@nauth-toolkit/core 0.1.77 → 0.1.79
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/dto/social-auth.dto.d.ts +57 -11
- package/dist/dto/social-auth.dto.d.ts.map +1 -1
- package/dist/dto/social-auth.dto.js +71 -11
- package/dist/dto/social-auth.dto.js.map +1 -1
- package/dist/interfaces/token-verifier.interface.d.ts +26 -0
- package/dist/interfaces/token-verifier.interface.d.ts.map +1 -1
- package/dist/schemas/auth-config.schema.d.ts +3598 -390
- package/dist/schemas/auth-config.schema.d.ts.map +1 -1
- package/dist/services/social-auth-base.service.d.ts.map +1 -1
- package/dist/services/social-auth-base.service.js +3 -1
- package/dist/services/social-auth-base.service.js.map +1 -1
- package/package.json +1 -1
|
@@ -247,54 +247,100 @@ export declare class HandleCallbackDTO {
|
|
|
247
247
|
* DTO for verifying social authentication token from native mobile apps
|
|
248
248
|
*
|
|
249
249
|
* Used when mobile apps (iOS, Android) use native SDKs (e.g., Google Sign-In SDK,
|
|
250
|
-
* Sign in with Apple) and need to verify
|
|
250
|
+
* Sign in with Apple, Facebook SDK) and need to verify tokens on the backend.
|
|
251
|
+
*
|
|
252
|
+
* Supports provider-aware validation:
|
|
253
|
+
* - **google**: requires `idToken`, `accessToken` optional
|
|
254
|
+
* - **apple**: requires `idToken`, `accessToken` optional, `profileData` optional
|
|
255
|
+
* - **facebook**:
|
|
256
|
+
* - Classic login: requires `accessToken` (when `idToken` not provided)
|
|
257
|
+
* - Limited Login (OIDC): requires `idToken` (JWT, when `accessToken` not provided)
|
|
251
258
|
*
|
|
252
259
|
* Security:
|
|
253
|
-
* -
|
|
260
|
+
* - Provider allow-list enforced
|
|
261
|
+
* - Per-provider required fields validated
|
|
262
|
+
* - Token signature verification performed
|
|
254
263
|
* - Token must be fresh (not expired)
|
|
255
|
-
* - Signature verification performed
|
|
256
264
|
*
|
|
257
265
|
* @example
|
|
258
266
|
* ```typescript
|
|
259
267
|
* // Google Sign-In from iOS/Android
|
|
260
268
|
* const dto: VerifyTokenDTO = {
|
|
269
|
+
* provider: 'google',
|
|
261
270
|
* idToken: 'eyJhbGciOiJSUzI1NiIs...',
|
|
262
271
|
* accessToken: 'ya29.a0AfH6SM...'
|
|
263
272
|
* };
|
|
264
273
|
*
|
|
265
274
|
* // Sign in with Apple from iOS
|
|
266
275
|
* const dto: VerifyTokenDTO = {
|
|
276
|
+
* provider: 'apple',
|
|
267
277
|
* idToken: 'eyJraWQiOiJlWGF1bm...',
|
|
268
278
|
* profileData: {
|
|
269
279
|
* name: { firstName: 'John', lastName: 'Doe' },
|
|
270
280
|
* email: 'user@privaterelay.appleid.com'
|
|
271
281
|
* }
|
|
272
282
|
* };
|
|
283
|
+
*
|
|
284
|
+
* // Facebook classic login
|
|
285
|
+
* const dto: VerifyTokenDTO = {
|
|
286
|
+
* provider: 'facebook',
|
|
287
|
+
* accessToken: 'EAABwzLixnjYBO...'
|
|
288
|
+
* };
|
|
289
|
+
*
|
|
290
|
+
* // Facebook Limited Login (iOS)
|
|
291
|
+
* const dto: VerifyTokenDTO = {
|
|
292
|
+
* provider: 'facebook',
|
|
293
|
+
* idToken: 'eyJhbGciOiJSUzI1NiIs...'
