@opentdf/sdk 0.13.0 → 0.14.0-beta.131
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -10
- package/dist/cjs/src/access/access-rpc.js +6 -5
- package/dist/cjs/src/access.js +18 -5
- package/dist/cjs/src/auth/interceptors.js +186 -0
- package/dist/cjs/src/auth/oidc.js +5 -3
- package/dist/cjs/src/auth/token-providers.js +247 -0
- package/dist/cjs/src/index.js +16 -2
- package/dist/cjs/src/opentdf.js +40 -32
- package/dist/cjs/src/platform/authorization/entity-identifiers.js +88 -0
- package/dist/cjs/src/platform.js +3 -46
- package/dist/cjs/src/policy/api.js +9 -5
- package/dist/cjs/src/policy/discovery.js +10 -9
- package/dist/cjs/src/version.js +1 -1
- package/dist/cjs/tdf3/src/client/index.js +35 -17
- package/dist/cjs/tdf3/src/tdf.js +8 -7
- package/dist/types/src/access/access-rpc.d.ts +3 -3
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +3 -3
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/interceptors.d.ts +99 -0
- package/dist/types/src/auth/interceptors.d.ts.map +1 -0
- package/dist/types/src/auth/oidc.d.ts +1 -1
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/token-providers.d.ts +100 -0
- package/dist/types/src/auth/token-providers.d.ts.map +1 -0
- package/dist/types/src/index.d.ts +3 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +18 -15
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/platform/authorization/entity-identifiers.d.ts +41 -0
- package/dist/types/src/platform/authorization/entity-identifiers.d.ts.map +1 -0
- package/dist/types/src/platform.d.ts +6 -3
- package/dist/types/src/platform.d.ts.map +1 -1
- package/dist/types/src/policy/api.d.ts +3 -3
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +5 -5
- package/dist/types/src/policy/discovery.d.ts.map +1 -1
- package/dist/types/src/version.d.ts +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +10 -1
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +5 -2
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/web/src/access/access-rpc.js +6 -5
- package/dist/web/src/access.js +18 -5
- package/dist/web/src/auth/interceptors.js +142 -0
- package/dist/web/src/auth/oidc.js +5 -3
- package/dist/web/src/auth/token-providers.js +242 -0
- package/dist/web/src/index.js +4 -1
- package/dist/web/src/opentdf.js +40 -32
- package/dist/web/src/platform/authorization/entity-identifiers.js +81 -0
- package/dist/web/src/platform.js +3 -46
- package/dist/web/src/policy/api.js +9 -5
- package/dist/web/src/policy/discovery.js +10 -9
- package/dist/web/src/version.js +1 -1
- package/dist/web/tdf3/src/client/index.js +35 -17
- package/dist/web/tdf3/src/tdf.js +8 -7
- package/package.json +1 -1
- package/src/access/access-rpc.ts +5 -5
- package/src/access.ts +29 -13
- package/src/auth/interceptors.ts +197 -0
- package/src/auth/oidc.ts +5 -3
- package/src/auth/token-providers.ts +303 -0
- package/src/index.ts +25 -0
- package/src/opentdf.ts +54 -34
- package/src/platform/authorization/entity-identifiers.ts +102 -0
- package/src/platform.ts +8 -52
- package/src/policy/api.ts +8 -5
- package/src/policy/discovery.ts +9 -9
- package/src/version.ts +1 -1
- package/tdf3/src/client/index.ts +46 -17
- package/tdf3/src/tdf.ts +14 -11
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { KasPublicKeyAlgorithm, KasPublicKeyInfo, OriginAllowList } from '../access.js';
|
|
2
|
-
import { type
|
|
2
|
+
import { type AuthConfig } from '../auth/interceptors.js';
|
|
3
3
|
import { RewrapResponse } from '../platform/kas/kas_pb.js';
|
|
4
4
|
/**
|
|
5
5
|
* Get a rewrapped access key to the document, if possible
|
|
@@ -9,10 +9,10 @@ import { RewrapResponse } from '../platform/kas/kas_pb.js';
|
|
|
9
9
|
* @param rewrapAdditionalContextHeader optional value for 'X-Rewrap-Additional-Context'
|
|
10
10
|
* @param clientVersion
|
|
11
11
|
*/
|
|
12
|
-
export declare function fetchWrappedKey(url: string, signedRequestToken: string,
|
|
12
|
+
export declare function fetchWrappedKey(url: string, signedRequestToken: string, auth: AuthConfig, rewrapAdditionalContextHeader?: string): Promise<RewrapResponse>;
|
|
13
13
|
export declare function handleRpcRewrapError(e: unknown, platformUrl: string): never;
|
|
14
14
|
export declare function handleRpcRewrapErrorString(e: string, platformUrl: string, requiredObligations?: string[]): never;
|
|
15
|
-
export declare function fetchKeyAccessServers(platformUrl: string,
|
|
15
|
+
export declare function fetchKeyAccessServers(platformUrl: string, auth: AuthConfig): Promise<OriginAllowList>;
|
|
16
16
|
export declare function fetchKasPubKey(kasEndpoint: string, algorithm?: KasPublicKeyAlgorithm): Promise<KasPublicKeyInfo>;
|
|
17
17
|
/**
|
|
18
18
|
* Fetch the base public key from WellKnownConfiguration of the platform.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access-rpc.d.ts","sourceRoot":"","sources":["../../../../src/access/access-rpc.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAChB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,KAAK,
|
|
1
|
+
{"version":3,"file":"access-rpc.d.ts","sourceRoot":"","sources":["../../../../src/access/access-rpc.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAChB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,KAAK,UAAU,EAAuB,MAAM,yBAAyB,CAAC;AAU/E,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAU3D;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,MAAM,EACX,kBAAkB,EAAE,MAAM,EAC1B,IAAI,EAAE,UAAU,EAChB,6BAA6B,CAAC,EAAE,MAAM,GACrC,OAAO,CAAC,cAAc,CAAC,CAgBzB;AAED,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,GAAG,KAAK,CAwB3E;AAED,wBAAgB,0BAA0B,CACxC,CAAC,EAAE,MAAM,EACT,WAAW,EAAE,MAAM,EACnB,mBAAmB,CAAC,EAAE,MAAM,EAAE,GAC7B,KAAK,CA8BP;AAED,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,eAAe,CAAC,CA8B1B;AA2BD,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,qBAAqB,GAChC,OAAO,CAAC,gBAAgB,CAAC,CA0B3B;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA6BvF"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type
|
|
1
|
+
import { type AuthConfig } from './auth/interceptors.js';
|
|
2
2
|
import { RewrapResponse } from './platform/kas/kas_pb.js';
|
|
3
3
|
/**
|
|
4
4
|
* Header value structure for 'X-Rewrap-Additional-Context`
|
|
@@ -19,7 +19,7 @@ export type RewrapRequest = {
|
|
|
19
19
|
* @param fulfillableObligationFQNs client-configured list of obligation value FQNs that can be fulfilled in this PEP
|
|
20
20
|
* @param clientVersion
|
|
21
21
|
*/
|
|
22
|
-
export declare function fetchWrappedKey(url: string, signedRequestToken: string,
|
|
22
|
+
export declare function fetchWrappedKey(url: string, signedRequestToken: string, auth: AuthConfig, fulfillableObligationFQNs: string[]): Promise<RewrapResponse>;
|
|
23
23
|
/**
|
|
24
24
|
* Transform fulfillable, fully-qualified obligations into the expected KAS Rewrap 'X-Rewrap-Additional-Context' header value.
