' before logging in`);\n }\n }\n}\n"]}
|
|
@@ -16,7 +16,7 @@ export declare class SIWEJwtBearerAuth implements IBaseAuth {
|
|
|
16
16
|
getAccessToken(): Promise<string>;
|
|
17
17
|
getUserProfile(): Promise<UserProfile>;
|
|
18
18
|
getIdentifier(): Promise<string>;
|
|
19
|
-
getUserProfileLineage(
|
|
19
|
+
getUserProfileLineage(): Promise<UserProfileLineage>;
|
|
20
20
|
signMessage(message: string): Promise<string>;
|
|
21
21
|
prepare(signer: JwtBearerAuth_SIWE_Signer): void;
|
|
22
22
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAIjB,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,kBAAkB,CAAC;CAC7B,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,SAAS;;gBAQ/C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAA;KAAE,EAC5C,OAAO,EAAE,0BAA0B;IAM/B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAUjC,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAUtC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAKhC,qBAAqB,
|
|
1
|
+
{"version":3,"file":"flow-siwe.d.cts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAIjB,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,kBAAkB,CAAC;CAC7B,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,SAAS;;gBAQ/C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAA;KAAE,EAC5C,OAAO,EAAE,0BAA0B;IAM/B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAUjC,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAUtC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAKhC,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKnD,OAAO,CAAC,MAAM,EAAE,yBAAyB;CA6E1C"}
|
|
@@ -16,7 +16,7 @@ export declare class SIWEJwtBearerAuth implements IBaseAuth {
|
|
|
16
16
|
getAccessToken(): Promise<string>;
|
|
17
17
|
getUserProfile(): Promise<UserProfile>;
|
|
18
18
|
getIdentifier(): Promise<string>;
|
|
19
|
-
getUserProfileLineage(
|
|
19
|
+
getUserProfileLineage(): Promise<UserProfileLineage>;
|
|
20
20
|
signMessage(message: string): Promise<string>;
|
|
21
21
|
prepare(signer: JwtBearerAuth_SIWE_Signer): void;
|
|
22
22
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAIjB,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,kBAAkB,CAAC;CAC7B,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,SAAS;;gBAQ/C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAA;KAAE,EAC5C,OAAO,EAAE,0BAA0B;IAM/B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAUjC,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAUtC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAKhC,qBAAqB,
|
|
1
|
+
{"version":3,"file":"flow-siwe.d.mts","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,SAAS,EAET,WAAW,EACX,kBAAkB,EACnB,oBAAgB;AAIjB,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,kBAAkB,CAAC;CAC7B,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,SAAS;;gBAQ/C,MAAM,EAAE,UAAU,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAA;KAAE,EAC5C,OAAO,EAAE,0BAA0B;IAM/B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAUjC,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAUtC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAKhC,qBAAqB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAKpD,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKnD,OAAO,CAAC,MAAM,EAAE,yBAAyB;CA6E1C"}
|
|
@@ -43,7 +43,7 @@ export class SIWEJwtBearerAuth {
|
|
|
43
43
|
__classPrivateFieldGet(this, _SIWEJwtBearerAuth_instances, "m", _SIWEJwtBearerAuth_assertSigner).call(this, __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f"));
|
|
44
44
|
return __classPrivateFieldGet(this, _SIWEJwtBearerAuth_signer, "f").address;
|
|
45
45
|
}
|
|
46
|
-
async getUserProfileLineage(
|
|
46
|
+
async getUserProfileLineage() {
|
|
47
47
|
const accessToken = await this.getAccessToken();
|
|
48
48
|
return await getUserProfileLineage(__classPrivateFieldGet(this, _SIWEJwtBearerAuth_config, "f").env, accessToken);
|
|
49
49
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow-siwe.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,aAAa;AAEnC,OAAO,EACL,cAAc,EACd,YAAY,EACZ,aAAa,EACb,QAAQ,EACR,qBAAqB,EACtB,uBAAmB;AAUpB,OAAO,EAAE,eAAe,EAAE,sBAAkB;AAC5C,OAAO,EAAE,qBAAqB,EAAE,6CAAyC;AAazE,MAAM,OAAO,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB
|
|
1
|
+
{"version":3,"file":"flow-siwe.mjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,aAAa;AAEnC,OAAO,EACL,cAAc,EACd,YAAY,EACZ,aAAa,EACb,QAAQ,EACR,qBAAqB,EACtB,uBAAmB;AAUpB,OAAO,EAAE,eAAe,EAAE,sBAAkB;AAC5C,OAAO,EAAE,qBAAqB,EAAE,6CAAyC;AAazE,MAAM,OAAO,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,qBAAqB,CAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,MAAM,uBAAA,IAAI,iCAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,MAAiC;QACvC,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;IACxB,CAAC;CA2EF;;AAzEC,0EAA0E;AAC1E,KAAK;IACH,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC5D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,6BAED,KAAK;IACH,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,QAAQ;IACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,uBAAA,IAAI,kFAA2B,MAA/B,IAAI,EAA4B,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAErD,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,YAAY,CACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,iCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CACjB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,aAAa,CACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,iCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC,uGAE0B,KAAa;IACtC,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,OAAO,IAAI,WAAW,CAAC;QACrB,MAAM,EAAE,uBAAA,IAAI,iCAAQ,EAAE,MAAM;QAC5B,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,GAAG,EAAE,cAAc,CAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC;QACrC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,KAAK;QACL,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACnC,CAAC,CAAC,cAAc,EAAE,CAAC;AACtB,CAAC,6EAGC,MAAkC;IAElC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC","sourcesContent":["import { SiweMessage } from 'siwe';\n\nimport {\n SIWE_LOGIN_URL,\n authenticate,\n authorizeOIDC,\n getNonce,\n getUserProfileLineage,\n} from './services';\nimport type {\n AuthConfig,\n AuthStorageOptions,\n AuthType,\n IBaseAuth,\n LoginResponse,\n UserProfile,\n UserProfileLineage,\n} from './types';\nimport { ValidationError } from '../errors';\nimport { validateLoginResponse } from '../utils/validate-login-response';\n\ntype JwtBearerAuth_SIWE_Options = {\n storage: AuthStorageOptions;\n};\n\ntype JwtBearerAuth_SIWE_Signer = {\n address: string;\n chainId: number;\n signMessage: (message: string) => Promise<string>;\n domain: string;\n};\n\nexport class SIWEJwtBearerAuth implements IBaseAuth {\n readonly #config: AuthConfig;\n\n readonly #options: JwtBearerAuth_SIWE_Options;\n\n #signer: JwtBearerAuth_SIWE_Signer | undefined;\n\n constructor(\n config: AuthConfig & { type: AuthType.SiWE },\n options: JwtBearerAuth_SIWE_Options,\n ) {\n this.#config = config;\n this.#options = options;\n }\n\n async getAccessToken(): Promise<string> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.token.accessToken;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.token.accessToken;\n }\n\n async getUserProfile(): Promise<UserProfile> {\n const session = await this.#getAuthSession();\n if (session) {\n return session.profile;\n }\n\n const loginResponse = await this.#login();\n return loginResponse.profile;\n }\n\n async getIdentifier(): Promise<string> {\n this.#assertSigner(this.#signer);\n return this.#signer.address;\n }\n\n async getUserProfileLineage(): Promise<UserProfileLineage> {\n const accessToken = await this.getAccessToken();\n return await getUserProfileLineage(this.#config.env, accessToken);\n }\n\n async signMessage(message: string): Promise<string> {\n this.#assertSigner(this.#signer);\n return await this.#signer.signMessage(message);\n }\n\n prepare(signer: JwtBearerAuth_SIWE_Signer) {\n this.#signer = signer;\n }\n\n // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n async #getAuthSession(): Promise<LoginResponse | null> {\n const auth = await this.#options.storage.getLoginResponse();\n if (!validateLoginResponse(auth)) {\n return null;\n }\n\n const currentTime = Date.now();\n const sessionAge = currentTime - auth.token.obtainedAt;\n const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n if (sessionAge < refreshThreshold) {\n return auth;\n }\n return null;\n }\n\n async #login(): Promise<LoginResponse> {\n this.#assertSigner(this.#signer);\n\n // Nonce\n const address = await this.getIdentifier();\n const nonceRes = await getNonce(address, this.#config.env);\n const rawMessage = this.#createSiWELoginRawMessage(nonceRes.nonce);\n const signature = await this.signMessage(rawMessage);\n\n // Authenticate\n const authResponse = await authenticate(\n rawMessage,\n signature,\n this.#config.type,\n this.#config.env,\n );\n\n // Authorize\n const tokenResponse = await authorizeOIDC(\n authResponse.token,\n this.#config.env,\n this.#config.platform,\n );\n\n // Save\n const result: LoginResponse = {\n profile: authResponse.profile,\n token: tokenResponse,\n };\n\n await this.#options.storage.setLoginResponse(result);\n\n return result;\n }\n\n #createSiWELoginRawMessage(nonce: string): string {\n this.#assertSigner(this.#signer);\n\n return new SiweMessage({\n domain: this.#signer?.domain,\n address: this.#signer?.address,\n uri: SIWE_LOGIN_URL(this.#config.env),\n version: '1',\n chainId: this.#signer?.chainId,\n nonce,\n issuedAt: new Date().toISOString(),\n }).prepareMessage();\n }\n\n #assertSigner(\n signer?: JwtBearerAuth_SIWE_Signer,\n ): asserts signer is JwtBearerAuth_SIWE_Signer {\n if (!signer) {\n throw new ValidationError(`you must call 'prepare()' before logging in`);\n }\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@metamask-previews/profile-sync-controller",
|
|
3
|
-
"version": "27.1.0-preview-
|
|
3
|
+
"version": "27.1.0-preview-d7e023427",
|
|
4
4
|
"description": "The profile sync helps developers synchronize data across multiple clients and devices in a privacy-preserving way. All data saved in the user storage database is encrypted client-side to preserve privacy. The user storage provides a modular design, giving developers the flexibility to construct and manage their storage spaces in a way that best suits their needs",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"MetaMask",
|