|
|
294
|
+
* };
|
|
273
295
|
* ```
|
|
274
296
|
*/
|
|
275
297
|
export declare class VerifyTokenDTO {
|
|
276
298
|
/**
|
|
277
|
-
*
|
|
299
|
+
* Social provider name
|
|
300
|
+
*
|
|
301
|
+
* Validation:
|
|
302
|
+
* - Must be one of: 'google', 'apple', 'facebook'
|
|
303
|
+
* - Max 50 characters
|
|
304
|
+
*
|
|
305
|
+
* Sanitization:
|
|
306
|
+
* - Trimmed and lowercased
|
|
307
|
+
*
|
|
308
|
+
* @example
|
|
309
|
+
* ```typescript
|
|
310
|
+
* { provider: 'google' }
|
|
311
|
+
* ```
|
|
312
|
+
*/
|
|
313
|
+
provider: string;
|
|
314
|
+
/**
|
|
315
|
+
* ID token (JWT) from native SDK
|
|
278
316
|
*
|
|
279
|
-
*
|
|
280
|
-
*
|
|
317
|
+
* Required for:
|
|
318
|
+
* - google (always)
|
|
319
|
+
* - apple (always)
|
|
320
|
+
* - facebook Limited Login (when accessToken is not provided)
|
|
281
321
|
*
|
|
282
322
|
* Validation:
|
|
323
|
+
* - Required for google/apple
|
|
324
|
+
* - Required for facebook only when accessToken is NOT provided
|
|
283
325
|
* - Must be non-empty string
|
|
284
326
|
* - Max 10000 characters (JWT tokens can be large)
|
|
285
327
|
*
|
|
286
328
|
* Sanitization:
|
|
287
329
|
* - Trimmed
|
|
288
330
|
*/
|
|
289
|
-
idToken
|
|
331
|
+
idToken?: string;
|
|
290
332
|
/**
|
|
291
|
-
*
|
|
333
|
+
* Access token (opaque) from native SDK
|
|
292
334
|
*
|
|
293
|
-
*
|
|
294
|
-
*
|
|
335
|
+
* Required for:
|
|
336
|
+
* - facebook classic login (when idToken is not provided)
|
|
337
|
+
*
|
|
338
|
+
* Optional for:
|
|
339
|
+
* - google (provided alongside idToken)
|
|
295
340
|
*
|
|
296
341
|
* Validation:
|
|
297
|
-
* -
|
|
342
|
+
* - Required for facebook only when idToken is NOT provided
|
|
343
|
+
* - Must be non-empty string if provided
|
|
298
344
|
* - Max 2000 characters
|
|
299
345
|
*
|
|
300
346
|
* Sanitization:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"social-auth.dto.d.ts","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;GAOG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;IAEjB;;OAEG;IACH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,QAAQ,EAAG,KAAK,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC;QACf,UAAU,CAAC,EAAE,IAAI,CAAC;KACnB,CAAC,CAAC;CACJ;AAED;;;;;;GAMG;AACH,qBAAa,sBAAsB;IACjC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,8BAA8B;IACzC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,cAAc,EAAG,OAAO,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;;OAUG;IAIH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,mCAAmC;IAC9C;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED
|
|
1
|
+
{"version":3,"file":"social-auth.dto.d.ts","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;GAOG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;IAEjB;;OAEG;IACH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,QAAQ,EAAG,KAAK,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC;QACf,UAAU,CAAC,EAAE,IAAI,CAAC;KACnB,CAAC,CAAC;CACJ;AAED;;;;;;GAMG;AACH,qBAAa,sBAAsB;IACjC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,8BAA8B;IACzC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,cAAc,EAAG,OAAO,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;;OAUG;IAIH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,mCAAmC;IAC9C;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,qBAAa,cAAc;IACzB;;;;;;;;;;;;;;OAcG;IAQH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;OAgBG;IAWH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;OAgBG;IAWH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;;;;;;;;;;;;;OAiBG;IAGH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAED;;;;;;;;;;GAUG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;OASG;IASH,aAAa,EAAG,MAAM,CAAC;CACxB"}
|
|
@@ -389,39 +389,81 @@ __decorate([
|
|
|
389
389
|
* DTO for verifying social authentication token from native mobile apps
|
|
390
390
|
*
|
|
391
391
|
* Used when mobile apps (iOS, Android) use native SDKs (e.g., Google Sign-In SDK,
|
|
392
|
-
* Sign in with Apple) and need to verify
|
|
392
|
+
* Sign in with Apple, Facebook SDK) and need to verify tokens on the backend.