|
|
25
25
|
* @param fulfillableObligationValueFQNs
|
|
@@ -49,7 +49,7 @@ export type KasPublicKeyInfo = {
|
|
|
49
49
|
* @param authProvider The authentication provider to use for the request.
|
|
50
50
|
* @returns A promise that resolves to an OriginAllowList.
|
|
51
51
|
*/
|
|
52
|
-
export declare function fetchKeyAccessServers(platformUrl: string,
|
|
52
|
+
export declare function fetchKeyAccessServers(platformUrl: string, auth: AuthConfig): Promise<OriginAllowList>;
|
|
53
53
|
/**
|
|
54
54
|
* Fetch the EC (secp256r1) public key for a KAS endpoint.
|
|
55
55
|
* @param kasEndpoint The KAS endpoint URL.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../../src/access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,
|
|
1
|
+
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../../src/access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAc1D;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,WAAW,EAAE;QACX,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,MAAM,EACX,kBAAkB,EAAE,MAAM,EAC1B,IAAI,EAAE,UAAU,EAChB,yBAAyB,EAAE,MAAM,EAAE,GAClC,OAAO,CAAC,cAAc,CAAC,CA6BzB;AAED;;;GAGG;AACH,eAAO,MAAM,6BAA6B,GACxC,gCAAgC,MAAM,EAAE,KACvC,MAAM,GAAG,SASX,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAC7B,cAAc,GACd,cAAc,GACd,cAAc,GACd,UAAU,GACV,UAAU,CAAC;AAEf,eAAO,MAAM,oBAAoB,GAAI,GAAG,MAAM,KAAG,CAAC,IAAI,qBAErD,CAAC;AAEF,eAAO,MAAM,gCAAgC,GAAI,GAAG,SAAS,KAAG,qBA8B/D,CAAC;AAEF,eAAO,MAAM,uBAAuB,GAAI,GAAG,qBAAqB,KAAG,MAelE,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,4DAA4D;IAC5D,GAAG,EAAE,MAAM,CAAC;IAEZ,2DAA2D;IAC3D,SAAS,EAAE,qBAAqB,CAAC;IAEjC,oEAAoE;IACpE,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,eAAe,CAAC,CAY1B;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAErF;AAED;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,qBAAqB,GAChC,OAAO,CAAC,gBAAgB,CAAC,CAW3B;AAWD;;;;;;;;GAQG;AACH,qBAAa,eAAe;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;gBACN,IAAI,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,OAAO;IAK9C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;CAM7B"}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
2
|
+
export type { Interceptor } from '@connectrpc/connect';
|
|
3
|
+
import { type CryptoService, type KeyPair } from '../../tdf3/src/crypto/declarations.js';
|
|
4
|
+
import { type AuthProvider } from './auth.js';
|
|
5
|
+
/**
|
|
6
|
+
* A function that returns a valid access token string.
|
|
7
|
+
* Called per-request; implementations should handle caching/refresh internally.
|
|
8
|
+
*/
|
|
9
|
+
export type TokenProvider = () => Promise<string>;
|
|
10
|
+
/**
|
|
11
|
+
* Options for creating a DPoP-aware auth interceptor.
|
|
12
|
+
*/
|
|
13
|
+
export type DPoPInterceptorOptions = {
|
|
14
|
+
/** Function that returns a valid access token (may cache/refresh internally). */
|
|
15
|
+
tokenProvider: TokenProvider;
|
|
16
|
+
/** DPoP signing key pair. If omitted, one is generated automatically. */
|
|
17
|
+
dpopKeys?: KeyPair | Promise<KeyPair>;
|
|
18
|
+
/** CryptoService for signing. Defaults to DefaultCryptoService. */
|
|
19
|
+
cryptoService?: CryptoService;
|
|
20
|
+
};
|
|
21
|
+
/**
|
|
22
|
+
* A DPoP interceptor that also exposes the resolved signing key pair.
|
|
23
|
+
* TDF encrypt/decrypt needs these keys for request body signing (reqSignature).
|
|
24
|
+
*/
|
|
25
|
+
export type DPoPInterceptor = Interceptor & {
|
|
26
|
+
/** The resolved DPoP key pair, for use in TDF request token signing. */
|
|
27
|
+
readonly dpopKeys: Promise<KeyPair>;
|
|
28
|
+
};
|
|
29
|
+
/**
|
|
30
|
+
* Creates a simple bearer-token interceptor.
|
|
31
|
+
* Calls `tokenProvider()` per-request and sets the `Authorization` header.
|
|
32
|
+
*
|
|
33
|
+
* @param tokenProvider Function returning a valid access token.
|
|
34
|
+
* @returns A Connect RPC Interceptor.
|
|
35
|
+
*
|
|
36
|
+
* @example
|
|
37
|
+
* ```ts
|
|
38
|
+
* const opentdf = new OpenTDF({
|
|
39
|
+
* interceptors: [authTokenInterceptor(() => myAuth.getAccessToken())],
|
|
40
|
+
* platformUrl: '/api',
|
|
41
|
+
* });
|
|
42
|
+
* ```
|
|
43
|
+
*/
|
|
44
|
+
export declare function authTokenInterceptor(tokenProvider: TokenProvider): Interceptor;
|
|
45
|
+
/**
|
|
46
|
+
* Creates a DPoP-aware auth interceptor.
|
|
47
|
+
* Per-request: gets token, generates DPoP proof JWT, sets Authorization + DPoP + X-VirtruPubKey headers.
|
|
48
|
+
* Exposes `dpopKeys` for TDF request body signing.
|
|
49
|
+
*
|
|
50
|
+
* @param options DPoP interceptor configuration.
|
|
51
|
+
* @returns A DPoP interceptor with an exposed `dpopKeys` promise.
