npm - @node-c/domain-iam - Versions diffs - 1.0.0-beta7 → 1.0.0-beta8 - Mend

@node-c/domain-iam 1.0.0-beta7 → 1.0.0-beta8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/src/services/authenticationPassthroughConsumer/iam.authenticationPassthroughConsumer.service.ts ADDED Viewed

@@ -0,0 +1,96 @@
+import {
+  AppConfigDomainIAM,
+  AppConfigDomainIAMAuthenticationStep,
+  ApplicationError,
+  ConfigProviderService,
+  LoggerService
+} from '@node-c/core';
+import ld from 'lodash';
+import {
+  IAMAuthenticationPassthroughConsumerCompleteData,
+  IAMAuthenticationPassthroughConsumerCompleteOptions,
+  IAMAuthenticationPassthroughConsumerCompleteResult,
+  IAMAuthenticationPassthroughConsumerGetUserAuthenticationConfigResult,
+  IAMAuthenticationPassthroughConsumerInitiateData,
+  IAMAuthenticationPassthroughConsumerInitiateOptions,
+  IAMAuthenticationPassthroughConsumerInitiateResult,
+  IAMAuthenticationPassthroughConsumerRefreshExternalAccessTokenData,
+  IAMAuthenticationPassthroughConsumerRefreshExternalAccessTokenResult
+} from './iam.authenticationPassthroughConsumer.definitions';
+import { IAMAuthenticationConsumerService } from '../authenticationConsumer';
+/**
+ * A service for integrating Passthrough authentication via other Node-C Apps as a consumer.
+ *
+ * This service is intended for use by the consumer environment.
+ */
+export class IAMAuthenticationPassthroughConsumerService<
+  CompleteContext extends object,
+  InitiateContext extends object
+> extends IAMAuthenticationConsumerService<CompleteContext, InitiateContext> {
+  constructor(configProvider: ConfigProviderService, logger: LoggerService, moduleName: string, serviceName: string) {
+    super(configProvider, logger, moduleName, serviceName);
+  }
+  async complete(
+    data: IAMAuthenticationPassthroughConsumerCompleteData,
+    options: IAMAuthenticationPassthroughConsumerCompleteOptions<CompleteContext>
+  ): Promise<IAMAuthenticationPassthroughConsumerCompleteResult> {
+    return super.complete(data, options) as Promise<IAMAuthenticationPassthroughConsumerCompleteResult>;
+  }
+  /**
+   * This config is intended for use by the consumer environment.
+   *
+   * User data from: provider
+   *
+   * Internal tokens from: provider
+   *
+   * External tokens from: consumer (optional)
+   *
+   * Authentication happens in: consumer
+   */
+  getUserAuthenticationConfig(): IAMAuthenticationPassthroughConsumerGetUserAuthenticationConfigResult {
+    const { configProvider, moduleName, serviceName } = this;
+    const moduleConfig = configProvider.config.domain[moduleName] as AppConfigDomainIAM;
+    const { steps } = moduleConfig.authServiceSettings![serviceName];
+    const defaultConfig: IAMAuthenticationPassthroughConsumerGetUserAuthenticationConfigResult = {
+      [AppConfigDomainIAMAuthenticationStep.Complete]: {
+        authReturnsTokens: true,
+        decodeReturnedTokens: true,
+        findUser: true,
+        findUserBeforeAuth: false,
+        findUserInExternalTokenPayloads: true,
+        useReturnedTokens: true,
+        useReturnedTokensAsLocal: false,
+        validWithoutUser: false
+      },
+      // this step simply does nothing
+      [AppConfigDomainIAMAuthenticationStep.Initiate]: {
+        findUser: false,
+        validWithoutUser: true
+      }
+    };
+    return ld.merge(defaultConfig, steps || {});
+  }
+  async initiate(
+    data: IAMAuthenticationPassthroughConsumerInitiateData,
+    options: IAMAuthenticationPassthroughConsumerInitiateOptions<InitiateContext>
+  ): Promise<IAMAuthenticationPassthroughConsumerInitiateResult> {
+    return super.initiate(data, options) as Promise<IAMAuthenticationPassthroughConsumerInitiateResult>;
+  }
+  // This method must be implemented in the child class, since the external access tokens come from the consumer.
+  async refreshExternalAccessToken(
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    _data: IAMAuthenticationPassthroughConsumerRefreshExternalAccessTokenData
+  ): Promise<IAMAuthenticationPassthroughConsumerRefreshExternalAccessTokenResult> {
+    throw new ApplicationError(
+      `[${this.moduleName}][${this.serviceName}}]: Method "refreshExternalAccessToken" not implemented.`
+    );
+  }
+}

