@naylence/runtime 0.3.18 → 0.3.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/browser/index.cjs +55 -4
  2. package/dist/browser/index.mjs +55 -4
  3. package/dist/cjs/naylence/fame/security/auth/oauth2-client-credentials-token-provider.js +45 -0
  4. package/dist/cjs/naylence/fame/security/default-security-manager.js +8 -2
  5. package/dist/cjs/version.js +2 -2
  6. package/dist/esm/naylence/fame/security/auth/oauth2-client-credentials-token-provider.js +45 -0
  7. package/dist/esm/naylence/fame/security/default-security-manager.js +8 -2
  8. package/dist/esm/version.js +2 -2
  9. package/dist/node/index.cjs +55 -4
  10. package/dist/node/index.mjs +55 -4
  11. package/dist/node/node.cjs +55 -4
  12. package/dist/node/node.mjs +55 -4
  13. package/dist/types/naylence/fame/security/auth/oauth2-client-credentials-token-provider.d.ts +4 -2
  14. package/dist/types/version.d.ts +1 -1
  15. package/package.json +1 -1
package/dist/browser/index.cjs CHANGED
@@ -515,12 +515,12 @@ async function ensureRuntimeFactoriesRegistered(registry = factory.Registry) {
515
515
  }
516
516
 
517
517
  // This file is auto-generated during build - do not edit manually
518
- // Generated from package.json version: 0.3.18
518
+ // Generated from package.json version: 0.3.20
519
519
  /**
520
520
  * The package version, injected at build time.
521
521
  * @internal
522
522
  */
523
- const VERSION = '0.3.18';
523
+ const VERSION = '0.3.20';
524
524
 
525
525
  let initialized = false;
526
526
  const runtimePlugin = {
@@ -25863,9 +25863,15 @@ class DefaultSecurityManager {
25863
25863
  hasNodeAttachValidation(authorizer)) {
25864
25864
  try {
25865
25865
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
25866
- if (validated) {
25867
- finalAuthResult = validated;
25866
+ if (validated === undefined) {
25867
+ logger$z.warning('node_attach_validation_rejected', {
25868
+ envp_id: envelope.id,
25869
+ frame_type: envelope.frame.type,
25870
+ origin_type: context.originType ?? 'unknown',
25871
+ });
25872
+ return null;
25868
25873
  }
25874
+ finalAuthResult = validated;
25869
25875
  }
25870
25876
  catch (error) {
25871
25877
  logger$z.error('node_attach_authorization_validation_failed', {
@@ -40279,6 +40285,51 @@ class OAuth2ClientCredentialsTokenProvider {
40279
40285
  }
40280
40286
  return DEFAULT_EXPIRY_SECONDS;
40281
40287
  }
40288
+ async getIdentity() {
40289
+ const token = await this.getToken();
40290
+ const tokenValue = token.value;
40291
+ const parts = tokenValue.split('.');
40292
+ if (parts.length !== 3) {
40293
+ return undefined;
40294
+ }
40295
+ try {
40296
+ const payloadSegment = parts[1];
40297
+ // Fix padding for base64url
40298
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
40299
+ const base64 = (payloadSegment + padding)
40300
+ .replace(/-/g, '+')
40301
+ .replace(/_/g, '/');
40302
+ let jsonString;
40303
+ if (typeof Buffer !== 'undefined') {
40304
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
40305
+ }
40306
+ else if (typeof atob === 'function') {
40307
+ jsonString = atob(base64);
40308
+ try {
40309
+ jsonString = decodeURIComponent(jsonString
40310
+ .split('')
40311
+ .map(function (c) {
40312
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
40313
+ })
40314
+ .join(''));
40315
+ }
40316
+ catch {
40317
+ // ignore
40318
+ }
40319
+ }
40320
+ else {
40321
+ return undefined;
40322
+ }
40323
+ const payload = JSON.parse(jsonString);
40324
+ if (payload && typeof payload.sub === 'string') {
40325
+ return { subject: payload.sub, claims: payload };
40326
+ }
40327
+ }
40328
+ catch {
40329
+ // ignore decoding errors
40330
+ }
40331
+ return undefined;
40332
+ }
40282
40333
  }
40283
40334
 