|
|
52
|
+
*
|
|
53
|
+
* @example
|
|
54
|
+
* ```ts
|
|
55
|
+
* const dpopInterceptor = authTokenDPoPInterceptor({
|
|
56
|
+
* tokenProvider: () => myAuth.getAccessToken(),
|
|
57
|
+
* });
|
|
58
|
+
* const opentdf = new OpenTDF({
|
|
59
|
+
* interceptors: [dpopInterceptor],
|
|
60
|
+
* dpopKeys: dpopInterceptor.dpopKeys,
|
|
61
|
+
* platformUrl: '/api',
|
|
62
|
+
* });
|
|
63
|
+
* ```
|
|
64
|
+
*/
|
|
65
|
+
export declare function authTokenDPoPInterceptor(options: DPoPInterceptorOptions): DPoPInterceptor;
|
|
66
|
+
/**
|
|
67
|
+
* Creates an interceptor that bridges an existing AuthProvider to the Interceptor pattern.
|
|
68
|
+
* Use this for backwards compatibility when migrating from AuthProvider to interceptors.
|
|
69
|
+
*
|
|
70
|
+
* @param authProvider The legacy AuthProvider to bridge.
|
|
71
|
+
* @returns A Connect RPC Interceptor.
|
|
72
|
+
*/
|
|
73
|
+
export declare function authProviderInterceptor(authProvider: AuthProvider): Interceptor;
|
|
74
|
+
/**
|
|
75
|
+
* Auth configuration: either a legacy AuthProvider or an object with interceptors.
|
|
76
|
+
*/
|
|
77
|
+
export type AuthConfig = AuthProvider | {
|
|
78
|
+
interceptors: Interceptor[];
|
|
79
|
+
};
|
|
80
|
+
/**
|
|
81
|
+
* Type guard for AuthConfig with interceptors.
|
|
82
|
+
*/
|
|
83
|
+
export declare function isInterceptorConfig(auth: AuthConfig): auth is {
|
|
84
|
+
interceptors: Interceptor[];
|
|
85
|
+
};
|
|
86
|
+
/**
|
|
87
|
+
* Resolves an AuthConfig into interceptors for use with PlatformClient.
|
|
88
|
+
* If the config is an AuthProvider, it is bridged via authProviderInterceptor.
|
|
89
|
+
*/
|
|
90
|
+
export declare function resolveInterceptors(auth: AuthConfig): Interceptor[];
|
|
91
|
+
/**
|
|
92
|
+
* Resolves an AuthConfig into both interceptors and an optional AuthProvider.
|
|
93
|
+
* The AuthProvider is available for legacy code paths that need withCreds().
|
|
94
|
+
*/
|
|
95
|
+
export declare function resolveAuthConfig(auth: AuthConfig): {
|
|
96
|
+
interceptors: Interceptor[];
|
|
97
|
+
authProvider?: AuthProvider;
|
|
98
|
+
};
|
|
99
|
+
//# sourceMappingURL=interceptors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"interceptors.d.ts","sourceRoot":"","sources":["../../../../src/auth/interceptors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,YAAY,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,OAAO,EAAE,MAAM,uCAAuC,CAAC;AAGzF,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,WAAW,CAAC;AAG9C;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;AAElD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,iFAAiF;IACjF,aAAa,EAAE,aAAa,CAAC;IAC7B,yEAAyE;IACzE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACtC,mEAAmE;IACnE,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG;IAC1C,wEAAwE;IACxE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CACrC,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,aAAa,GAAG,WAAW,CAM9E;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,sBAAsB,GAAG,eAAe,CAkCzF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,YAAY,GAAG,WAAW,CAmC/E;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG;IAAE,YAAY,EAAE,WAAW,EAAE,CAAA;CAAE,CAAC;AAExE;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,IAAI;IAAE,YAAY,EAAE,WAAW,EAAE,CAAA;CAAE,CAE7F;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,UAAU,GAAG,WAAW,EAAE,CAKnE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG;IACnD,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,CAQA"}
|
|
@@ -6,7 +6,7 @@ import { type CryptoService, type KeyPair } from '../../tdf3/src/crypto/declarat
|
|
|
6
6
|
export type CommonCredentials = {
|
|
7
7
|
/** The OIDC client ID used for token issuance and exchange flows */
|
|
8
8
|
clientId: string;
|
|
9
|
-
/** The endpoint of the OIDC IdP to authenticate against, ex. 'https://
|
|
9
|
+
/** The endpoint of the OIDC IdP to authenticate against, ex. 'https://keycloak.opentdf.local/auth' */
|
|
10
10
|
oidcOrigin: string;
|
|
11
11
|
oidcTokenEndpoint?: string;
|
|
12
12
|
oidcUserInfoEndpoint?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../../src/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAe,MAAM,WAAW,CAAC;AAIrD,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,OAAO,EAAE,MAAM,uCAAuC,CAAC;AAEzF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,oEAAoE;IACpE,QAAQ,EAAE,MAAM,CAAC;IACjB,
|
|
1
|
+
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../../src/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAe,MAAM,WAAW,CAAC;AAIrD,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,OAAO,EAAE,MAAM,uCAAuC,CAAC;AAEzF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,oEAAoE;IACpE,QAAQ,EAAE,MAAM,CAAC;IACjB,sGAAsG;IACtG,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,sCAAsC;IACtC,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,2HAA2H;IAC3H,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,iBAAiB,GAAG;IACxD,QAAQ,EAAE,QAAQ,CAAC;IACnB,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,iBAAiB,GAAG;IACxD,QAAQ,EAAE,SAAS,CAAC;IACpB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG,iBAAiB,GAAG;IACvD,QAAQ,EAAE,UAAU,CAAC;IACrB,yCAAyC;IACzC,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,eAAe,GACvB,uBAAuB,GACvB,sBAAsB,GACtB,uBAAuB,CAAC;AAI5B,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,WAAW;IACtB,MAAM,EAAE,eAAe,CAAC;IAExB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAExE,IAAI,CAAC,EAAE,mBAAmB,CAAC;IAE3B,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IAEzB,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAM;IAE1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,aAAa,EAAE,aAAa,CAAC;gBAEjB,GAAG,EAAE,eAAe,EAAE,aAAa,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,OAAO,KAAK;IA8BtF;;;;OAIG;IACG,IAAI,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA0B3C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAwB7C,iBAAiB,CAAC,GAAG,EAAE,eAAe;IAqC5C;;;;OAIG;IACG,GAAG,CAAC,QAAQ,UAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B3C;;;;;;OAMG;IACG,0CAA0C,CAAC,UAAU,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAWpF;;OAEG;IACG,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC;IAwB1C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;CAqB5D"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
import { type TokenProvider } from './interceptors.js';
|
|
2
|
+
/**
|
|
3
|
+
* Options for client credentials token provider.