package/src/services/authenticationPassthroughConsumer/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './iam.authenticationPassthroughConsumer.definitions';
2	+ export * from './iam.authenticationPassthroughConsumer.service';

package/src/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import {
   IAMAuthenticationCompleteData,
   IAMAuthenticationCompleteOptions,
   IAMAuthenticationCompleteResult,
-  IAMAuthenticationGetUserCreateAccessTokenConfigResult,
+  IAMAuthenticationGetUserAuthenticationConfigResult,
   IAMAuthenticationInitiateData,
   IAMAuthenticationInitiateOptions,
   IAMAuthenticationInitiateResult
@@ -15,8 +15,8 @@ export type IAMAuthenticationUserLocalCompleteOptions<Context extends object> =
 export type IAMAuthenticationUserLocalCompleteResult = IAMAuthenticationCompleteResult;
-export type IAMAuthenticationUserLocalGetUserCreateAccessTokenConfigResult =
-  IAMAuthenticationGetUserCreateAccessTokenConfigResult;
+export type IAMAuthenticationUserLocalGetUserAuthenticationConfigResult =
+  IAMAuthenticationGetUserAuthenticationConfigResult;
 export interface IAMAuthenticationUserLocalInitiateData extends IAMAuthenticationInitiateData {
   password: string;

package/src/services/authenticationUserLocal/iam.authenticationUserLocal.service.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import {
   IAMAuthenticationUserLocalCompleteData,
   IAMAuthenticationUserLocalCompleteOptions,
   IAMAuthenticationUserLocalCompleteResult,
-  IAMAuthenticationUserLocalGetUserCreateAccessTokenConfigResult,
+  IAMAuthenticationUserLocalGetUserAuthenticationConfigResult,
   IAMAuthenticationUserLocalInitiateData,
   IAMAuthenticationUserLocalInitiateOptions,
   IAMAuthenticationUserLocalInitiateResult
@@ -23,21 +23,24 @@ import {
 import { IAMAuthenticationService } from '../authentication';
 import { IAMMFAService, IAMMFAType } from '../mfa';
-// TODO: add a LocalSecret service to take care of the hashing logic and reuse it here
+/**
+ * A service for authentication using a local user and password.
+ *
+ * This service is intended for use by the consumer environment.
+ */
 export class IAMAuthenticationUserLocalService<
   CompleteContext extends object,
   InitiateContext extends object
 > extends IAMAuthenticationService<CompleteContext, InitiateContext> {
   constructor(
-    protected configProvider: ConfigProviderService,
-    protected logger: LoggerService,
-    protected moduleName: string,
-    // eslint-disable-next-line no-unused-vars
-    protected serviceName: string,
+    configProvider: ConfigProviderService,
+    logger: LoggerService,
+    moduleName: string,
+    serviceName: string,
     // eslint-disable-next-line no-unused-vars
     protected mfaServices?: Record<IAMMFAType, IAMMFAService<object, object>>
   ) {
-    super(configProvider, logger, moduleName);
+    super(configProvider, logger, moduleName, serviceName);
     this.isLocal = true;
   }
@@ -74,15 +77,16 @@ export class IAMAuthenticationUserLocalService<
     return { mfaUsed, mfaValid, valid: true };
   }
-  getUserCreateAccessTokenConfig(): IAMAuthenticationUserLocalGetUserCreateAccessTokenConfigResult {
+  getUserAuthenticationConfig(): IAMAuthenticationUserLocalGetUserAuthenticationConfigResult {
     const { configProvider, moduleName, serviceName } = this;
     const moduleConfig = configProvider.config.domain[moduleName] as AppConfigDomainIAM;
     const { steps } = moduleConfig.authServiceSettings![serviceName];
-    const defaultConfig: IAMAuthenticationUserLocalGetUserCreateAccessTokenConfigResult = {
+    const defaultConfig: IAMAuthenticationUserLocalGetUserAuthenticationConfigResult = {
       [AppConfigDomainIAMAuthenticationStep.Complete]: {
         cache: {
           settings: {
-            cacheFieldName: 'userId',
+            // we call the user's id "state" here, since "state" is also used as the cache key for the oauth2 flow
+            cacheFieldName: 'state',
             inputFieldName: 'options.context.id'
           },
           use: {
@@ -99,7 +103,8 @@ export class IAMAuthenticationUserLocalService<
             options: [{ cacheFieldName: 'context', inputFieldName: 'options.context' }]
           },
           settings: {
-            cacheFieldName: 'userId',
+            // we call the user's id "state" here, since "state" is also used as the cache key for the oauth2 flow
+            cacheFieldName: 'state',
             inputFieldName: 'options.context.id'
           }
         },