40284
40335
  var oauth2ClientCredentialsTokenProvider = /*#__PURE__*/Object.freeze({
package/dist/browser/index.mjs CHANGED
@@ -513,12 +513,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
513
513
  }
514
514
 
515
515
  // This file is auto-generated during build - do not edit manually
516
- // Generated from package.json version: 0.3.18
516
+ // Generated from package.json version: 0.3.20
517
517
  /**
518
518
  * The package version, injected at build time.
519
519
  * @internal
520
520
  */
521
- const VERSION = '0.3.18';
521
+ const VERSION = '0.3.20';
522
522
 
523
523
  let initialized = false;
524
524
  const runtimePlugin = {
@@ -25861,9 +25861,15 @@ class DefaultSecurityManager {
25861
25861
  hasNodeAttachValidation(authorizer)) {
25862
25862
  try {
25863
25863
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
25864
- if (validated) {
25865
- finalAuthResult = validated;
25864
+ if (validated === undefined) {
25865
+ logger$z.warning('node_attach_validation_rejected', {
25866
+ envp_id: envelope.id,
25867
+ frame_type: envelope.frame.type,
25868
+ origin_type: context.originType ?? 'unknown',
25869
+ });
25870
+ return null;
25866
25871
  }
25872
+ finalAuthResult = validated;
25867
25873
  }
25868
25874
  catch (error) {
25869
25875
  logger$z.error('node_attach_authorization_validation_failed', {
@@ -40277,6 +40283,51 @@ class OAuth2ClientCredentialsTokenProvider {
40277
40283
  }
40278
40284
  return DEFAULT_EXPIRY_SECONDS;
40279
40285
  }
40286
+ async getIdentity() {
40287
+ const token = await this.getToken();
40288
+ const tokenValue = token.value;
40289
+ const parts = tokenValue.split('.');
40290
+ if (parts.length !== 3) {
40291
+ return undefined;
40292
+ }
40293
+ try {
40294
+ const payloadSegment = parts[1];
40295
+ // Fix padding for base64url
40296
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
40297
+ const base64 = (payloadSegment + padding)
40298
+ .replace(/-/g, '+')
40299
+ .replace(/_/g, '/');
40300
+ let jsonString;
40301
+ if (typeof Buffer !== 'undefined') {
40302
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
40303
+ }
40304
+ else if (typeof atob === 'function') {
40305
+ jsonString = atob(base64);
40306
+ try {
40307
+ jsonString = decodeURIComponent(jsonString
40308
+ .split('')
40309
+ .map(function (c) {
40310
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
40311
+ })
40312
+ .join(''));
40313
+ }
40314
+ catch {
40315
+ // ignore
40316
+ }
40317
+ }
40318
+ else {
40319
+ return undefined;
40320
+ }
40321
+ const payload = JSON.parse(jsonString);
40322
+ if (payload && typeof payload.sub === 'string') {
40323
+ return { subject: payload.sub, claims: payload };
40324
+ }
40325
+ }
40326
+ catch {
40327
+ // ignore decoding errors
40328
+ }
40329
+ return undefined;
40330
+ }
40280
40331
  }
40281
40332
 