|
|
4
|
+
*
|
|
5
|
+
* **Not for browser use.** Client secrets must not be exposed in client-side code.
|
|
6
|
+
* Use this only in server-side (Node.js/Deno) environments.
|
|
7
|
+
*/
|
|
8
|
+
export type ClientCredentialsTokenProviderOptions = {
|
|
9
|
+
/** OIDC client ID. */
|
|
10
|
+
clientId: string;
|
|
11
|
+
/** OIDC client secret. */
|
|
12
|
+
clientSecret: string;
|
|
13
|
+
/** OIDC IdP origin, e.g. 'http://localhost:8080/auth/realms/opentdf'. */
|
|
14
|
+
oidcOrigin: string;
|
|
15
|
+
/** Override the token endpoint (defaults to `${oidcOrigin}/protocol/openid-connect/token`). */
|
|
16
|
+
oidcTokenEndpoint?: string;
|
|
17
|
+
};
|
|
18
|
+
/**
|
|
19
|
+
* Options for refresh token provider.
|
|
20
|
+
*/
|
|
21
|
+
export type RefreshTokenProviderOptions = {
|
|
22
|
+
/** OIDC client ID. */
|
|
23
|
+
clientId: string;
|
|
24
|
+
/** Refresh token obtained from a prior login flow. */
|
|
25
|
+
refreshToken: string;
|
|
26
|
+
/** OIDC IdP origin, e.g. 'http://localhost:8080/auth/realms/opentdf'. */
|
|
27
|
+
oidcOrigin: string;
|
|
28
|
+
/** Override the token endpoint. */
|
|
29
|
+
oidcTokenEndpoint?: string;
|
|
30
|
+
};
|
|
31
|
+
/**
|
|
32
|
+
* Options for external JWT token provider (RFC 8693 token exchange).
|
|
33
|
+
*/
|
|
34
|
+
export type ExternalJwtTokenProviderOptions = {
|
|
35
|
+
/** OIDC client ID. */
|
|
36
|
+
clientId: string;
|
|
37
|
+
/** External JWT to exchange. */
|
|
38
|
+
externalJwt: string;
|
|
39
|
+
/** OIDC IdP origin, e.g. 'http://localhost:8080/auth/realms/opentdf'. */
|
|
40
|
+
oidcOrigin: string;
|
|
41
|
+
/** Override the token endpoint. */
|
|
42
|
+
oidcTokenEndpoint?: string;
|
|
43
|
+
};
|
|
44
|
+
/**
|
|
45
|
+
* Creates a TokenProvider that obtains tokens via the OAuth2 client credentials grant.
|
|
46
|
+
* Tokens are cached and automatically refreshed when expired.
|
|
47
|
+
*
|
|
48
|
+
* **Not for browser use.** Client secrets must not be exposed in client-side code.
|
|
49
|
+
* Use this only in server-side (Node.js/Deno) environments.
|
|
50
|
+
*
|
|
51
|
+
* @example
|
|
52
|
+
* ```ts
|
|
53
|
+
* const client = new OpenTDF({
|
|
54
|
+
* interceptors: [authTokenInterceptor(clientCredentialsTokenProvider({
|
|
55
|
+
* clientId: 'opentdf',
|
|
56
|
+
* clientSecret: 'secret',
|
|
57
|
+
* oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
|
|
58
|
+
* }))],
|
|
59
|
+
* platformUrl: 'http://localhost:8080',
|
|
60
|
+
* });
|
|
61
|
+
* ```
|
|
62
|
+
*/
|
|
63
|
+
export declare function clientCredentialsTokenProvider(options: ClientCredentialsTokenProviderOptions): TokenProvider;
|
|
64
|
+
/**
|
|
65
|
+
* Creates a TokenProvider that uses a refresh token to obtain access tokens.
|
|
66
|
+
* On the first call, exchanges the refresh token. Subsequent calls use the
|
|
67
|
+
* latest refresh token from the IdP response.
|
|
68
|
+
*
|
|
69
|
+
* @example
|
|
70
|
+
* ```ts
|
|
71
|
+
* const client = new OpenTDF({
|
|
72
|
+
* interceptors: [authTokenInterceptor(refreshTokenProvider({
|
|
73
|
+
* clientId: 'my-app',
|
|
74
|
+
* refreshToken: 'refresh-token-from-login',
|
|
75
|
+
* oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
|
|
76
|
+
* }))],
|
|
77
|
+
* platformUrl: 'http://localhost:8080',
|
|
78
|
+
* });
|
|
79
|
+
* ```
|
|
80
|
+
*/
|
|
81
|
+
export declare function refreshTokenProvider(options: RefreshTokenProviderOptions): TokenProvider;
|
|
82
|
+
/**
|
|
83
|
+
* Creates a TokenProvider that exchanges an external JWT for a platform token
|
|
84
|
+
* via RFC 8693 token exchange. After the initial exchange, uses the refresh
|
|
85
|
+
* token for subsequent calls.