|
|
393
|
+
*
|
|
394
|
+
* Supports provider-aware validation:
|
|
395
|
+
* - **google**: requires `idToken`, `accessToken` optional
|
|
396
|
+
* - **apple**: requires `idToken`, `accessToken` optional, `profileData` optional
|
|
397
|
+
* - **facebook**:
|
|
398
|
+
* - Classic login: requires `accessToken` (when `idToken` not provided)
|
|
399
|
+
* - Limited Login (OIDC): requires `idToken` (JWT, when `accessToken` not provided)
|
|
393
400
|
*
|
|
394
401
|
* Security:
|
|
395
|
-
* -
|
|
402
|
+
* - Provider allow-list enforced
|
|
403
|
+
* - Per-provider required fields validated
|
|
404
|
+
* - Token signature verification performed
|
|
396
405
|
* - Token must be fresh (not expired)
|
|
397
|
-
* - Signature verification performed
|
|
398
406
|
*
|
|
399
407
|
* @example
|
|
400
408
|
* ```typescript
|
|
401
409
|
* // Google Sign-In from iOS/Android
|
|
402
410
|
* const dto: VerifyTokenDTO = {
|
|
411
|
+
* provider: 'google',
|
|
403
412
|
* idToken: 'eyJhbGciOiJSUzI1NiIs...',
|
|
404
413
|
* accessToken: 'ya29.a0AfH6SM...'
|
|
405
414
|
* };
|
|
406
415
|
*
|
|
407
416
|
* // Sign in with Apple from iOS
|
|
408
417
|
* const dto: VerifyTokenDTO = {
|
|
418
|
+
* provider: 'apple',
|
|
409
419
|
* idToken: 'eyJraWQiOiJlWGF1bm...',
|
|
410
420
|
* profileData: {
|
|
411
421
|
* name: { firstName: 'John', lastName: 'Doe' },
|
|
412
422
|
* email: 'user@privaterelay.appleid.com'
|
|
413
423
|
* }
|
|
414
424
|
* };
|
|
425
|
+
*
|
|
426
|
+
* // Facebook classic login
|
|
427
|
+
* const dto: VerifyTokenDTO = {
|
|
428
|
+
* provider: 'facebook',
|
|
429
|
+
* accessToken: 'EAABwzLixnjYBO...'
|
|
430
|
+
* };
|
|
431
|
+
*
|
|
432
|
+
* // Facebook Limited Login (iOS)
|
|
433
|
+
* const dto: VerifyTokenDTO = {
|
|
434
|
+
* provider: 'facebook',
|
|
435
|
+
* idToken: 'eyJhbGciOiJSUzI1NiIs...'
|
|
436
|
+
* };
|
|
415
437
|
* ```
|
|
416
438
|
*/
|
|
417
439
|
class VerifyTokenDTO {
|
|
418
440
|
/**
|
|
419
|
-
*
|
|
441
|
+
* Social provider name
|
|
420
442
|
*
|
|
421
|
-
*
|
|
422
|
-
* Must be
|
|
443
|
+
* Validation:
|
|
444
|
+
* - Must be one of: 'google', 'apple', 'facebook'
|
|
445
|
+
* - Max 50 characters
|
|
446
|
+
*
|
|
447
|
+
* Sanitization:
|
|
448
|
+
* - Trimmed and lowercased
|
|
449
|
+
*
|
|
450
|
+
* @example
|
|
451
|
+
* ```typescript
|
|
452
|
+
* { provider: 'google' }
|
|
453
|
+
* ```
|
|
454
|
+
*/
|
|
455
|
+
provider;
|
|
456
|
+
/**
|
|
457
|
+
* ID token (JWT) from native SDK
|
|
458
|
+
*
|
|
459
|
+
* Required for:
|
|
460
|
+
* - google (always)
|
|
461
|
+
* - apple (always)
|
|
462
|
+
* - facebook Limited Login (when accessToken is not provided)
|
|
423
463
|
*
|
|
424
464
|
* Validation:
|
|
465
|
+
* - Required for google/apple
|
|
466
|
+
* - Required for facebook only when accessToken is NOT provided
|
|
425
467
|
* - Must be non-empty string
|
|
426
468
|
* - Max 10000 characters (JWT tokens can be large)
|
|
427
469
|
*
|
|
@@ -430,13 +472,17 @@ class VerifyTokenDTO {
|
|
|
430
472
|
*/
|
|
431
473
|
idToken;
|
|
432
474
|
/**
|
|
433
|
-
*
|
|
475
|
+
* Access token (opaque) from native SDK
|
|
476
|
+
*
|
|
477
|
+
* Required for:
|
|
478
|
+
* - facebook classic login (when idToken is not provided)
|
|
434
479
|
*
|
|
435
|
-
*
|
|
436
|
-
*
|
|
480
|
+
* Optional for:
|
|
481
|
+
* - google (provided alongside idToken)
|
|
437
482
|
*
|
|
438
483
|
* Validation:
|
|
439
|
-
* -
|
|
484
|
+
* - Required for facebook only when idToken is NOT provided
|
|
485
|
+
* - Must be non-empty string if provided
|
|
440
486
|
* - Max 2000 characters
|
|
441
487
|
*
|
|
442
488
|
* Sanitization:
|
|
@@ -465,7 +511,20 @@ class VerifyTokenDTO {
|
|
|
465
511
|
}
|
|
466
512
|
exports.VerifyTokenDTO = VerifyTokenDTO;
|
|
467
513
|
__decorate([
|
|
514
|
+
(0, class_validator_1.IsString)({ message: 'provider must be a string' }),
|
|
515
|
+
(0, class_validator_1.MaxLength)(50, { message: 'provider must not exceed 50 characters' }),
|
|
516
|
+
(0, class_transformer_1.Transform)(({ value }) => {
|
|
517
|
+
if (typeof value === 'string')