40282
40333
  var oauth2ClientCredentialsTokenProvider = /*#__PURE__*/Object.freeze({
package/dist/cjs/naylence/fame/security/auth/oauth2-client-credentials-token-provider.js CHANGED
@@ -152,5 +152,50 @@ class OAuth2ClientCredentialsTokenProvider {
152
152
  }
153
153
  return DEFAULT_EXPIRY_SECONDS;
154
154
  }
155
+ async getIdentity() {
156
+ const token = await this.getToken();
157
+ const tokenValue = token.value;
158
+ const parts = tokenValue.split('.');
159
+ if (parts.length !== 3) {
160
+ return undefined;
161
+ }
162
+ try {
163
+ const payloadSegment = parts[1];
164
+ // Fix padding for base64url
165
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
166
+ const base64 = (payloadSegment + padding)
167
+ .replace(/-/g, '+')
168
+ .replace(/_/g, '/');
169
+ let jsonString;
170
+ if (typeof Buffer !== 'undefined') {
171
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
172
+ }
173
+ else if (typeof atob === 'function') {
174
+ jsonString = atob(base64);
175
+ try {
176
+ jsonString = decodeURIComponent(jsonString
177
+ .split('')
178
+ .map(function (c) {
179
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
180
+ })
181
+ .join(''));
182
+ }
183
+ catch {
184
+ // ignore
185
+ }
186
+ }
187
+ else {
188
+ return undefined;
189
+ }
190
+ const payload = JSON.parse(jsonString);
191
+ if (payload && typeof payload.sub === 'string') {
192
+ return { subject: payload.sub, claims: payload };
193
+ }
194
+ }
195
+ catch {
196
+ // ignore decoding errors
197
+ }
198
+ return undefined;
199
+ }
155
200
  }
156
201
  exports.OAuth2ClientCredentialsTokenProvider = OAuth2ClientCredentialsTokenProvider;
package/dist/cjs/naylence/fame/security/default-security-manager.js CHANGED
@@ -692,9 +692,15 @@ class DefaultSecurityManager {
692
692
  hasNodeAttachValidation(authorizer)) {
693
693
  try {
694
694
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
695
- if (validated) {
696
- finalAuthResult = validated;
695
+ if (validated === undefined) {
696
+ logger.warning('node_attach_validation_rejected', {
697
+ envp_id: envelope.id,
698
+ frame_type: envelope.frame.type,
699
+ origin_type: context.originType ?? 'unknown',
700
+ });
701
+ return null;
697
702
  }
703
+ finalAuthResult = validated;
698
704
  }
699
705
  catch (error) {
700
706
  logger.error('node_attach_authorization_validation_failed', {
package/dist/cjs/version.js CHANGED
@@ -1,10 +1,10 @@
1
1
  "use strict";
2
2
  // This file is auto-generated during build - do not edit manually
3
- // Generated from package.json version: 0.3.18
3
+ // Generated from package.json version: 0.3.20
4
4
  Object.defineProperty(exports, "__esModule", { value: true });
5
5
  exports.VERSION = void 0;
6
6
  /**
7
7
  * The package version, injected at build time.
8
8
  * @internal
9
9
  */
10
- exports.VERSION = '0.3.18';
10
+ exports.VERSION = '0.3.20';
package/dist/esm/naylence/fame/security/auth/oauth2-client-credentials-token-provider.js CHANGED
@@ -149,4 +149,49 @@ export class OAuth2ClientCredentialsTokenProvider {
149
149
  }
150
150
  return DEFAULT_EXPIRY_SECONDS;
151
151
  }
152
+ async getIdentity() {
153
+ const token = await this.getToken();
154
+ const tokenValue = token.value;
155
+ const parts = tokenValue.split('.');
156
+ if (parts.length !== 3) {
157
+ return undefined;
158
+ }
159
+ try {
160
+ const payloadSegment = parts[1];
161
+ // Fix padding for base64url
162
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
163
+ const base64 = (payloadSegment + padding)
164
+ .replace(/-/g, '+')
165
+ .replace(/_/g, '/');
166
+ let jsonString;
167
+ if (typeof Buffer !== 'undefined') {
168
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
169
+ }
170
+ else if (typeof atob === 'function') {
171
+ jsonString = atob(base64);
172
+ try {
173
+ jsonString = decodeURIComponent(jsonString
174
+ .split('')
175
+ .map(function (c) {
176
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
177
+ })
178
+ .join(''));
179
+ }
180
+ catch {
181
+ // ignore
182
+ }
183
+ }
184
+ else {
185
+ return undefined;
186
+ }
187
+ const payload = JSON.parse(jsonString);
188
+ if (payload && typeof payload.sub === 'string') {
189
+ return { subject: payload.sub, claims: payload };
190
+ }
191
+ }
192
+ catch {
193
+ // ignore decoding errors
194
+ }
195
+ return undefined;
196
+ }
152
197
  }
package/dist/esm/naylence/fame/security/default-security-manager.js CHANGED
@@ -689,9 +689,15 @@ export class DefaultSecurityManager {
689
689
  hasNodeAttachValidation(authorizer)) {
690
690
  try {
691
691
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
692
- if (validated) {
693
- finalAuthResult = validated;
692
+ if (validated === undefined) {
693
+ logger.warning('node_attach_validation_rejected', {
694
+ envp_id: envelope.id,
695
+ frame_type: envelope.frame.type,
696
+ origin_type: context.originType ?? 'unknown',
697
+ });
698
+ return null;
694
699
  }
700
+ finalAuthResult = validated;
695
701
  }
696
702
  catch (error) {
697
703
  logger.error('node_attach_authorization_validation_failed', {
package/dist/esm/version.js CHANGED
@@ -1,7 +1,7 @@
1
1
  // This file is auto-generated during build - do not edit manually
2
- // Generated from package.json version: 0.3.18
2
+ // Generated from package.json version: 0.3.20
3
3
  /**
4
4
  * The package version, injected at build time.
5
5
  * @internal
6
6
  */
7
- export const VERSION = '0.3.18';
7
+ export const VERSION = '0.3.20';
package/dist/node/index.cjs CHANGED
@@ -14,12 +14,12 @@ var fastify = require('fastify');
14
14
  var websocketPlugin = require('@fastify/websocket');
15
15
 