package/src/services/authenticationUserLocalConsumer/iam.authenticationUserLocalConsumer.definitions.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import {
+  IAMAuthenticationConsumerCompleteResult,
+  IAMAuthenticationConsumerInitiateResult
+} from '../authenticationConsumer';
+import {
+  IAMAuthenticationUserLocalCompleteData,
+  IAMAuthenticationUserLocalCompleteOptions,
+  IAMAuthenticationUserLocalCompleteResult,
+  IAMAuthenticationUserLocalInitiateData,
+  IAMAuthenticationUserLocalInitiateOptions,
+  IAMAuthenticationUserLocalInitiateResult
+} from '../authenticationUserLocal';
+export type IAMAuthenticationUserLocalConsumerCompleteData = IAMAuthenticationUserLocalCompleteData;
+export type IAMAuthenticationUserLocalConsumerCompleteOptions<Context extends object> =
+  IAMAuthenticationUserLocalCompleteOptions<Context>;
+export type IAMAuthenticationUserLocalConsumerCompleteResult = IAMAuthenticationUserLocalCompleteResult &
+  IAMAuthenticationConsumerCompleteResult;
+export type IAMAuthenticationUserLocalConsumerInitiateData = IAMAuthenticationUserLocalInitiateData;
+export type IAMAuthenticationUserLocalConsumerInitiateOptions<Context extends object> =
+  IAMAuthenticationUserLocalInitiateOptions<Context>;
+export type IAMAuthenticationUserLocalConsumerInitiateResult = IAMAuthenticationUserLocalInitiateResult &
+  IAMAuthenticationConsumerInitiateResult;