|
|
518
|
+
return value.trim().toLowerCase();
|
|
519
|
+
return value;
|
|
520
|
+
}),
|
|
521
|
+
(0, class_validator_1.IsIn)(['google', 'apple', 'facebook'], { message: 'provider must be one of: google, apple, facebook' }),
|
|
522
|
+
__metadata("design:type", String)
|
|
523
|
+
], VerifyTokenDTO.prototype, "provider", void 0);
|
|
524
|
+
__decorate([
|
|
525
|
+
(0, class_validator_1.ValidateIf)((o) => o.provider !== 'facebook' || !o.accessToken),
|
|
468
526
|
(0, class_validator_1.IsString)({ message: 'idToken must be a string' }),
|
|
527
|
+
(0, class_validator_1.MinLength)(1, { message: 'idToken must not be empty' }),
|
|
469
528
|
(0, class_validator_1.MaxLength)(10000, { message: 'idToken must not exceed 10000 characters' }),
|
|
470
529
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
471
530
|
if (typeof value === 'string') {
|
|
@@ -476,8 +535,9 @@ __decorate([
|
|
|
476
535
|
__metadata("design:type", String)
|
|
477
536
|
], VerifyTokenDTO.prototype, "idToken", void 0);
|
|
478
537
|
__decorate([
|
|
479
|
-
(0, class_validator_1.
|
|
538
|
+
(0, class_validator_1.ValidateIf)((o) => o.provider === 'facebook' && !o.idToken),
|
|
480
539
|
(0, class_validator_1.IsString)({ message: 'accessToken must be a string' }),
|
|
540
|
+
(0, class_validator_1.MinLength)(1, { message: 'accessToken must not be empty' }),
|
|
481
541
|
(0, class_validator_1.MaxLength)(2000, { message: 'accessToken must not exceed 2000 characters' }),
|
|
482
542
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
483
543
|
if (typeof value === 'string') {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"social-auth.dto.js","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"social-auth.dto.js","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAiH;AACjH,yDAA8C;AAE9C;;;;;;;GAOG;AACH,MAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;OASG;IASH,QAAQ,CAAU;IAElB;;;;;;;;;OASG;IASH,IAAI,CAAU;IAEd;;;;;;;;;OASG;IASH,KAAK,CAAU;CAChB;AA9ED,oDA8EC;AA7DC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACc;AAoBhB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACgB;AAoBlB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;IAClF,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;kDACY;AAoBd;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;mDACa;AAGjB;;GAEG;AACH,MAAa,4BAA4B;IACvC;;OAEG;IACH,OAAO,CAAU;IAEjB;;OAEG;IACH,QAAQ,CAAU;CACnB;AAVD,oEAUC;AAED;;;;;GAKG;AACH,MAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,CAAU;CACjB;AAlBD,oDAkBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACc;AAGlB;;GAEG;AACH,MAAa,4BAA4B;IACvC;;OAEG;IACH,QAAQ,CAKL;CACJ;AAVD,oEAUC;AAED;;;;;;GAMG;AACH,MAAa,sBAAsB;IACjC;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;OASG;IASH,QAAQ,CAAU;CACnB;AAtCD,wDAsCC;AArBC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACc;AAoBhB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;wDACgB;AAGpB;;GAEG;AACH,MAAa,8BAA8B;IACzC;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,wEAKC;AAED;;;;;GAKG;AACH,MAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IAQH,MAAM,CAAU;CACjB;AAlBD,8CAkBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;iDACc;AAGlB;;GAEG;AACH,MAAa,yBAAyB;IACpC;;OAEG;IACH,cAAc,CAAW;CAC1B;AALD,8DAKC;AAED;;;;;;GAMG;AACH,MAAa,2BAA2B;IACtC;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;;OAUG;IAIH,QAAQ,CAAU;CACnB;AAlCD,kEAkCC;AAjBC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;2DACc;AAgBhB;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;6DACrD;AAGpB;;GAEG;AACH,MAAa,mCAAmC;IAC9C;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,kFAKC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,iBAAiB;IAC5B;;;;;;;;;OASG;IASH,IAAI,CAAU;IAEd;;;;;;;;;OASG;IASH,KAAK,CAAU;CAChB;AAxCD,8CAwCC;AArBC;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;IAClF,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;+CACY;AAoBd;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;gDACa;AAGjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,MAAa,cAAc;IACzB;;;;;;;;;;;;;;OAcG;IAQH,QAAQ,CAAU;IAElB;;;;;;