@monocloud/auth-core 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +318 -97
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.mts +163 -35
- package/dist/index.mjs +318 -99
- package/dist/index.mjs.map +1 -1
- package/dist/{types-DmlJMcTH.d.mts → types-BVOv1R0s.d.mts} +169 -32
- package/dist/utils/index.cjs +1 -1
- package/dist/utils/index.cjs.map +1 -1
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/index.mjs +2 -2
- package/dist/utils/index.mjs.map +1 -1
- package/dist/utils/internal.cjs +10 -0
- package/dist/utils/internal.cjs.map +1 -1
- package/dist/utils/internal.d.mts +11 -2
- package/dist/utils/internal.mjs +10 -1
- package/dist/utils/internal.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { A as
|
|
1
|
+
import { A as PushedAuthorizationParams, B as ValidateJwtAccessTokenOptions, C as MonoCloudOidcBackendClientOptions, D as OnSessionCreating, E as MonoCloudUser, F as ResponseTypes, I as SecurityAlgorithms, L as TokenValidationOptionsBase, M as RefreshGrantOptions, N as RefreshSessionOptions, O as ParResponse, P as ResponseModes, R as Tokens, S as MonoCloudClientOptionsBase, T as MonoCloudSession, _ as IssuerMetadata, a as AuthenticateOptions, b as JwsHeaderParameters, c as CallbackParams, d as DisplayOptions, f as EndSessionParameters, g as IsUserInGroupOptions, h as IntrospectOptions, i as AuthState, j as RefetchUserInfoOptions, k as Prompt, l as ClientAuthMethod, m as IdTokenClaims, n as AccessTokenClaims, o as Authenticators, p as Group, r as Address, s as AuthorizationParams, t as AccessToken, u as CodeChallengeMethod, v as Jwk, w as MonoCloudOidcClientOptions, x as JwtClaims, y as Jwks, z as UserinfoResponse } from "./types-BVOv1R0s.mjs";
|
|
2
2
|
|
|
3
3
|
//#region src/errors/monocloud-auth-base-error.d.ts
|
|
4
4
|
/**
|
|
@@ -52,40 +52,55 @@ declare class MonoCloudTokenError extends MonoCloudAuthBaseError {}
|
|
|
52
52
|
*/
|
|
53
53
|
declare class MonoCloudValidationError extends MonoCloudAuthBaseError {}
|
|
54
54
|
//#endregion
|
|
55
|
-
//#region src/monocloud-oidc-client.d.ts
|
|
55
|
+
//#region src/monocloud-oidc-client-base.d.ts
|
|
56
56
|
/**
|
|
57
57
|
* @category Classes
|
|
58
58
|
*/
|
|
59
|
-
declare class
|
|
60
|
-
private readonly tenantDomain;
|
|
61
|
-
private readonly clientId;
|
|
62
|
-
private readonly clientSecret?;
|
|
63
|
-
private readonly authMethod;
|
|
64
|
-
private readonly idTokenSigningAlgorithm;
|
|
65
|
-
private jwks?;
|
|
66
|
-
private jwksCacheExpiry;
|
|
67
|
-
private jwksCacheDuration;
|
|
68
|
-
private metadata?;
|
|
69
|
-
private metadataCacheExpiry;
|
|
70
|
-
private metadataCacheDuration;
|
|
71
|
-
constructor(tenantDomain: string, clientId: string, options?: MonoCloudClientOptions);
|
|
59
|
+
declare class MonoCloudOidcClientBase {
|
|
72
60
|
/**
|
|
73
|
-
*
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
*
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
*
|
|
82
|
-
|
|
61
|
+
* The normalized tenant domain URL used as the base for discovery endpoints.
|
|
62
|
+
*/
|
|
63
|
+
protected readonly tenantDomain: string;
|
|
64
|
+
/**
|
|
65
|
+
* Cached JSON Web Key Set retrieved from the issuer's JWKS endpoint.
|
|
66
|
+
*/
|
|
67
|
+
protected jwks?: Jwks;
|
|
68
|
+
/**
|
|
69
|
+
* Timestamp (in seconds) when the cached JWKS expires.
|
|
70
|
+
*/
|
|
71
|
+
protected jwksCacheExpiry: number;
|
|
72
|
+
/**
|
|
73
|
+
* Duration (in seconds) for which the JWKS is cached. Defaults to 300 (5 minutes).
|
|
74
|
+
*/
|
|
75
|
+
protected jwksCacheDuration: number;
|
|
76
|
+
/**
|
|
77
|
+
* Cached issuer metadata retrieved from the OpenID Connect discovery endpoint.