16
16
  // This file is auto-generated during build - do not edit manually
17
- // Generated from package.json version: 0.3.18
17
+ // Generated from package.json version: 0.3.20
18
18
  /**
19
19
  * The package version, injected at build time.
20
20
  * @internal
21
21
  */
22
- const VERSION = '0.3.18';
22
+ const VERSION = '0.3.20';
23
23
 
24
24
  /**
25
25
  * Fame protocol specific error classes with WebSocket close codes and proper inheritance.
@@ -25750,9 +25750,15 @@ class DefaultSecurityManager {
25750
25750
  hasNodeAttachValidation(authorizer)) {
25751
25751
  try {
25752
25752
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
25753
- if (validated) {
25754
- finalAuthResult = validated;
25753
+ if (validated === undefined) {
25754
+ logger$z.warning('node_attach_validation_rejected', {
25755
+ envp_id: envelope.id,
25756
+ frame_type: envelope.frame.type,
25757
+ origin_type: context.originType ?? 'unknown',
25758
+ });
25759
+ return null;
25755
25760
  }
25761
+ finalAuthResult = validated;
25756
25762
  }
25757
25763
  catch (error) {
25758
25764
  logger$z.error('node_attach_authorization_validation_failed', {
@@ -40081,6 +40087,51 @@ class OAuth2ClientCredentialsTokenProvider {
40081
40087
  }
40082
40088
  return DEFAULT_EXPIRY_SECONDS;
40083
40089
  }
40090
+ async getIdentity() {
40091
+ const token = await this.getToken();
40092
+ const tokenValue = token.value;
40093
+ const parts = tokenValue.split('.');
40094
+ if (parts.length !== 3) {
40095
+ return undefined;
40096
+ }
40097
+ try {
40098
+ const payloadSegment = parts[1];
40099
+ // Fix padding for base64url
40100
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
40101
+ const base64 = (payloadSegment + padding)
40102
+ .replace(/-/g, '+')
40103
+ .replace(/_/g, '/');
40104
+ let jsonString;
40105
+ if (typeof Buffer !== 'undefined') {
40106
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
40107
+ }
40108
+ else if (typeof atob === 'function') {
40109
+ jsonString = atob(base64);
40110
+ try {
40111
+ jsonString = decodeURIComponent(jsonString
40112
+ .split('')
40113
+ .map(function (c) {
40114
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
40115
+ })
40116
+ .join(''));
40117
+ }
40118
+ catch {
40119
+ // ignore
40120
+ }
40121
+ }
40122
+ else {
40123
+ return undefined;
40124
+ }
40125
+ const payload = JSON.parse(jsonString);
40126
+ if (payload && typeof payload.sub === 'string') {
40127
+ return { subject: payload.sub, claims: payload };
40128
+ }
40129
+ }
40130
+ catch {
40131
+ // ignore decoding errors
40132
+ }
40133
+ return undefined;
40134
+ }
40084
40135
  }
40085
40136
 