|
|
86
|
+
*
|
|
87
|
+
* @example
|
|
88
|
+
* ```ts
|
|
89
|
+
* const client = new OpenTDF({
|
|
90
|
+
* interceptors: [authTokenInterceptor(externalJwtTokenProvider({
|
|
91
|
+
* clientId: 'my-app',
|
|
92
|
+
* externalJwt: 'eyJhbGciOi...',
|
|
93
|
+
* oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
|
|
94
|
+
* }))],
|
|
95
|
+
* platformUrl: 'http://localhost:8080',
|
|
96
|
+
* });
|
|
97
|
+
* ```
|
|
98
|
+
*/
|
|
99
|
+
export declare function externalJwtTokenProvider(options: ExternalJwtTokenProviderOptions): TokenProvider;
|
|
100
|
+
//# sourceMappingURL=token-providers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-providers.d.ts","sourceRoot":"","sources":["../../../../src/auth/token-providers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAIvD;;;;;GAKG;AACH,MAAM,MAAM,qCAAqC,GAAG;IAClD,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,+FAA+F;IAC/F,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,2BAA2B,GAAG;IACxC,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,YAAY,EAAE,MAAM,CAAC;IACrB,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAC5C,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAwEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,qCAAqC,GAC7C,aAAa,CA+Bf;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,2BAA2B,GAAG,aAAa,CAmCxF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,+BAA+B,GAAG,aAAa,CA0DhG"}
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
export { type AuthProvider, type HttpMethod, HttpRequest, withHeaders } from './auth/auth.js';
|
|
2
2
|
export * as AuthProviders from './auth/providers.js';
|
|
3
|
+
export { authTokenInterceptor, authTokenDPoPInterceptor, authProviderInterceptor, type AuthConfig, type DPoPInterceptor, type DPoPInterceptorOptions, type Interceptor, type TokenProvider, } from './auth/interceptors.js';
|
|
4
|
+
export { clientCredentialsTokenProvider, refreshTokenProvider, externalJwtTokenProvider, type ClientCredentialsTokenProviderOptions, type RefreshTokenProviderOptions, type ExternalJwtTokenProviderOptions, } from './auth/token-providers.js';
|
|
3
5
|
export { attributeFQNsAsValues } from './policy/api.js';
|
|
6
|
+
export { forEmail, forClientId, forUserName, forToken, withRequestToken, } from './platform/authorization/entity-identifiers.js';
|
|
4
7
|
export { listAttributes, validateAttributes, attributeExists, attributeValueExists, } from './policy/discovery.js';
|
|
5
8
|
export { version, clientType, tdfSpecVersion } from './version.js';
|
|
6
9
|
export { PlatformClient, type PlatformClientOptions, type PlatformServices } from './platform.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC9F,OAAO,KAAK,aAAa,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAClG,cAAc,cAAc,CAAC;AAC7B,OAAO,EACL,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,wBAAwB,EACxB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,cAAc,eAAe,CAAC;AAC9B,cAAc,6BAA6B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC9F,OAAO,KAAK,aAAa,MAAM,qBAAqB,CAAC;AACrD,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,aAAa,GACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,8BAA8B,EAC9B,oBAAoB,EACpB,wBAAwB,EACxB,KAAK,qCAAqC,EAC1C,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,GACrC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,QAAQ,EACR,WAAW,EACX,WAAW,EACX,QAAQ,EACR,gBAAgB,GACjB,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAClG,cAAc,cAAc,CAAC;AAC7B,OAAO,EACL,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,wBAAwB,EACxB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,cAAc,eAAe,CAAC;AAC9B,cAAc,6BAA6B,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { type AuthProvider } from './auth/providers.js';
|
|
2
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
2
3
|
export { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
3
4
|
import { type Source } from './seekable.js';
|
|
4
5
|
import { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
@@ -104,8 +105,16 @@ export type OpenTDFOptions = {
|
|
|
104
105
|
policyEndpoint?: string;
|
|
105
106
|
/** Platform URL. */
|
|
106
107
|
platformUrl?: string;
|
|
107
|
-
/**
|
|
108
|
-
|
|
108
|
+
/**
|
|
109
|
+
* Connect RPC interceptors for authentication. Preferred over authProvider.
|
|
110
|
+
* Use `authTokenInterceptor()` or `authTokenDPoPInterceptor()` to create interceptors.
|
|
111
|
+
*/
|
|
112
|
+
interceptors?: Interceptor[];
|
|
113
|
+
/**
|
|
114
|
+
* Auth provider for connections to the policy service and KASes.
|
|
115
|
+
* @deprecated since 0.14.0. Use `interceptors` with `authTokenInterceptor()` or `authTokenDPoPInterceptor()` instead.
|
|
116
|
+
*/
|
|
117
|
+
authProvider?: AuthProvider;
|
|
109
118
|
/** Default settings for 'encrypt' type requests. */
|
|
110
119
|
defaultCreateOptions?: Omit<CreateOptions, 'source'>;
|
|
111
120
|
/** Default settings for 'decrypt' type requests. */
|
|
@@ -165,18 +174,10 @@ export type TDFReader = {
|
|
|
165
174
|
* It also requires a platform URL to be set, which is used to fetch key access servers and policies.
|
|
166
175
|
* @example
|
|
167
176
|
* ```
|
|
168
|
-
* import {
|
|
169
|
-
*
|
|
170
|
-
* const oidcCredentials: RefreshTokenCredentials = {
|
|
171
|
-
* clientId: keycloakClientId,
|
|
172
|
-
* exchange: 'refresh',
|
|
173
|
-
* refreshToken: refreshToken,
|
|
174
|
-
* oidcOrigin: keycloakUrl,
|
|
175
|
-
* };
|
|
176
|
-
* const authProvider = await AuthProviders.refreshAuthProvider(oidcCredentials);
|
|
177
|
+
* import { authTokenInterceptor, OpenTDF } from '@opentdf/sdk';
|
|
177
178
|
*
|
|
178
179
|
* const client = new OpenTDF({
|
|
179
|
-
*
|
|
180
|
+
* interceptors: [authTokenInterceptor(() => `${myAuth.token.accessToken}`)],
|
|
180
181
|
* platformUrl: 'https://platform.example.com',
|
|
181
182
|
* });
|
|
182
183
|
*
|
|
@@ -193,8 +194,10 @@ export declare class OpenTDF {
|
|
|
193
194
|
readonly platformUrl: string;
|
|
194
195
|
/** The policy service endpoint */
|
|
195
196
|
readonly policyEndpoint: string;
|
|
196
|
-
/** The auth provider for the OpenTDF instance. */
|
|
197
|
-
readonly authProvider
|
|
197
|
+
/** The auth provider for the OpenTDF instance (deprecated, use interceptors). */
|
|
198
|
+
readonly authProvider?: AuthProvider;
|
|
199
|
+
/** Connect RPC interceptors for authentication. */
|
|
200
|
+
readonly interceptors?: Interceptor[];
|
|
198
201
|
/** If DPoP is enabled for this instance. */
|
|
199
202
|
readonly dpopEnabled: boolean;
|
|
200
203
|
/** Default options for creating TDF objects. */
|
|
@@ -209,7 +212,7 @@ export declare class OpenTDF {
|
|
|
209
212
|
readonly cryptoService: CryptoService;
|
|
210
213
|
/** The TDF3 client for encrypting and decrypting ZTDF files. */
|
|
211
214
|
readonly tdf3Client: TDF3Client;
|
|
212
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }: OpenTDFOptions);
|
|
215
|
+
constructor({ authProvider, interceptors, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }: OpenTDFOptions);
|
|
213
216
|
/** Creates a new TDF stream. */
|
|
214
217
|
createTDF(opts: CreateTDFOptions): Promise<DecoratedStream>;
|
|
215
218
