@monocloud/auth-node-core 0.1.8 → 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +35 -11
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.mts +26 -5
- package/dist/index.mjs +35 -11
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.d.mts
CHANGED
|
@@ -436,7 +436,7 @@ interface MonoCloudOptionsBase {
|
|
|
436
436
|
*
|
|
437
437
|
* @defaultValue true
|
|
438
438
|
*/
|
|
439
|
-
|
|
439
|
+
fetchUserInfo: boolean;
|
|
440
440
|
/**
|
|
441
441
|
* Refetch user profile data whenever the application's `UserInfo` endpoint is invoked.
|
|
442
442
|
*
|
|
@@ -503,6 +503,15 @@ interface MonoCloudOptionsBase {
|
|
|
503
503
|
* @defaultValue false
|
|
504
504
|
*/
|
|
505
505
|
allowQueryParamOverrides?: boolean;
|
|
506
|
+
/**
|
|
507
|
+
* Determines how user profile is updated when the session is updated.
|
|
508
|
+
*
|
|
509
|
+
* When enabled, the session user profile is fully replaced with a newly constructed profile
|
|
510
|
+
* derived from the latest ID token and, if applicable, the UserInfo response.
|
|
511
|
+
*
|
|
512
|
+
* @defaultValue false
|
|
513
|
+
*/
|
|
514
|
+
strictProfileSync?: boolean;
|
|
506
515
|
/**
|
|
507
516
|
* Invoked when a back-channel logout request is received.
|
|
508
517
|
*/
|
|
@@ -569,7 +578,7 @@ interface MonoCloudSessionOptions extends Partial<Omit<MonoCloudSessionOptionsBa
|
|
|
569
578
|
* | `MONOCLOUD_AUTH_RESPONSE_TIMEOUT` | Maximum time (in milliseconds) to wait for responses from the authentication service. |
|
|
570
579
|
* | `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES` | Allows authorization parameters (such as `scope`, `resource`, or `prompt`) to be overridden via URL query parameters. |
|
|
571
580
|
* | `MONOCLOUD_AUTH_POST_LOGOUT_REDIRECT_URI` | URL users are redirected to after a successful logout. |
|
|
572
|
-
* | `
|
|
581
|
+
* | `MONOCLOUD_AUTH_FETCH_USER_INFO` | Determines whether user profile data is fetched from the `UserInfo` endpoint after authorization. |
|
|
573
582
|
* | `MONOCLOUD_AUTH_REFETCH_USER_INFO` | If `true`, user information is re-fetched on each userinfo request. |
|
|
574
583
|
* | `MONOCLOUD_AUTH_ID_TOKEN_SIGNING_ALG` | Expected signing algorithm for ID tokens (for example, `RS256`). |
|
|
575
584
|
* | `MONOCLOUD_AUTH_FILTERED_ID_TOKEN_CLAIMS` | Space-separated list of ID token claims excluded from the session object. |
|
|
@@ -791,7 +800,7 @@ interface CallbackOptions {
|
|
|
791
800
|
/**
|
|
792
801
|
* When `true`, fetches user profile data from the `UserInfo` endpoint after the authorization code exchange completes.
|
|
793
802
|
*/
|
|
794
|
-
|
|
803
|
+
fetchUserInfo?: boolean;
|
|
795
804
|
/**
|
|
796
805
|
* Redirect URI sent to the token endpoint during the authorization code exchange.
|
|
797
806
|
*
|
|
@@ -848,6 +857,17 @@ interface GetTokensOptions extends RefreshGrantOptions$1 {
|
|
|
848
857
|
*/
|
|
849
858
|
refetchUserInfo?: boolean;
|
|
850
859
|
}
|
|
860
|
+
/**
|
|
861
|
+
* Options used to control session retrieval behavior when calling `getSession()`.
|
|
862
|
+
*
|
|
863
|
+
* @category Types
|
|
864
|
+
*/
|
|
865
|
+
interface GetSessionOptions {
|
|
866
|
+
/**
|
|
867
|
+
* When enabled, re-fetches user information from the `UserInfo` endpoint and updates the current session.
|
|
868
|
+
*/
|
|
869
|
+
refetchUserInfo?: boolean;
|
|
870
|
+
}
|
|
851
871
|
//#endregion
|
|
852
872
|
//#region src/monocloud-node-core-client.d.ts
|
|
853
873
|
/**
|
|
@@ -951,10 +971,11 @@ declare class MonoCloudCoreClient {
|
|
|
951
971
|
*
|
|
952
972
|
* @param request - MonoCloud cookie request object.