|
|
78
|
+
*/
|
|
79
|
+
protected metadata?: IssuerMetadata;
|
|
80
|
+
/**
|
|
81
|
+
* Timestamp (in seconds) when the cached metadata expires.
|
|
82
|
+
*/
|
|
83
|
+
protected metadataCacheExpiry: number;
|
|
84
|
+
/**
|
|
85
|
+
* Duration (in seconds) for which the metadata is cached. Defaults to 300 (5 minutes).
|
|
86
|
+
*/
|
|
87
|
+
protected metadataCacheDuration: number;
|
|
88
|
+
/**
|
|
89
|
+
* Custom fetch implementation used for making HTTP requests. Falls back to the global `fetch` if not provided.
|
|
90
|
+
*/
|
|
91
|
+
protected fetcher?: typeof fetch;
|
|
92
|
+
/**
|
|
93
|
+
* Creates a new instance of MonoCloudOidcClientBase.
|
|
83
94
|
*
|
|
95
|
+
* @param tenantDomain - The tenant domain URL.
|
|
96
|
+
* @param metadataCacheDuration - Duration (in seconds) to cache OpenID Connect discovery metadata. Defaults to 300 (5 minutes).
|
|
97
|
+
* @param jwksCacheDuration - Duration (in seconds) to cache the JSON Web Key Set (JWKS). Defaults to 300 (5 minutes).
|
|
98
|
+
* @param fetcher - Custom `fetch` implementation used for making HTTP requests. Falls back to the global `fetch` if not provided.
|
|
84
99
|
*/
|
|
85
|
-
|
|
100
|
+
constructor(tenantDomain: string, metadataCacheDuration?: number, jwksCacheDuration?: number, fetcher?: typeof fetch);
|
|
86
101
|
/**
|
|
87
102
|
* Fetches the authorization server metadata from the .well-known endpoint.
|
|
88
|
-
* The metadata is cached for
|
|
103
|
+
* The metadata is cached for 5 minutes by default.
|
|
89
104
|
*
|
|
90
105
|
* @param forceRefresh - If `true`, bypasses the cache and fetches fresh metadata from the server.
|
|
91
106
|
*
|
|
@@ -98,7 +113,7 @@ declare class MonoCloudOidcClient {
|
|
|
98
113
|
getMetadata(forceRefresh?: boolean): Promise<IssuerMetadata>;
|
|
99
114
|
/**
|
|
100
115
|
* Fetches the JSON Web Keys used to sign the ID token.
|
|
101
|
-
* The JWKS is cached for
|
|
116
|
+
* The JWKS is cached for 5 minutes by default.
|
|
102
117
|
*
|
|
103
118
|
* @param forceRefresh - If `true`, bypasses the cache and fetches fresh set of JWKS from the server.
|
|
104
119
|
*
|
|
@@ -109,6 +124,52 @@ declare class MonoCloudOidcClient {
|
|
|
109
124
|
*
|
|
110
125
|
*/
|
|
111
126
|
getJwks(forceRefresh?: boolean): Promise<Jwks>;
|
|
127
|
+
/**
|
|
128
|
+
* Decodes the payload of a JSON Web Token (JWT) and returns it as an object.
|
|
129
|
+
*
|
|
130
|
+
* >Note: THIS METHOD DOES NOT VERIFY JWT TOKENS.
|
|
131
|
+
*
|
|
132
|
+
* @param jwt - JWT to decode.
|
|
133
|
+
*
|
|
134
|
+
* @returns Decoded payload.
|
|
135
|
+
*
|
|
136
|
+
* @throws {@link MonoCloudTokenError} - If decoding fails
|
|
137
|
+
*
|
|
138
|
+
*/
|
|
139
|
+
static decodeJwt(jwt: string): JwtClaims;
|
|
140
|
+
}
|
|
141
|
+
//#endregion
|
|
142
|
+
//#region src/monocloud-oidc-client.d.ts
|
|
143
|
+
/**
|
|
144
|
+
* @category Classes
|
|
145
|
+
*/
|
|
146
|
+
declare class MonoCloudOidcClient extends MonoCloudOidcClientBase {
|
|
147
|
+
private readonly clientId;
|
|
148
|
+
private readonly clientSecret?;
|
|
149
|
+
private readonly authMethod;
|
|
150
|
+
private readonly idTokenSigningAlgorithm;
|
|
151
|
+
/**
|
|
152
|
+
* Creates a new instance of MonoCloudOidcClient.