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"opentdf.d.ts","sourceRoot":"","sources":["../../../src/opentdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"opentdf.d.ts","sourceRoot":"","sources":["../../../src/opentdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAuC,KAAK,MAAM,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,OAAO,EAAE,MAAM,oCAAoC,CAAC;AAEtF,OAAO,EACL,KAAK,SAAS,EACd,eAAe,EACf,yBAAyB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,KAAK,qBAAqB,EAG1B,oBAAoB,EACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,qBAAqB,EAC3B,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EACL,KAAK,SAAS,EACd,KAAK,aAAa,EAClB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,QAAQ,EACb,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,oBAAoB,GACrB,CAAC;AAEF,sDAAsD;AACtD,MAAM,MAAM,IAAI,GAAG;IACjB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,aAAa,CAAC;CAC5C,CAAC;AAEF,8EAA8E;AAC9E,MAAM,MAAM,mBAAmB,GAAG;IAChC,yDAAyD;IACzD,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,CAAC;AAEF,iFAAiF;AACjF,MAAM,MAAM,aAAa,GAAG;IAC1B,wEAAwE;IACxE,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,kFAAkF;IAClF,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,oEAAoE;IACpE,OAAO,CAAC,EAAE,IAAI,CAAC;IAEf,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,iCAAiC;AACjC,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC;AAE9B,0CAA0C;AAC1C,MAAM,MAAM,QAAQ,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;AAE7C,6EAA6E;AAC7E,MAAM,MAAM,SAAS,GAAG;IACtB,0DAA0D;IAC1D,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,aAAa,GAAG;IAC9C,wCAAwC;IACxC,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IAErC,qCAAqC;IACrC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;IAExB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,yDAAyD;IACzD,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;IAE7C,kCAAkC;IAClC,cAAc,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;CACpC,CAAC;AAEF,kCAAkC;AAClC,MAAM,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;AAEjD,uDAAuD;AACvD,MAAM,MAAM,WAAW,GAAG;IACxB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iDAAiD;IACjD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,4DAA4D;IAC5D,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,wDAAwD;IACxD,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IACtD,iDAAiD;IACjD,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB,gFAAgF;IAChF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;CAC9C,CAAC;AAEF,8EAA8E;AAC9E,MAAM,MAAM,cAAc,GAAG;IAC3B,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,oBAAoB;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAE7B;;;OAGG;IACH,YAAY,CAAC,EAAE,YAAY,CAAC;IAE5B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IAErD,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAEjD,6CAA6C;IAC7C,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAE5B;;;;OAIG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B,CAAC;AAEF,mCAAmC;AACnC,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,UAAU,CAAC,GAAG;IACzD,iFAAiF;IACjF,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,wBAAwB;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,eAAe,CAAC,CAAC;IACxC;;OAEG;IACH,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;IAElC;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAEpC;;OAEG;IACH,WAAW,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,OAAO;IAClB,uBAAuB;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,kCAAkC;IAClC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,iFAAiF;IACjF,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC,mDAAmD;IACnD,QAAQ,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IACtC,4CAA4C;IAC5C,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,gDAAgD;IAChD,oBAAoB,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IACpD,+CAA+C;IAC/C,kBAAkB,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChD,+CAA+C;IAC/C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,uGAAuG;IACvG,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,0DAA0D;IAC1D,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,gEAAgE;IAChE,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;gBAEpB,EACV,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,cAAc,EACd,WAAW,EACX,aAAa,GACd,EAAE,cAAc;IAyDjB,gCAAgC;IAC1B,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAIjE;;;OAGG;IACG,UAAU,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAwBnE,sDAAsD;IACtD,IAAI,CAAC,IAAI,EAAE,WAAW,GAAG,SAAS;IAKlC,2BAA2B;IACrB,IAAI,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC;IAKvD,8DAA8D;IAC9D,KAAK;CAGN"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { type EntityIdentifier } from './v2/authorization_pb.js';
|
|
2
|
+
/**
|
|
3
|
+
* Convenience constructors for {@link EntityIdentifier}, mirroring the Go SDK
|
|
4
|
+
* helpers (`ForEmail`, `ForClientID`, etc.).
|
|
5
|
+
*
|
|
6
|
+
* Each function builds a complete `EntityIdentifier` so callers avoid deeply
|
|
7
|
+
* nested object literals.
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* ```ts
|
|
11
|
+
* // Before
|
|
12
|
+
* const eid = create(EntityIdentifierSchema, {
|
|
13
|
+
* identifier: {
|
|
14
|
+
* case: 'entityChain',
|
|
15
|
+
* value: create(EntityChainSchema, {
|
|
16
|
+
* entities: [create(EntitySchema, {
|
|
17
|
+
* entityType: { case: 'emailAddress', value: 'jen@example.com' },
|
|
18
|
+
* category: Entity_Category.SUBJECT,
|
|
19
|
+
* })],
|
|
20
|
+
* }),
|
|
21
|
+
* },
|
|
22
|
+
* });
|
|
23
|
+
*
|
|
24
|
+
* // After
|
|
25
|
+
* const eid = forEmail('jen@example.com');
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
28
|
+
/** Returns an EntityIdentifier for a subject identified by email address. */
|
|
29
|
+
export declare function forEmail(email: string): EntityIdentifier;
|
|
30
|
+
/** Returns an EntityIdentifier for a subject identified by client ID. */
|
|
31
|
+
export declare function forClientId(clientId: string): EntityIdentifier;
|
|
32
|
+
/** Returns an EntityIdentifier for a subject identified by username. */
|
|
33
|
+
export declare function forUserName(userName: string): EntityIdentifier;
|
|
34
|
+
/** Returns an EntityIdentifier that resolves the entity from the given JWT. */
|
|
35
|
+
export declare function forToken(jwt: string): EntityIdentifier;
|
|
36
|
+
/**
|
|
37
|
+
* Returns an EntityIdentifier that instructs the authorization service to
|
|
38
|
+
* derive the entity from the request's Authorization header token.
|
|
39
|
+
*/
|
|
40
|
+
export declare function withRequestToken(): EntityIdentifier;
|
|
41
|
+
//# sourceMappingURL=entity-identifiers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entity-identifiers.d.ts","sourceRoot":"","sources":["../../../../../src/platform/authorization/entity-identifiers.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,KAAK,gBAAgB,EAEtB,MAAM,0BAA0B,CAAC;AASlC;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,6EAA6E;AAC7E,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,CAOxD;AAED,yEAAyE;AACzE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAO9D;AAED,wEAAwE;AACxE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAO9D;AAED,+EAA+E;AAC/E,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAOtD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,gBAAgB,CAOnD"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export * as platformConnectWeb from '@connectrpc/connect-web';
|
|
2
2
|
export * as platformConnect from '@connectrpc/connect';
|
|
3
|
-
import { AuthProvider } from '../tdf3/index.js';
|
|
3
|
+
import type { AuthProvider } from '../tdf3/index.js';
|
|
4
4
|
import { Client, Interceptor } from '@connectrpc/connect';
|
|
5
5
|
import { WellKnownService } from './platform/wellknownconfiguration/wellknown_configuration_pb.js';
|
|
6
6
|
import { AuthorizationService } from './platform/authorization/authorization_pb.js';
|
|
@@ -37,9 +37,12 @@ export interface PlatformServicesV2 {
|
|
|
37
37
|
authorization: Client<typeof AuthorizationServiceV2>;
|
|
38
38
|
}
|
|
39
39
|
export interface PlatformClientOptions {
|
|
40
|
-
/**
|
|
40
|
+
/**
|
|
41
|
+
* Authentication provider for generating auth interceptor.