package/src/services/authenticationUserLocalConsumer/iam.authenticationUserLocalConsumer.service.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { ConfigProviderService, LoggerService } from '@node-c/core';
+import {
+  IAMAuthenticationUserLocalConsumerCompleteData,
+  IAMAuthenticationUserLocalConsumerCompleteOptions,
+  IAMAuthenticationUserLocalConsumerCompleteResult,
+  IAMAuthenticationUserLocalConsumerInitiateData,
+  IAMAuthenticationUserLocalConsumerInitiateOptions,
+  IAMAuthenticationUserLocalConsumerInitiateResult
+} from './iam.authenticationUserLocalConsumer.definitions';
+import { IAMAuthenticationConsumerService } from '../authenticationConsumer';
+/**
+ * A service for integrating UserLocal authentication via other Node-C Apps as a consumer.
+ *
+ * This service is intended for use by the consumer environment.
+ */
+export class IAMAuthenticationUserLocalConsumerService<
+  CompleteContext extends object,
+  InitiateContext extends object
+> extends IAMAuthenticationConsumerService<CompleteContext, InitiateContext> {
+  constructor(configProvider: ConfigProviderService, logger: LoggerService, moduleName: string, serviceName: string) {
+    super(configProvider, logger, moduleName, serviceName);
+  }
+  async complete(
+    data: IAMAuthenticationUserLocalConsumerCompleteData,
+    options: IAMAuthenticationUserLocalConsumerCompleteOptions<CompleteContext>
+  ): Promise<IAMAuthenticationUserLocalConsumerCompleteResult> {
+    return super.complete(data, options) as Promise<IAMAuthenticationUserLocalConsumerCompleteResult>;
+  }
+  async initiate(
+    data: IAMAuthenticationUserLocalConsumerInitiateData,
+    options: IAMAuthenticationUserLocalConsumerInitiateOptions<InitiateContext>
+  ): Promise<IAMAuthenticationUserLocalConsumerInitiateResult> {
+    return super.initiate(data, options) as Promise<IAMAuthenticationUserLocalConsumerInitiateResult>;
+  }
+}

package/src/services/authenticationUserLocalConsumer/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './iam.authenticationUserLocalConsumer.definitions';
2	+ export * from './iam.authenticationUserLocalConsumer.service';

package/src/services/authorization/iam.authorization.definitions.ts CHANGED Viewed

@@ -1,55 +1,54 @@
 import { GenericObject } from '@node-c/core';
-export enum AuthorizationCheckErrorCode {
+export enum IAMAuthorizationCheckErrorCode {
   // eslint-disable-next-line no-unused-vars
-  FGANoAccessToModule = 'FGA_NO_ACCESS',
+  FGANoAccess = 'FGA_NO_ACCESS',
   // eslint-disable-next-line no-unused-vars
   RBACNoAccessToModule = 'RBAC_NO_ACCESS_TO_MODULE',
   // eslint-disable-next-line no-unused-vars
   RBACNoAccessToResource = 'RBAC_NO_ACCESS_TO_RESOURCE'
 }
-export interface AuthorizationPoint<Id> {
-  allowedInputData?: GenericObject;
-  allowedOutputData?: GenericObject;
-  forbiddenInputData?: GenericObject;
-  forbiddenOutputData?: GenericObject;
-  id: Id;
-  inputDataFieldName?: string;
-  moduleName: string;
-  name: string;
-  requiredStaticData?: GenericObject;
-  resources?: string[];
-  // required when resources is set
-  resourceContext?: string;
-  userFieldName?: string;
-  // userTypes: GenericObject[];
-}
-export interface AuthorizationStaticCheckAccessOptions {
+export interface IAMAuthorizationStaticCheckAccessOptions {
   moduleName: string;
   resource?: string;
   resourceContext?: string;
 }
-export interface AuthorizationStaticCheckAccessResult {
-  authorizationPoints: GenericObject<AuthorizationPoint<unknown>>;
-  errorCode?: AuthorizationCheckErrorCode;
+export interface IAMAuthorizationStaticCheckAccessResult {
+  errorCode?: IAMAuthorizationCheckErrorCode;
   hasAccess: boolean;
   inputDataToBeMutated: GenericObject;
   noMatchForResource: boolean;
+  permissions: GenericObject<IAMPermission<unknown>>;
 }
-export interface AuthorizationUser<AuthorizationPointId> {
-  currentAuthorizationPoints: GenericObject<AuthorizationPoint<AuthorizationPointId>>;
+export interface IAMAuthorizationUser<PermissionId> {
+  currentPermissions: GenericObject<IAMPermission<PermissionId>>;
 }
-export interface AuthorizeApiKeyData {
+export interface IAMAuthorizeApiKeyData {
   apiKey: string;
   signature?: string;
   signatureContent?: string;
 }
-export interface AuthorizeApiKeyOptions {
+export interface IAMAuthorizeApiKeyOptions {
   config: { apiKey?: string; apiSecret?: string; apiSecretAlgorithm?: string };
 }
+export interface IAMPermission<Id> {
+  allowedInputData?: GenericObject;
+  allowedOutputData?: GenericObject;
+  forbiddenInputData?: GenericObject;
+  forbiddenOutputData?: GenericObject;
+  id: Id;
+  inputDataFieldName?: string;
+  moduleName: string;
+  name: string;
+  requiredStaticData?: GenericObject;
+  resources?: string[];
+  // required when resources is set
+  resourceContext?: string;
+  userFieldName?: string;
+}