|
|
953
973
|
* @param response - MonoCloud cookie response object.
|
|
974
|
+
* @param options - Optional configuration to control session retrieval behavior.
|
|
954
975
|
*
|
|
955
976
|
* @returns Session or `undefined`.
|
|
956
977
|
*/
|
|
957
|
-
getSession(request: IMonoCloudCookieRequest, response: IMonoCloudCookieResponse): Promise<MonoCloudSession$1 | undefined>;
|
|
978
|
+
getSession(request: IMonoCloudCookieRequest, response: IMonoCloudCookieResponse, options?: GetSessionOptions): Promise<MonoCloudSession$1 | undefined>;
|
|
958
979
|
/**
|
|
959
980
|
* Updates the current user's session with new data.
|
|
960
981
|
*
|
|
@@ -996,5 +1017,5 @@ declare class MonoCloudCoreClient {
|
|
|
996
1017
|
private validateOptions;
|
|
997
1018
|
}
|
|
998
1019
|
//#endregion
|
|
999
|
-
export { type AccessToken, type Address, type ApplicationState, type AuthState, type AuthenticateOptions, type Authenticators, type AuthorizationParams, type CallbackOptions, type CallbackParams, type ClientAuthMethod, type CodeChallengeMethod, type CookieOptions, type DisplayOptions, type EndSessionParameters, type GetTokensOptions, type Group, type IMonoCloudCookieRequest, type IMonoCloudCookieResponse, type IdTokenClaims, type Indicator, type IssuerMetadata, type Jwk, type Jwks, type JwsHeaderParameters, MonoCloudAuthBaseError, type MonoCloudClientOptions, type MonoCloudCookieOptions, MonoCloudCoreClient, MonoCloudHttpError, MonoCloudOPError, type MonoCloudOptions, type MonoCloudOptionsBase, type MonoCloudRequest, type MonoCloudResponse, type MonoCloudRoutes, type MonoCloudSession, type MonoCloudSessionOptions, type MonoCloudSessionOptionsBase, type MonoCloudSessionStore, type MonoCloudStateOptions, type MonoCloudStatePartialOptions, MonoCloudTokenError, type MonoCloudTokens, type MonoCloudUser, MonoCloudValidationError, type OnBackChannelLogout, type OnCoreSessionCreating, type OnError, type OnSessionCreating, type OnSetApplicationState, type ParResponse, type Prompt, type PushedAuthorizationParams, type RefetchUserInfoOptions, type RefreshGrantOptions, type RefreshSessionOptions, type ResponseModes, type ResponseTypes, type SameSiteValues, type SecurityAlgorithms, type SerializeOptions, type SessionLifetime, type SetCookie, type SignInOptions, type SignOutOptions, type Tokens, type UserInfoOptions, type UserinfoResponse };
|
|
1020
|
+
export { type AccessToken, type Address, type ApplicationState, type AuthState, type AuthenticateOptions, type Authenticators, type AuthorizationParams, type CallbackOptions, type CallbackParams, type ClientAuthMethod, type CodeChallengeMethod, type CookieOptions, type DisplayOptions, type EndSessionParameters, type GetSessionOptions, type GetTokensOptions, type Group, type IMonoCloudCookieRequest, type IMonoCloudCookieResponse, type IdTokenClaims, type Indicator, type IssuerMetadata, type Jwk, type Jwks, type JwsHeaderParameters, MonoCloudAuthBaseError, type MonoCloudClientOptions, type MonoCloudCookieOptions, MonoCloudCoreClient, MonoCloudHttpError, MonoCloudOPError, type MonoCloudOptions, type MonoCloudOptionsBase, type MonoCloudRequest, type MonoCloudResponse, type MonoCloudRoutes, type MonoCloudSession, type MonoCloudSessionOptions, type MonoCloudSessionOptionsBase, type MonoCloudSessionStore, type MonoCloudStateOptions, type MonoCloudStatePartialOptions, MonoCloudTokenError, type MonoCloudTokens, type MonoCloudUser, MonoCloudValidationError, type OnBackChannelLogout, type OnCoreSessionCreating, type OnError, type OnSessionCreating, type OnSetApplicationState, type ParResponse, type Prompt, type PushedAuthorizationParams, type RefetchUserInfoOptions, type RefreshGrantOptions, type RefreshSessionOptions, type ResponseModes, type ResponseTypes, type SameSiteValues, type SecurityAlgorithms, type SerializeOptions, type SessionLifetime, type SetCookie, type SignInOptions, type SignOutOptions, type Tokens, type UserInfoOptions, type UserinfoResponse };