;;;;;;;;;;OAgBG;IAWH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;OAgBG;IAWH,WAAW,CAAU;IAErB;;;;;;;;;;;;;;;;;OAiBG;IAGH,WAAW,CAA2B;CACvC;AAxGD,wCAwGC;AAjFC;IAPC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACpE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACD,IAAA,sBAAI,EAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;gDACrF;AA6BlB;IAVC,IAAA,4BAAU,EAAC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC;IAC9E,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IACtD,IAAA,2BAAS,EAAC,KAAK,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;+CACe;AA6BjB;IAVC,IAAA,4BAAU,EAAC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;IAC1E,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACrD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IAC1D,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IAC3E,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;mDACmB;AAsBrB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;;mDACjB;AAGxC;;;;;;;;;;GAUG;AACH,MAAa,iBAAiB;IAC5B;;;;;;;;;OASG;IASH,aAAa,CAAU;CACxB;AApBD,8CAoBC;AADC;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACvD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IAC3E,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;wDACqB"}
|
|
@@ -93,6 +93,32 @@ export interface ITokenVerifierService {
|
|
|
93
93
|
* ```
|
|
94
94
|
*/
|
|
95
95
|
verifyFacebookToken?(accessToken: string, appId: string, appSecret: string): Promise<unknown>;
|
|
96
|
+
/**
|
|
97
|
+
* Verify Facebook ID token (OIDC / Limited Login) with JWT signature validation
|
|
98
|
+
*
|
|
99
|
+
* Facebook Limited Login (primarily iOS) returns an **ID token (JWT)** instead of an access token.
|
|
100
|
+
* This method verifies the JWT signature using Facebook's OIDC JWKS and validates standard claims.
|
|
101
|
+
*
|
|
102
|
+
* Expected OIDC discovery values:
|
|
103
|
+
* - Issuer: `https://www.facebook.com`
|
|
104
|
+
* - JWKS URI: `https://www.facebook.com/.well-known/oauth/openid/jwks/`
|
|
105
|
+
*
|
|
106
|
+
* Security:
|
|
107
|
+
* - Validates signature (RS256) using Facebook public keys (JWKS)
|
|
108
|
+
* - Validates `iss` (issuer) and `aud` (audience) against the app ID
|
|
109
|
+
* - Validates token freshness (`exp`, `iat`) via jwt library
|
|
110
|
+
*
|
|
111
|
+
* @param idToken - Facebook OIDC ID token (JWT)
|
|
112
|
+
* @param appId - Facebook App ID for audience validation
|
|
113
|
+
* @returns Verified user profile data (provider-specific type)
|
|
114
|
+
*
|
|
115
|
+
* @example
|
|
116
|
+
* ```typescript
|
|
117
|
+
* const profile = await verifier.verifyFacebookIdToken(idToken, '1234567890');
|
|
118
|
+
* console.log(profile.sub);
|
|
119
|
+
* ```
|
|
120
|
+
*/
|
|
121
|
+
verifyFacebookIdToken?(idToken: string, appId: string): Promise<unknown>;
|
|
96
122
|
/**
|
|
97
123
|
* Clear cached clients and keys
|
|
98
124
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-verifier.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/token-verifier.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,iBAAiB,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEnF;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,gBAAgB,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvE;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,mBAAmB,CAAC,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9F;;;;;;;;;OASG;IACH,UAAU,CAAC,IAAI,IAAI,CAAC;CACrB"}
|
|
1
|
+
{"version":3,"file":"token-verifier.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/token-verifier.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,iBAAiB,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEnF;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,gBAAgB,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvE;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,mBAAmB,CAAC,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9F;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,qBAAqB,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEzE;;;;;;;;;OASG;IACH,UAAU,CAAC,IAAI,IAAI,CAAC;CACrB"}
|