40086
40137
  var oauth2ClientCredentialsTokenProvider = /*#__PURE__*/Object.freeze({
package/dist/node/index.mjs CHANGED
@@ -13,12 +13,12 @@ import fastify from 'fastify';
13
13
  import websocketPlugin from '@fastify/websocket';
14
14
 
15
15
  // This file is auto-generated during build - do not edit manually
16
- // Generated from package.json version: 0.3.18
16
+ // Generated from package.json version: 0.3.20
17
17
  /**
18
18
  * The package version, injected at build time.
19
19
  * @internal
20
20
  */
21
- const VERSION = '0.3.18';
21
+ const VERSION = '0.3.20';
22
22
 
23
23
  /**
24
24
  * Fame protocol specific error classes with WebSocket close codes and proper inheritance.
@@ -25749,9 +25749,15 @@ class DefaultSecurityManager {
25749
25749
  hasNodeAttachValidation(authorizer)) {
25750
25750
  try {
25751
25751
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
25752
- if (validated) {
25753
- finalAuthResult = validated;
25752
+ if (validated === undefined) {
25753
+ logger$z.warning('node_attach_validation_rejected', {
25754
+ envp_id: envelope.id,
25755
+ frame_type: envelope.frame.type,
25756
+ origin_type: context.originType ?? 'unknown',
25757
+ });
25758
+ return null;
25754
25759
  }
25760
+ finalAuthResult = validated;
25755
25761
  }
25756
25762
  catch (error) {
25757
25763
  logger$z.error('node_attach_authorization_validation_failed', {
@@ -40080,6 +40086,51 @@ class OAuth2ClientCredentialsTokenProvider {
40080
40086
  }
40081
40087
  return DEFAULT_EXPIRY_SECONDS;
40082
40088
  }
40089
+ async getIdentity() {
40090
+ const token = await this.getToken();
40091
+ const tokenValue = token.value;
40092
+ const parts = tokenValue.split('.');
40093
+ if (parts.length !== 3) {
40094
+ return undefined;
40095
+ }
40096
+ try {
40097
+ const payloadSegment = parts[1];
40098
+ // Fix padding for base64url
40099
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
40100
+ const base64 = (payloadSegment + padding)
40101
+ .replace(/-/g, '+')
40102
+ .replace(/_/g, '/');
40103
+ let jsonString;
40104
+ if (typeof Buffer !== 'undefined') {
40105
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
40106
+ }
40107
+ else if (typeof atob === 'function') {
40108
+ jsonString = atob(base64);
40109
+ try {
40110
+ jsonString = decodeURIComponent(jsonString
40111
+ .split('')
40112
+ .map(function (c) {
40113
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
40114
+ })
40115
+ .join(''));
40116
+ }
40117
+ catch {
40118
+ // ignore
40119
+ }
40120
+ }
40121
+ else {
40122
+ return undefined;
40123
+ }
40124
+ const payload = JSON.parse(jsonString);
40125
+ if (payload && typeof payload.sub === 'string') {
40126
+ return { subject: payload.sub, claims: payload };
40127
+ }
40128
+ }
40129
+ catch {
40130
+ // ignore decoding errors
40131
+ }
40132
+ return undefined;
40133
+ }
40083
40134
  }
40084
40135
 
40085
40136
  var oauth2ClientCredentialsTokenProvider = /*#__PURE__*/Object.freeze({
package/dist/node/node.cjs CHANGED
@@ -4426,12 +4426,12 @@ async function ensureRuntimeFactoriesRegistered(registry = factory.Registry) {
4426
4426
  }
4427
4427
 
4428
4428
  // This file is auto-generated during build - do not edit manually
4429
- // Generated from package.json version: 0.3.18
4429
+ // Generated from package.json version: 0.3.20
4430
4430
  /**
4431
4431
  * The package version, injected at build time.
4432
4432
  * @internal
4433
4433
  */
4434
- const VERSION = '0.3.18';
4434
+ const VERSION = '0.3.20';
4435
4435
 