|
|
1000
1021
|
//# sourceMappingURL=index.d.mts.map
|
package/dist/index.mjs
CHANGED
|
@@ -230,7 +230,7 @@ const DEFAULT_OPTIONS = {
|
|
|
230
230
|
clockSkew: 60,
|
|
231
231
|
responseTimeout: 1e4,
|
|
232
232
|
usePar: false,
|
|
233
|
-
|
|
233
|
+
fetchUserInfo: true,
|
|
234
234
|
refetchUserInfo: false,
|
|
235
235
|
federatedSignOut: true,
|
|
236
236
|
defaultAuthParams: {
|
|
@@ -238,6 +238,7 @@ const DEFAULT_OPTIONS = {
|
|
|
238
238
|
responseType: "code"
|
|
239
239
|
},
|
|
240
240
|
allowQueryParamOverrides: true,
|
|
241
|
+
strictProfileSync: false,
|
|
241
242
|
session: {
|
|
242
243
|
cookie: {
|
|
243
244
|
httpOnly: true,
|
|
@@ -370,9 +371,10 @@ const optionsSchema = Joi.object({
|
|
|
370
371
|
usePar: boolRequired,
|
|
371
372
|
postLogoutRedirectUri: stringOptional.uri({ allowRelative: true }),
|
|
372
373
|
federatedSignOut: boolRequired,
|
|
373
|
-
|
|
374
|
+
fetchUserInfo: boolRequired,
|
|
374
375
|
refetchUserInfo: boolRequired,
|
|
375
376
|
allowQueryParamOverrides: boolRequired,
|
|
377
|
+
strictProfileSync: boolRequired,
|
|
376
378
|
defaultAuthParams: authParamSchema,
|
|
377
379
|
resources: Joi.array().items(indicatorOptionsSchema).optional(),
|
|
378
380
|
session: sessionSchema,
|
|
@@ -394,7 +396,7 @@ const signInOptionsSchema = Joi.object({
|
|
|
394
396
|
onError: funcOptional
|
|
395
397
|
});
|
|
396
398
|
const callbackOptionsSchema = Joi.object({
|
|
397
|
-
|
|
399
|
+
fetchUserInfo: boolOptional,
|
|
398
400
|
redirectUri: stringOptional.uri(),
|
|
399
401
|
onError: funcOptional
|
|
400
402
|
});
|
|
@@ -415,6 +417,7 @@ const getTokensOptionsSchema = Joi.object({
|
|
|
415
417
|
resource: resourceValidationSchema.optional(),
|
|
416
418
|
scopes: scopesValidationSchema.optional()
|
|
417
419
|
});
|
|
420
|
+
const getSessionOptionsSchema = Joi.object({ refetchUserInfo: boolOptional });
|
|
418
421
|
|
|
419
422
|
//#endregion
|
|
420
423
|
//#region src/options/get-options.ts
|
|
@@ -437,9 +440,10 @@ const getOptions = (options, throwOnError = true) => {
|
|
|
437
440
|
const MONOCLOUD_AUTH_USE_PAR = process.env.MONOCLOUD_AUTH_USE_PAR;
|
|
438
441
|
const MONOCLOUD_AUTH_POST_LOGOUT_REDIRECT_URI = process.env.MONOCLOUD_AUTH_POST_LOGOUT_REDIRECT_URI;
|
|
439
442
|
const MONOCLOUD_AUTH_FEDERATED_SIGNOUT = process.env.MONOCLOUD_AUTH_FEDERATED_SIGNOUT;
|
|
440
|
-
const
|
|
443
|
+
const MONOCLOUD_AUTH_FETCH_USER_INFO = process.env.MONOCLOUD_AUTH_FETCH_USER_INFO;
|
|
441
444
|
const MONOCLOUD_AUTH_REFETCH_USER_INFO = process.env.MONOCLOUD_AUTH_REFETCH_USER_INFO;
|
|
442
445
|
const MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES = process.env.MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES;
|
|
446
|
+
const MONOCLOUD_AUTH_REFETCH_STRICT_PROFILE_SYNC = process.env.MONOCLOUD_AUTH_REFETCH_STRICT_PROFILE_SYNC;
|
|
443
447
|
const MONOCLOUD_AUTH_SESSION_COOKIE_NAME = process.env.MONOCLOUD_AUTH_SESSION_COOKIE_NAME;
|
|
444
448
|
const MONOCLOUD_AUTH_SESSION_COOKIE_PATH = process.env.MONOCLOUD_AUTH_SESSION_COOKIE_PATH;