|
|
153
|
+
*
|
|
154
|
+
* @param tenantDomain - The tenant domain URL.
|
|
155
|
+
* @param clientId - Client id of the application registered in MonoCloud.
|
|
156
|
+
* @param options - Additional client configuration options.
|
|
157
|
+
*/
|
|
158
|
+
constructor(tenantDomain: string, clientId: string, options?: MonoCloudOidcClientOptions);
|
|
159
|
+
/**
|
|
160
|
+
* Generates an authorization URL with specified parameters.
|
|
161
|
+
*
|
|
162
|
+
* If no values are provided for `responseType`, or `codeChallengeMethod`, they default to `code`, and `S256`, respectively.
|
|
163
|
+
*
|
|
164
|
+
* @param params - Authorization URL parameters.
|
|
165
|
+
*
|
|
166
|
+
* @returns Tenant's authorization URL.
|
|
167
|
+
*
|
|
168
|
+
* @throws {@link MonoCloudHttpError} - Thrown if there is a network error during the request or
|
|
169
|
+
* unexpected status code during the request or a serialization error while processing the response.
|
|
170
|
+
*
|
|
171
|
+
*/
|
|
172
|
+
authorizationUrl(params: AuthorizationParams): Promise<string>;
|
|
112
173
|
/**
|
|
113
174
|
* Performs a pushed authorization request.
|
|
114
175
|
*
|
|
@@ -292,20 +353,87 @@ declare class MonoCloudOidcClient {
|
|
|
292
353
|
*
|
|
293
354
|
*/
|
|
294
355
|
validateIdToken(idToken: string, jwks: Jwk[], clockSkew: number, clockTolerance: number, maxAge?: number, nonce?: string): Promise<IdTokenClaims>;
|
|
356
|
+
}
|
|
357
|
+
//#endregion
|
|
358
|
+
//#region src/monocloud-oidc-backend-client.d.ts
|
|
359
|
+
/**
|
|
360
|
+
* @category Classes
|
|
361
|
+
*/
|
|
362
|
+
declare class MonoCloudOidcBackendClient extends MonoCloudOidcClientBase {
|
|
363
|
+
private readonly clientId?;
|
|
364
|
+
private readonly clientSecret?;
|
|
365
|
+
private readonly authMethod;
|
|
366
|
+
private readonly audience;
|
|
367
|
+
private readonly groupOptions?;
|
|
295
368
|
/**
|
|
296
|
-
*
|
|
369
|
+
* Number of seconds to adjust the current time to account for clock differences between the client and server during time-based claim validation. Defaults to 0.
|
|
370
|
+
*/
|
|
371
|
+
protected clockSkew: number;
|
|
372
|
+
/**
|
|
373
|
+
* Additional time tolerance in seconds applied when validating time-based claims (`exp`, `nbf`). Defaults to 300 (5 minutes).
|
|
374
|
+
*/
|
|
375
|
+
protected clockTolerance: number;
|
|
376
|
+
/**
|
|
377
|
+
* Creates a new instance of MonoCloudOidcBackendClient.
|
|
297
378
|
*
|
|
298
|
-
*
|
|
379
|
+
* @param tenantDomain - The tenant domain URL.
|
|
380
|
+
* @param audience - The expected audience value used to validate the `aud` claim in access tokens.
|
|
381
|
+
* @param options - Additional client configuration options.
|
|
382
|
+
*/
|
|
383
|
+
constructor(tenantDomain: string, audience: string, options?: MonoCloudOidcBackendClientOptions);
|
|
384
|
+
/**
|
|
385
|
+
* Validates an opaque access token using the OAuth 2.0 Token Introspection endpoint (RFC 7662).
|
|
299
386
|
*
|
|
300
|
-
* @param
|
|
387
|
+
* @param accessToken - The access token string to introspect.
|
|
388
|
+
* @param options - Claims validation options.
|
|
301
389
|
*
|
|
302
|
-
* @returns
|
|
390
|
+
* @returns Validated access token claims (without the `active` field).
|
|
303
391
|
*
|
|
304
|
-
* @throws {@link MonoCloudTokenError} - If
|
|
392
|
+
* @throws {@link MonoCloudTokenError} - If the token is not active or claim validation fails.
|
|
393
|
+
*
|
|
394
|
+
* @throws {@link MonoCloudOPError} - When the introspection endpoint returns a standardized
|
|
395
|
+
* OAuth 2.0 error response.