|
|
42
|
+
* @deprecated since 0.14.0. Use `interceptors` with `authTokenInterceptor()` or `authTokenDPoPInterceptor()` instead.
|
|
43
|
+
*/
|
|
41
44
|
authProvider?: AuthProvider;
|
|
42
|
-
/** Array of
|
|
45
|
+
/** Array of interceptors to apply to rpc requests. Preferred over authProvider. */
|
|
43
46
|
interceptors?: Interceptor[];
|
|
44
47
|
/** Base URL of the platform API. */
|
|
45
48
|
platformUrl: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../../src/platform.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,eAAe,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../../src/platform.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,eAAe,MAAM,qBAAqB,CAAC;AAGvD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,MAAM,EAAgB,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iEAAiE,CAAC;AACnG,OAAO,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AACpF,OAAO,EAAE,oBAAoB,IAAI,sBAAsB,EAAE,MAAM,iDAAiD,CAAC;AACjH,OAAO,EAAE,uBAAuB,EAAE,MAAM,qDAAqD,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+CAA+C,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,gEAAgE,CAAC;AAChH,OAAO,EAAE,oBAAoB,EAAE,MAAM,sDAAsD,CAAC;AAC5F,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,iDAAiD,CAAC;AAC/F,OAAO,EAAE,gBAAgB,EAAE,MAAM,+CAA+C,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,kEAAkE,CAAC;AAC9G,OAAO,EAAE,sBAAsB,EAAE,MAAM,0DAA0D,CAAC;AAClG,OAAO,EAAE,qBAAqB,EAAE,MAAM,wDAAwD,CAAC;AAC/F,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAEtE,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;IACnD,gBAAgB,EAAE,MAAM,CAAC,OAAO,uBAAuB,CAAC,CAAC;IACzD,MAAM,EAAE,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;IACrC,MAAM,EAAE,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAC;IAC7C,uBAAuB,EAAE,MAAM,CAAC,OAAO,8BAA8B,CAAC,CAAC;IACvE,aAAa,EAAE,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;IACnD,SAAS,EAAE,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAC;IAC3C,UAAU,EAAE,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAC;IAC7C,mBAAmB,EAAE,MAAM,CAAC,OAAO,0BAA0B,CAAC,CAAC;IAC/D,eAAe,EAAE,MAAM,CAAC,OAAO,sBAAsB,CAAC,CAAC;IACvD,cAAc,EAAE,MAAM,CAAC,OAAO,qBAAqB,CAAC,CAAC;IACrD,MAAM,EAAE,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;IACrC,SAAS,EAAE,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,CAAC,OAAO,sBAAsB,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,mFAAmF;IACnF,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,qBAAa,cAAc;IACzB,QAAQ,CAAC,EAAE,EAAE,gBAAgB,CAAC;IAC9B,QAAQ,CAAC,EAAE,EAAE,kBAAkB,CAAC;gBAEpB,OAAO,EAAE,qBAAqB;CAqC3C"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { type AuthConfig } from '../auth/interceptors.js';
|
|
2
2
|
import { Value } from './attributes.js';
|
|
3
3
|
import { Certificate } from '../platform/policy/objects_pb.js';
|
|
4
|
-
export declare function attributeFQNsAsValues(platformUrl: string,
|
|
5
|
-
export declare function getRootCertsFromNamespace(platformUrl: string,
|
|
4
|
+
export declare function attributeFQNsAsValues(platformUrl: string, auth: AuthConfig, ...fqns: string[]): Promise<Value[]>;
|
|
5
|
+
export declare function getRootCertsFromNamespace(platformUrl: string, auth?: AuthConfig, namespaceId?: string, fqn?: string): Promise<Certificate[]>;
|
|
6
6
|
//# sourceMappingURL=api.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../../../src/policy/api.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../../../src/policy/api.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,UAAU,EAAuB,MAAM,yBAAyB,CAAC;AAG/E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAK/D,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,GAAG,IAAI,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,KAAK,EAAE,CAAC,CAiClB;AAGD,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,UAAU,EACjB,WAAW,CAAC,EAAE,MAAM,EACpB,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,WAAW,EAAE,CAAC,CA8BxB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type
|
|
1
|
+
import { type AuthConfig } from '../auth/interceptors.js';
|
|
2
2
|
import type { Attribute } from '../platform/policy/objects_pb.js';
|
|
3
3
|
/**
|
|
4
4
|
* Returns all active attributes available on the platform, auto-paginating through all results.
|
|
@@ -19,7 +19,7 @@ import type { Attribute } from '../platform/policy/objects_pb.js';
|
|
|
19
19
|
* }
|
|
20
20
|
* ```
|
|
21
21
|
*/
|
|
22
|
-
export declare function listAttributes(platformUrl: string,
|
|
22
|
+
export declare function listAttributes(platformUrl: string, auth: AuthConfig, namespace?: string): Promise<Attribute[]>;
|
|
23
23
|
/**
|
|
24
24
|
* Checks that all provided attribute value FQNs exist on the platform.
|
|
25
25
|
* Validates FQN format first, then verifies existence via the platform API.
|
|
@@ -42,7 +42,7 @@ export declare function listAttributes(platformUrl: string, authProvider: AuthPr
|
|
|
42
42
|
* // Safe to encrypt — all attributes confirmed present
|
|
43
43
|
* ```
|
|
44
44
|
*/
|
|
45
|
-
export declare function validateAttributes(platformUrl: string,
|
|
45
|
+
export declare function validateAttributes(platformUrl: string, auth: AuthConfig, fqns: string[]): Promise<void>;
|
|
46
46
|
/**
|
|
47
47
|
* Reports whether the attribute definition identified by `attributeFqn` exists on the platform.
|
|
48
48
|
*
|
|
@@ -56,7 +56,7 @@ export declare function validateAttributes(platformUrl: string, authProvider: Au
|
|
|
56
56
|
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
57
57
|
* @throws {@link NetworkError} if a non-not-found service error occurs.