|
|
445
449
|
const MONOCLOUD_AUTH_SESSION_COOKIE_DOMAIN = process.env.MONOCLOUD_AUTH_SESSION_COOKIE_DOMAIN;
|
|
@@ -486,9 +490,10 @@ const getOptions = (options, throwOnError = true) => {
|
|
|
486
490
|
usePar: (options === null || options === void 0 ? void 0 : options.usePar) ?? getBoolean(MONOCLOUD_AUTH_USE_PAR) ?? DEFAULT_OPTIONS.usePar,
|
|
487
491
|
postLogoutRedirectUri: (options === null || options === void 0 ? void 0 : options.postLogoutRedirectUri) ?? MONOCLOUD_AUTH_POST_LOGOUT_REDIRECT_URI,
|
|
488
492
|
federatedSignOut: (options === null || options === void 0 ? void 0 : options.federatedSignOut) ?? getBoolean(MONOCLOUD_AUTH_FEDERATED_SIGNOUT) ?? DEFAULT_OPTIONS.federatedSignOut,
|
|
489
|
-
|
|
493
|
+
fetchUserInfo: (options === null || options === void 0 ? void 0 : options.fetchUserInfo) ?? getBoolean(MONOCLOUD_AUTH_FETCH_USER_INFO) ?? DEFAULT_OPTIONS.fetchUserInfo,
|
|
490
494
|
refetchUserInfo: (options === null || options === void 0 ? void 0 : options.refetchUserInfo) ?? getBoolean(MONOCLOUD_AUTH_REFETCH_USER_INFO) ?? DEFAULT_OPTIONS.refetchUserInfo,
|
|
491
495
|
allowQueryParamOverrides: (options === null || options === void 0 ? void 0 : options.allowQueryParamOverrides) ?? getBoolean(MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES) ?? DEFAULT_OPTIONS.allowQueryParamOverrides,
|
|
496
|
+
strictProfileSync: (options === null || options === void 0 ? void 0 : options.strictProfileSync) ?? getBoolean(MONOCLOUD_AUTH_REFETCH_STRICT_PROFILE_SYNC) ?? DEFAULT_OPTIONS.strictProfileSync,
|
|
492
497
|
session: {
|
|
493
498
|
cookie: {
|
|
494
499
|
name: (options === null || options === void 0 || (_options$session = options.session) === null || _options$session === void 0 || (_options$session = _options$session.cookie) === null || _options$session === void 0 ? void 0 : _options$session.name) ?? MONOCLOUD_AUTH_SESSION_COOKIE_NAME ?? DEFAULT_OPTIONS.session.cookie.name,
|
|
@@ -724,7 +729,7 @@ var MonoCloudCoreClient = class {
|
|
|
724
729
|
idTokenNonce: monoCloudState.nonce,
|
|
725
730
|
idTokenMaxAge: monoCloudState.maxAge,
|
|
726
731
|
idTokenClockTolerance: 5,
|
|
727
|
-
fetchUserInfo: (callbackOptions === null || callbackOptions === void 0 ? void 0 : callbackOptions.
|
|
732
|
+
fetchUserInfo: (callbackOptions === null || callbackOptions === void 0 ? void 0 : callbackOptions.fetchUserInfo) ?? this.options.fetchUserInfo,
|
|
728
733
|
filteredIdTokenClaims: this.options.filteredIdTokenClaims,
|
|
729
734
|
onSessionCreating: async (s, i, u) => {
|
|
730
735
|
var _this$options$onSessi, _this$options;
|
|
@@ -791,7 +796,10 @@ var MonoCloudCoreClient = class {
|
|
|
791
796
|
response.sendJson(session.user);
|
|
792
797
|
return response.done();
|
|
793
798
|
}
|
|
794
|
-
const newSession = await this.oidcClient.refetchUserInfo(defaultToken, session, {
|
|
799
|
+
const newSession = await this.oidcClient.refetchUserInfo(defaultToken, session, {
|
|
800
|
+
onSessionCreating: (_this$options$onSessi2 = this.options.onSessionCreating) === null || _this$options$onSessi2 === void 0 ? void 0 : _this$options$onSessi2.bind(this),
|
|
801
|
+
strictProfileSync: this.options.strictProfileSync
|
|
802
|
+
});
|
|
795
803
|
if (!await this.sessionService.updateSession(request, response, newSession)) {
|
|
796
804
|
response.setNoCache();
|
|
797
805
|
response.noContent();
|
|
@@ -929,11 +937,26 @@ var MonoCloudCoreClient = class {
|
|
|
929
937
|
*
|
|
930
938
|
* @param request - MonoCloud cookie request object.