4436
4436
  let initialized = false;
4437
4437
  const runtimePlugin = {
@@ -26938,9 +26938,15 @@ class DefaultSecurityManager {
26938
26938
  hasNodeAttachValidation(authorizer)) {
26939
26939
  try {
26940
26940
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
26941
- if (validated) {
26942
- finalAuthResult = validated;
26941
+ if (validated === undefined) {
26942
+ logger$C.warning('node_attach_validation_rejected', {
26943
+ envp_id: envelope.id,
26944
+ frame_type: envelope.frame.type,
26945
+ origin_type: context.originType ?? 'unknown',
26946
+ });
26947
+ return null;
26943
26948
  }
26949
+ finalAuthResult = validated;
26944
26950
  }
26945
26951
  catch (error) {
26946
26952
  logger$C.error('node_attach_authorization_validation_failed', {
@@ -42415,6 +42421,51 @@ class OAuth2ClientCredentialsTokenProvider {
42415
42421
  }
42416
42422
  return DEFAULT_EXPIRY_SECONDS;
42417
42423
  }
42424
+ async getIdentity() {
42425
+ const token = await this.getToken();
42426
+ const tokenValue = token.value;
42427
+ const parts = tokenValue.split('.');
42428
+ if (parts.length !== 3) {
42429
+ return undefined;
42430
+ }
42431
+ try {
42432
+ const payloadSegment = parts[1];
42433
+ // Fix padding for base64url
42434
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
42435
+ const base64 = (payloadSegment + padding)
42436
+ .replace(/-/g, '+')
42437
+ .replace(/_/g, '/');
42438
+ let jsonString;
42439
+ if (typeof Buffer !== 'undefined') {
42440
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
42441
+ }
42442
+ else if (typeof atob === 'function') {
42443
+ jsonString = atob(base64);
42444
+ try {
42445
+ jsonString = decodeURIComponent(jsonString
42446
+ .split('')
42447
+ .map(function (c) {
42448
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
42449
+ })
42450
+ .join(''));
42451
+ }
42452
+ catch {
42453
+ // ignore
42454
+ }
42455
+ }
42456
+ else {
42457
+ return undefined;
42458
+ }
42459
+ const payload = JSON.parse(jsonString);
42460
+ if (payload && typeof payload.sub === 'string') {
42461
+ return { subject: payload.sub, claims: payload };
42462
+ }
42463
+ }
42464
+ catch {
42465
+ // ignore decoding errors
42466
+ }
42467
+ return undefined;
42468
+ }
42418
42469
  }
42419
42470
 
42420
42471
  var oauth2ClientCredentialsTokenProvider = /*#__PURE__*/Object.freeze({
package/dist/node/node.mjs CHANGED
@@ -4425,12 +4425,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
4425
4425
  }
4426
4426
 
4427
4427
  // This file is auto-generated during build - do not edit manually
4428
- // Generated from package.json version: 0.3.18
4428
+ // Generated from package.json version: 0.3.20
4429
4429
  /**
4430
4430
  * The package version, injected at build time.
4431
4431
  * @internal
4432
4432
  */
4433
- const VERSION = '0.3.18';
4433
+ const VERSION = '0.3.20';
4434
4434
 