package/src/services/authorization/iam.authorization.service.ts CHANGED Viewed

@@ -1,55 +1,32 @@
 import crypto from 'crypto';
-import {
-  ApplicationError,
-  DataEntityService,
-  DomainEntityService,
-  DomainEntityServiceDefaultData,
-  DomainMethod,
-  GenericObject,
-  LoggerService,
-  getNested,
-  setNested
-} from '@node-c/core';
+import { ApplicationError, GenericObject, LoggerService, getNested, setNested } from '@node-c/core';
 import ld from 'lodash';
 import {
-  AuthorizationCheckErrorCode,
-  AuthorizationStaticCheckAccessOptions,
-  AuthorizationStaticCheckAccessResult,
-  AuthorizationUser,
-  AuthorizeApiKeyData,
-  AuthorizeApiKeyOptions,
-  AuthorizationPoint as BaseAuthorizationPoint
+  IAMAuthorizationCheckErrorCode,
+  IAMAuthorizationStaticCheckAccessOptions,
+  IAMAuthorizationStaticCheckAccessResult,
+  IAMAuthorizationUser,
+  IAMAuthorizeApiKeyData,
+  IAMAuthorizeApiKeyOptions,
+  IAMPermission
 } from './iam.authorization.definitions';
 import { DecodedTokenContent, IAMTokenManagerService } from '../tokenManager';
 export class IAMAuthorizationService<
-  AuthorizationPoint extends BaseAuthorizationPoint<unknown> = BaseAuthorizationPoint<unknown>,
-  Data extends DomainEntityServiceDefaultData<Partial<AuthorizationPoint>> = DomainEntityServiceDefaultData<
-    Partial<AuthorizationPoint>
-  >,
   TokenManager extends IAMTokenManagerService<object> = IAMTokenManagerService<object>
-> extends DomainEntityService<
-  AuthorizationPoint,
-  DataEntityService<AuthorizationPoint>,
-  Data,
-  Record<string, DataEntityService<Partial<AuthorizationPoint>>> | undefined
 > {
   constructor(
-    protected dataAuthorizationPointsService: DataEntityService<AuthorizationPoint>,
-    protected defaultMethods: string[] = [DomainMethod.Find],
+    // eslint-disable-next-line no-unused-vars
     protected logger: LoggerService,
-    protected additionalDataEntityServices?: GenericObject<DataEntityService<Partial<AuthorizationPoint>>>,
     // eslint-disable-next-line no-unused-vars
     protected tokenManager?: TokenManager
-  ) {
-    super(dataAuthorizationPointsService, defaultMethods, logger, additionalDataEntityServices);
-  }
+  ) {}
-  async authorizeApiKey(data: AuthorizeApiKeyData, options: AuthorizeApiKeyOptions): Promise<{ valid: boolean }> {
+  async authorizeApiKey(data: IAMAuthorizeApiKeyData, options: IAMAuthorizeApiKeyOptions): Promise<{ valid: boolean }> {
     const { logger } = this;
     const { apiKey, signature, signatureContent } = data;
     const {
@@ -84,8 +61,6 @@ export class IAMAuthorizationService<
     return { valid: true };
   }
-  // TODO: decouple from users
-  // TODO: use an idToken, rather than an accessToken, for the permissions
   async authorizeBearer<UserTokenEnityFields = unknown>(
     data: { authToken?: string; refreshToken?: string },
     options?: { identifierDataField?: string }
@@ -104,7 +79,7 @@ export class IAMAuthorizationService<
       return { valid: false };
     }
     if (!authToken) {
-      logger.error('Missing auth token.');
+      logger.error('Missing authorization token.');
       return { valid: false };
     }
     let newAccessToken: string | undefined;
@@ -113,12 +88,12 @@ export class IAMAuthorizationService<
     let tokenContent: DecodedTokenContent<UserTokenEnityFields> | undefined;
     try {
       const tokenRes = await tokenManager.verifyAccessToken(authToken, {
+        accessTokenDataRefreshTokenField: 'refreshToken',
         deleteFromStoreIfExpired: true,
         identifierDataField,
         persistNewToken: true,
         purgeStoreOnRenew: true,
-        refreshToken,
-        refreshTokenAccessTokenIdentifierDataField: 'accessToken'
+        refreshToken
       });
       tokenContent = tokenRes.content as unknown as DecodedTokenContent<UserTokenEnityFields>;
       if (tokenRes.newAccessToken) {
@@ -143,9 +118,9 @@ export class IAMAuthorizationService<
   static checkAccess<InputData = GenericObject>(
     inputData: InputData,
-    user: AuthorizationUser<unknown>,
-    options: AuthorizationStaticCheckAccessOptions
-  ): AuthorizationStaticCheckAccessResult {
+    user: IAMAuthorizationUser<unknown>,
+    options: IAMAuthorizationStaticCheckAccessOptions
+  ): IAMAuthorizationStaticCheckAccessResult {