|
|
931
939
|
* @param response - MonoCloud cookie response object.
|
|
940
|
+
* @param options - Optional configuration to control session retrieval behavior.
|
|
932
941
|
*
|
|
933
942
|
* @returns Session or `undefined`.
|
|
934
943
|
*/
|
|
935
|
-
getSession(request, response) {
|
|
936
|
-
|
|
944
|
+
async getSession(request, response, options) {
|
|
945
|
+
var _this$options$onSessi3;
|
|
946
|
+
if (options) {
|
|
947
|
+
const { error } = getSessionOptionsSchema.validate(options, { abortEarly: true });
|
|
948
|
+
if (error) throw new MonoCloudValidationError$1(error.details[0].message);
|
|
949
|
+
}
|
|
950
|
+
const session = await this.sessionService.getSession(request, response);
|
|
951
|
+
if (!(options === null || options === void 0 ? void 0 : options.refetchUserInfo) || !session) return session;
|
|
952
|
+
const defaultToken = findToken(session.accessTokens, this.options.defaultAuthParams.resource, session.authorizedScopes);
|
|
953
|
+
if (!defaultToken) throw new MonoCloudValidationError$1("Access token not found");
|
|
954
|
+
const newSession = await this.oidcClient.refetchUserInfo(defaultToken, session, {
|
|
955
|
+
onSessionCreating: (_this$options$onSessi3 = this.options.onSessionCreating) === null || _this$options$onSessi3 === void 0 ? void 0 : _this$options$onSessi3.bind(this),
|
|
956
|
+
strictProfileSync: this.options.strictProfileSync
|
|
957
|
+
});
|
|
958
|
+
await this.sessionService.updateSession(request, response, newSession);
|
|
959
|
+
return newSession;
|
|
937
960
|
}
|
|
938
961
|
/**
|
|
939
962
|
* Updates the current user's session with new data.
|
|
@@ -1000,7 +1023,7 @@ var MonoCloudCoreClient = class {
|
|
|
1000
1023
|
let { idToken } = session;
|
|
1001
1024
|
let { refreshToken } = session;
|
|
1002
1025
|
if ((options === null || options === void 0 ? void 0 : options.forceRefresh) || !token || tokenExpired) {
|
|
1003
|
-
var _this$options$
|
|
1026
|
+
var _this$options$onSessi4;
|
|
1004
1027
|
if (!refreshToken && token && tokenExpired) throw new MonoCloudTokenError$1("No refresh token available to refresh the expired access token");
|
|
1005
1028
|
const updatedSession = await this.oidcClient.refreshSession(session, {
|
|
1006
1029
|
fetchUserInfo: (options === null || options === void 0 ? void 0 : options.refetchUserInfo) ?? this.options.refetchUserInfo,
|
|
@@ -1012,7 +1035,8 @@ var MonoCloudCoreClient = class {
|
|
|
1012
1035
|
scopes
|
|
1013
1036
|
},
|
|
1014
1037
|
filteredIdTokenClaims: this.options.filteredIdTokenClaims,
|
|
1015
|
-
onSessionCreating: (_this$options$
|
|
1038
|
+
onSessionCreating: (_this$options$onSessi4 = this.options.onSessionCreating) === null || _this$options$onSessi4 === void 0 ? void 0 : _this$options$onSessi4.bind(this),
|
|
1039
|
+
strictProfileSync: this.options.strictProfileSync
|
|
1016
1040
|
});
|
|
1017
1041
|
await this.sessionService.updateSession(request, response, updatedSession);
|
|
1018
1042
|
token = findToken(updatedSession === null || updatedSession === void 0 ? void 0 : updatedSession.accessTokens, resource, findTokenScopes);
|