|
|
396
|
+
*
|
|
397
|
+
* @throws {@link MonoCloudHttpError} - Thrown if there is a network error during the request or
|
|
398
|
+
* unexpected status code during the request or a serialization error while processing the response.
|
|
399
|
+
*
|
|
400
|
+
* @throws {@link MonoCloudValidationError} - When the access token is empty or the introspection
|
|
401
|
+
* endpoint is not available in the issuer metadata or claims validation fails.
|
|
402
|
+
*
|
|
403
|
+
*/
|
|
404
|
+
introspectAccessToken(accessToken: string, options?: IntrospectOptions): Promise<AccessTokenClaims>;
|
|
405
|
+
/**
|
|
406
|
+
* Validates a JWT access token by verifying the signature and claims.
|
|
407
|
+
*
|
|
408
|
+
* @param accessToken - The access token JWT string to validate.
|
|
409
|
+
* @param options - Validation options.
|
|
305
410
|
*
|
|
411
|
+
* @returns Validated access token claims.
|
|
412
|
+
*
|
|
413
|
+
* @throws {@link MonoCloudTokenError} - If JWT parsing, signature verification, or claim validation fails.
|
|
414
|
+
*
|
|
415
|
+
* @throws {@link MonoCloudHttpError} - Thrown if there is a network error during the request or
|
|
416
|
+
* unexpected status code during the request or a serialization error while processing the response.
|
|
417
|
+
*
|
|
418
|
+
* @throws {@link MonoCloudValidationError} - When the access token is empty or claims validation fails.
|
|
419
|
+
*
|
|
420
|
+
*/
|
|
421
|
+
validateJwtAccessToken(accessToken: string, options?: ValidateJwtAccessTokenOptions): Promise<AccessTokenClaims>;
|
|
422
|
+
/**
|
|
423
|
+
* Sets clock skew used for access token time-based claim validation.
|
|
424
|
+
*
|
|
425
|
+
* @param clockSkew - Number of seconds to adjust the current time to account for clock differences.
|
|
426
|
+
*/
|
|
427
|
+
setClockSkew(clockSkew: number): void;
|
|
428
|
+
/**
|
|
429
|
+
* Sets clock tolerance used for access token time-based claim validation.
|
|
430
|
+
*
|
|
431
|
+
* @param clockTolerance - Additional time tolerance in seconds for time-based claim validation.
|
|
306
432
|
*/
|
|
307
|
-
|
|
433
|
+
setClockTolerance(clockTolerance: number): void;
|
|
434
|
+
private validateAccessTokenClaims;
|
|
435
|
+
private validateCertificateBinding;
|
|
308
436
|
}
|
|
309
437
|
//#endregion
|
|
310
|
-
export { type AccessToken, type Address, type AuthState, type AuthenticateOptions, type Authenticators, type AuthorizationParams, type CallbackParams, type ClientAuthMethod, type CodeChallengeMethod, type DisplayOptions, type EndSessionParameters, type Group, type IdTokenClaims, type IssuerMetadata, type Jwk, type Jwks, type JwsHeaderParameters, MonoCloudAuthBaseError, type
|
|
438
|
+
export { type AccessToken, type AccessTokenClaims, type Address, type AuthState, type AuthenticateOptions, type Authenticators, type AuthorizationParams, type CallbackParams, type ClientAuthMethod, type CodeChallengeMethod, type DisplayOptions, type EndSessionParameters, type Group, type IdTokenClaims, type IntrospectOptions, type IsUserInGroupOptions, type IssuerMetadata, type Jwk, type Jwks, type JwsHeaderParameters, type JwtClaims, MonoCloudAuthBaseError, type MonoCloudClientOptionsBase, MonoCloudHttpError, MonoCloudOPError, MonoCloudOidcBackendClient, type MonoCloudOidcBackendClientOptions, MonoCloudOidcClient, MonoCloudOidcClientBase, type MonoCloudOidcClientOptions, type MonoCloudSession, MonoCloudTokenError, type MonoCloudUser, MonoCloudValidationError, type OnSessionCreating, type ParResponse, type Prompt, type PushedAuthorizationParams, type RefetchUserInfoOptions, type RefreshGrantOptions, type RefreshSessionOptions, type ResponseModes, type ResponseTypes, type SecurityAlgorithms, type TokenValidationOptionsBase, type Tokens, type UserinfoResponse, type ValidateJwtAccessTokenOptions };
|
|
311
439
|
//# sourceMappingURL=index.d.mts.map
|