     const { moduleName, resourceContext, resource } = options;
     let hasResource = false;
     if (resource) {
@@ -156,22 +131,22 @@ export class IAMAuthorizationService<
       }
       hasResource = true;
     }
-    // check the access to the found authorization points
+    // check the access to the found permissions
     const mutatedInputData = ld.cloneDeep(inputData);
-    const usedAuthorizationPoints: GenericObject<BaseAuthorizationPoint<unknown>> = {};
-    const { currentAuthorizationPoints } = user;
-    let authorizationPointsCount = 0;
-    let authorizationPointsForDifferentModules = 0;
-    let authorizationPointsForDifferentContexts = 0;
+    const usedPermissions: GenericObject<IAMPermission<unknown>> = {};
+    const { currentPermissions } = user;
     let hasAccess = false;
     let inputDataToBeMutated: GenericObject = {};
     let noMatchForResource = false;
-    for (const apId in currentAuthorizationPoints) {
-      const apData = currentAuthorizationPoints[apId];
-      authorizationPointsCount++;
+    let permissionsCount = 0;
+    let permissionsForDifferentModules = 0;
+    let permissionsForDifferentContexts = 0;
+    for (const apId in currentPermissions) {
+      const apData = currentPermissions[apId];
+      permissionsCount++;
       // RBAC - check whether the user has general access to the module.
       if (moduleName !== apData.moduleName) {
-        authorizationPointsForDifferentModules++;
+        permissionsForDifferentModules++;
         continue;
       }
       // RBAC - check whether the user has general access to the resource.
@@ -181,7 +156,7 @@ export class IAMAuthorizationService<
           apData.resourceContext !== resourceContext ||
           !apData.resources?.includes(resource!))
       ) {
-        authorizationPointsForDifferentContexts++;
+        permissionsForDifferentContexts++;
         continue;
       }
       // FGA - check whether the user has access based on specific input and user fields.
@@ -264,22 +239,22 @@ export class IAMAuthorizationService<
         }
       }
       inputDataToBeMutated = ld.merge(inputDataToBeMutated, innerInputDataToBeMutated);
-      usedAuthorizationPoints[apId] = apData;
+      usedPermissions[apId] = apData;
       break;
     }
-    const returnData: AuthorizationStaticCheckAccessResult = {
-      authorizationPoints: usedAuthorizationPoints,
+    const returnData: IAMAuthorizationStaticCheckAccessResult = {
       hasAccess,
       inputDataToBeMutated,
-      noMatchForResource
+      noMatchForResource,
+      permissions: usedPermissions
     };
     if (!hasAccess) {
-      if (authorizationPointsForDifferentModules === authorizationPointsCount) {
-        returnData.errorCode = AuthorizationCheckErrorCode.RBACNoAccessToModule;
-      } else if (authorizationPointsForDifferentContexts === authorizationPointsCount) {
-        returnData.errorCode = AuthorizationCheckErrorCode.RBACNoAccessToResource;
+      if (!permissionsCount || permissionsForDifferentModules === permissionsCount) {
+        returnData.errorCode = IAMAuthorizationCheckErrorCode.RBACNoAccessToModule;
+      } else if (permissionsForDifferentContexts === permissionsCount) {
+        returnData.errorCode = IAMAuthorizationCheckErrorCode.RBACNoAccessToResource;
       } else {
-        returnData.errorCode = AuthorizationCheckErrorCode.FGANoAccessToModule;
+        returnData.errorCode = IAMAuthorizationCheckErrorCode.FGANoAccess;
       }
     }
     return returnData;
@@ -338,15 +313,15 @@ export class IAMAuthorizationService<
   }
   static processOutputData(
-    authorizationPoints: { [id: number]: BaseAuthorizationPoint<unknown> },
+    permissions: { [id: number]: IAMPermission<unknown> },
     outputData: GenericObject
   ): {
     outputDataToBeMutated: GenericObject;
   } {
     const mutatedOutputData = ld.cloneDeep(outputData);
     let outputDataToBeMutated: GenericObject = {};
-    for (const apId in authorizationPoints) {
-      const apData = authorizationPoints[apId];
+    for (const apId in permissions) {
+      const apData = permissions[apId];
       const { allowedOutputData, forbiddenOutputData } = apData;
       const innerMutatedOutputData = ld.cloneDeep(mutatedOutputData);
       const innerOutputDataToBeMutated: GenericObject = {};