|
|
58
58
|
*/
|
|
59
|
-
export declare function attributeExists(platformUrl: string,
|
|
59
|
+
export declare function attributeExists(platformUrl: string, auth: AuthConfig, attributeFqn: string): Promise<boolean>;
|
|
60
60
|
/**
|
|
61
61
|
* Reports whether the attribute value FQN exists on the platform.
|
|
62
62
|
*
|
|
@@ -70,5 +70,5 @@ export declare function attributeExists(platformUrl: string, authProvider: AuthP
|
|
|
70
70
|
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
71
71
|
* @throws {@link NetworkError} if a service error occurs.
|
|
72
72
|
*/
|
|
73
|
-
export declare function attributeValueExists(platformUrl: string,
|
|
73
|
+
export declare function attributeValueExists(platformUrl: string, auth: AuthConfig, valueFqn: string): Promise<boolean>;
|
|
74
74
|
//# sourceMappingURL=discovery.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../../src/policy/discovery.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,
|
|
1
|
+
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../../src/policy/discovery.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,UAAU,EAAuB,MAAM,yBAAyB,CAAC;AAG/E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAC;AAyBlE;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,SAAS,EAAE,CAAC,CA6BtB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,IAAI,EAAE,MAAM,EAAE,GACb,OAAO,CAAC,IAAI,CAAC,CAkCf;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,CAqBlB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,oBAAoB,CACxC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC,CAkBlB"}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { fetchKasPublicKey } from '../tdf.js';
|
|
2
2
|
import { CryptoService } from '../crypto/declarations.js';
|
|
3
3
|
import { type AuthProvider, HttpRequest, withHeaders } from '../../../src/auth/auth.js';
|
|
4
|
+
import { type AuthConfig } from '../../../src/auth/interceptors.js';
|
|
5
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
4
6
|
import { type DecryptParams, DecryptParamsBuilder, type DecryptSource, type EncryptParams, EncryptParamsBuilder } from './builders.js';
|
|
5
7
|
import { DecoratedReadableStream } from './DecoratedReadableStream.js';
|
|
6
8
|
import { type KasPublicKeyInfo, OriginAllowList } from '../../../src/access.js';
|
|
@@ -37,7 +39,10 @@ export interface ClientConfig {
|
|
|
37
39
|
kasPublicKey?: string;
|
|
38
40
|
oidcOrigin?: string;
|
|
39
41
|
externalJwt?: string;
|
|
42
|
+
/** @deprecated since 0.14.0. Use `interceptors` instead. */
|
|
40
43
|
authProvider?: AuthProvider;
|
|
44
|
+
/** Connect RPC interceptors for authentication. Preferred over authProvider. */
|
|
45
|
+
interceptors?: Interceptor[];
|
|
41
46
|
readerUrl?: string;
|
|
42
47
|
entityObjectEndpoint?: string;
|
|
43
48
|
fileStreamServiceWorker?: string;
|
|
@@ -83,7 +88,11 @@ export declare class Client {
|
|
|
83
88
|
readonly kasKeyInfoCache: KasKeyInfoCache;
|
|
84
89
|
readonly easEndpoint?: string;
|
|
85
90
|
readonly clientId?: string;
|
|
86
|
-
|
|
91
|
+
/**
|
|
92
|
+
* Resolved auth configuration. Set once in the constructor from either
|
|
93
|
+
* authProvider or interceptors. Threaded through all internal layers.
|
|
94
|
+
*/
|
|
95
|
+
readonly auth?: AuthConfig;
|
|
87
96
|
readonly readerUrl?: string;
|
|
88
97
|
readonly fileStreamServiceWorker?: string;
|
|
89
98
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/client/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,iBAAiB,EAKlB,MAAM,WAAW,CAAC;AAInB,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,KAAK,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/client/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,iBAAiB,EAKlB,MAAM,WAAW,CAAC;AAInB,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,KAAK,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxF,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,KAAK,aAAa,EAClB,oBAAoB,EACpB,KAAK,aAAa,EAIlB,KAAK,aAAa,EAClB,oBAAoB,EAGrB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAEL,KAAK,gBAAgB,EACrB,eAAe,EAChB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,KAAK,OAAO,EAAqB,MAAM,2BAA2B,CAAC;AA2B5E,eAAO,MAAM,cAAc,GACzB,KAAK,MAAM,EACX,KAAK,MAAM,EACX,eAAe,aAAa,EAC5B,MAAM,MAAM,KACX,OAAO,CAAC,gBAAgB,CAQ1B,CAAC;AAsCF,MAAM,WAAW,YAAY;IAC3B,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IAErC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,gFAAgF;IAChF,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;CACpD;AAQD,wBAAsB,iBAAiB,CAAC,EACtC,YAAY,EACZ,aAAa,EACb,QAAQ,GACT,EAAE;IACD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B,GAAG,OAAO,CAAC,OAAO,CAAC,CAenB;AAgCD,KAAK,eAAe,GAAG;IACrB,GAAG,UAAU,CAAC,OAAO,iBAAiB,CAAC;IACvC,cAAc,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC;CACrD,EAAE,CAAC;AAEJ,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,eAAe,EACtB,GAAG,MAAM,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC,oCAmBhD;AAED,QAAA,MAAM,oBAAoB,GACxB,OAAO,eAAe,EACtB,GAAG,QAAQ,UAAU,CAAC,OAAO,iBAAiB,CAAC,KAC9C,UAAU,CAAC,OAAO,iBAAiB,CAQrC,CAAC;AAgDF,qBAAa,MAAM;IACjB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,eAAe,CAAC;IAExC;;;;OAIG;IACH,QAAQ,CAAC,yBAAyB,EAAE,MAAM,EAAE,CAAC;IAE7C;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAM;IAE/C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC;IAE3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAE1C;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAE9B,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IAEpC;;;;;;;;;OASG;gBACS,MAAM,EAAE,YAAY;IA8GhC,uHAAuH;IACvH,uBAAuB,CACrB,GAAG,MAAM,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,GACjD,UAAU,CAAC,OAAO,oBAAoB,CAAC;IAI1C;;;;;;;;;;;;;;OAcG;IACG,OAAO,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC;IA2QpE;;;;;;;;;;;OAWG;IACG,OAAO,CAAC,EACZ,MAAM,EACN,SAAS,EACT,aAAgD,EAChD,gBAAoE,EACpE,yBAAyB,EACzB,kBAAkB,EAClB,gBAAoB,EACpB,oBAAoB,EACpB,yBAA8B,GAC/B,EAAE,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAyCnD;;;;;;;;;OASG;IACG,WAAW,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;IASjD,aAAa,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;CAI1D;AAED,YAAY,EAAE,YAAY,EAAE,CAAC;AAE7B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC"}
|