4435
4435
  let initialized = false;
4436
4436
  const runtimePlugin = {
@@ -26937,9 +26937,15 @@ class DefaultSecurityManager {
26937
26937
  hasNodeAttachValidation(authorizer)) {
26938
26938
  try {
26939
26939
  const validated = await authorizer.validateNodeAttachRequest(_node, envelope.frame, authResult);
26940
- if (validated) {
26941
- finalAuthResult = validated;
26940
+ if (validated === undefined) {
26941
+ logger$C.warning('node_attach_validation_rejected', {
26942
+ envp_id: envelope.id,
26943
+ frame_type: envelope.frame.type,
26944
+ origin_type: context.originType ?? 'unknown',
26945
+ });
26946
+ return null;
26942
26947
  }
26948
+ finalAuthResult = validated;
26943
26949
  }
26944
26950
  catch (error) {
26945
26951
  logger$C.error('node_attach_authorization_validation_failed', {
@@ -42414,6 +42420,51 @@ class OAuth2ClientCredentialsTokenProvider {
42414
42420
  }
42415
42421
  return DEFAULT_EXPIRY_SECONDS;
42416
42422
  }
42423
+ async getIdentity() {
42424
+ const token = await this.getToken();
42425
+ const tokenValue = token.value;
42426
+ const parts = tokenValue.split('.');
42427
+ if (parts.length !== 3) {
42428
+ return undefined;
42429
+ }
42430
+ try {
42431
+ const payloadSegment = parts[1];
42432
+ // Fix padding for base64url
42433
+ const padding = '='.repeat((4 - (payloadSegment.length % 4)) % 4);
42434
+ const base64 = (payloadSegment + padding)
42435
+ .replace(/-/g, '+')
42436
+ .replace(/_/g, '/');
42437
+ let jsonString;
42438
+ if (typeof Buffer !== 'undefined') {
42439
+ jsonString = Buffer.from(base64, 'base64').toString('utf-8');
42440
+ }
42441
+ else if (typeof atob === 'function') {
42442
+ jsonString = atob(base64);
42443
+ try {
42444
+ jsonString = decodeURIComponent(jsonString
42445
+ .split('')
42446
+ .map(function (c) {
42447
+ return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
42448
+ })
42449
+ .join(''));
42450
+ }
42451
+ catch {
42452
+ // ignore
42453
+ }
42454
+ }
42455
+ else {
42456
+ return undefined;
42457
+ }
42458
+ const payload = JSON.parse(jsonString);
42459
+ if (payload && typeof payload.sub === 'string') {
42460
+ return { subject: payload.sub, claims: payload };
42461
+ }
42462
+ }
42463
+ catch {
42464
+ // ignore decoding errors
42465
+ }
42466
+ return undefined;
42467
+ }
42417
42468
  }
42418
42469
 
42419
42470
  var oauth2ClientCredentialsTokenProvider = /*#__PURE__*/Object.freeze({
package/dist/types/naylence/fame/security/auth/oauth2-client-credentials-token-provider.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { type CredentialProvider } from '../credential/credential-provider.js';
2
2
  import type { Token } from './token.js';
3
- import type { TokenProvider } from './token-provider.js';
3
+ import type { IdentityExposingTokenProvider } from './token-provider.js';
4
+ import type { AuthIdentity } from './auth-identity.js';
4
5
  interface FetchLike {
5
6
  (input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
6
7
  }
@@ -13,7 +14,7 @@ export interface OAuth2ClientCredentialsTokenProviderOptions {
13
14
  fetchImpl?: FetchLike;
14
15
  clockSkewSeconds?: number;
15
16
  }
16
- export declare class OAuth2ClientCredentialsTokenProvider implements TokenProvider {
17
+ export declare class OAuth2ClientCredentialsTokenProvider implements IdentityExposingTokenProvider {
17
18
  private cachedToken;
18
19
  private readonly options;
19
20
  constructor(rawOptions: OAuth2ClientCredentialsTokenProviderOptions | Record<string, unknown>);
@@ -22,5 +23,6 @@ export declare class OAuth2ClientCredentialsTokenProvider implements TokenProvid
22
23
  private fetchNewToken;
23
24
  private resolveFetch;
24
25
  private resolveExpiresIn;
26
+ getIdentity(): Promise<AuthIdentity | undefined>;
25
27
  }
26
28
  export {};
package/dist/types/version.d.ts CHANGED
@@ -2,4 +2,4 @@
2
2
  * The package version, injected at build time.
3
3
  * @internal
4
4
  */
5
- export declare const VERSION = "0.3.18";
5
+ export declare const VERSION = "0.3.20";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@naylence/runtime",
3
- "version": "0.3.18",
3
+ "version": "0.3.20",
4
4
  "type": "module",
5
5
  "description": "Naylence Runtime - Complete TypeScript runtime",
6
6
  "author": "Naylence Dev <naylencedev@gmail.com>",