package/src/services/index.ts CHANGED Viewed

@@ -1,7 +1,13 @@
 export * from './authentication';
+export * from './authenticationConsumer';
+export * from './authenticationManager';
 export * from './authenticationOAuth2';
+export * from './authenticationOAuth2Consumer';
+export * from './authenticationPassthrough';
+export * from './authenticationPassthroughConsumer';
 export * from './authenticationUserLocal';
+export * from './authenticationUserLocalConsumer';
 export * from './authorization';
 export * from './mfa';
 export * from './tokenManager';
-export * from './userManager';
+export * from './users';

package/src/services/tokenManager/iam.tokenManager.definitions.ts CHANGED Viewed

@@ -8,8 +8,10 @@ export interface BaseTokenEntityFields {
 }
 export type DecodedTokenContent<TokenEntityFields> = {
+  aud: string;
   exp?: number;
   iat: number;
+  iss: string;
   data?: TokenEntityFields & BaseTokenEntityFields;
 };
@@ -30,6 +32,7 @@ export type TokenManagerCreateOptions = {
   purgeOldFromData?: boolean;
   tokenContentOnlyFields?: string[];
   ttl?: number;
+  useExternalTokenAsLocal?: boolean;
 } & DomainCreateOptions;
 export enum TokenType {
@@ -48,13 +51,13 @@ export interface TokenManagerVerifyResult<TokenEntityFields> {
 }
 export interface VerifyAccessTokenOptions {
+  accessTokenDataRefreshTokenField?: string;
   deleteFromStoreIfExpired?: boolean;
   identifierDataField?: string;
   newAccessTokenExpiresInMinutes?: number;
   persistNewToken?: boolean;
   purgeStoreOnRenew?: boolean;
   refreshToken?: string;
-  refreshTokenAccessTokenIdentifierDataField?: string;
 }
 export interface VerifyAccessTokenReturnData<TokenEntityFields> {