@opentdf/sdk 0.19.0-rc.169 → 0.20.0-beta.181
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/access/access-fetch.js +2 -2
- package/dist/cjs/src/access/access-rpc.js +4 -4
- package/dist/cjs/src/auth/oidc.js +32 -19
- package/dist/cjs/src/auth/token-providers.js +8 -41
- package/dist/cjs/src/auth/tokenExpiry.js +44 -0
- package/dist/cjs/src/version.js +1 -1
- package/dist/cjs/tdf3/src/tdf.js +7 -2
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +11 -2
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/token-providers.d.ts.map +1 -1
- package/dist/types/src/auth/tokenExpiry.d.ts +16 -0
- package/dist/types/src/auth/tokenExpiry.d.ts.map +1 -0
- package/dist/types/src/version.d.ts +1 -1
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +2 -2
- package/dist/web/src/access/access-rpc.js +4 -4
- package/dist/web/src/auth/oidc.js +32 -19
- package/dist/web/src/auth/token-providers.js +2 -35
- package/dist/web/src/auth/tokenExpiry.js +39 -0
- package/dist/web/src/version.js +1 -1
- package/dist/web/tdf3/src/tdf.js +7 -2
- package/package.json +4 -3
- package/src/access/access-fetch.ts +3 -1
- package/src/access/access-rpc.ts +7 -3
- package/src/auth/oidc.ts +42 -18
- package/src/auth/token-providers.ts +1 -34
- package/src/auth/tokenExpiry.ts +38 -0
- package/src/version.ts +1 -1
- package/tdf3/src/tdf.ts +6 -1
|
@@ -45,7 +45,7 @@ async function fetchWrappedKey(url, requestBody, authProvider) {
|
|
|
45
45
|
case 401:
|
|
46
46
|
throw new errors_js_1.UnauthenticatedError(`401 for [${req.url}]; rewrap auth failure`);
|
|
47
47
|
case 403:
|
|
48
|
-
throw new errors_js_1.PermissionDeniedError(`403 for [${req.url}]; rewrap permission denied`);
|
|
48
|
+
throw new errors_js_1.PermissionDeniedError(`403 for [${req.url}]; rewrap permission denied: forbidden`);
|
|
49
49
|
default:
|
|
50
50
|
if (response.status >= 500) {
|
|
51
51
|
throw new errors_js_1.ServiceError(`${response.status} for [${req.url}]: rewrap failure due to service error [${await response.text()}]`);
|
|
@@ -152,4 +152,4 @@ async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
|
152
152
|
...(kid && { kid }),
|
|
153
153
|
};
|
|
154
154
|
}
|
|
155
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
155
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLWZldGNoLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2FjY2Vzcy9hY2Nlc3MtZmV0Y2gudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUE4QkEsMENBd0RDO0FBRUQsc0RBK0NDO0FBRUQsd0NBNkRDO0FBdE1ELDRDQUF3RjtBQUV4Riw0Q0FPc0I7QUFDdEIsMENBQWdEO0FBYWhEOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxXQUEwQixFQUMxQixZQUEwQjtJQUUxQixNQUFNLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxTQUFTLENBQUM7UUFDdkMsR0FBRztRQUNILE1BQU0sRUFBRSxNQUFNO1FBQ2QsT0FBTyxFQUFFO1lBQ1AsY0FBYyxFQUFFLGtCQUFrQjtTQUNuQztRQUNELElBQUksRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQztLQUNsQyxDQUFDLENBQUM7SUFFSCxJQUFJLFFBQWtCLENBQUM7SUFFdkIsSUFBSSxDQUFDO1FBQ0gsUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUU7WUFDOUIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNO1lBQ2xCLElBQUksRUFBRSxNQUFNLEVBQUUsOEJBQThCO1lBQzVDLEtBQUssRUFBRSxVQUFVLEVBQUUsMERBQTBEO1lBQzdFLFdBQVcsRUFBRSxhQUFhLEVBQUUsOEJBQThCO1lBQzFELE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztZQUNwQixRQUFRLEVBQUUsUUFBUSxFQUFFLHlCQUF5QjtZQUM3QyxjQUFjLEVBQUUsYUFBYSxFQUFFLHNKQUFzSjtZQUNyTCxJQUFJLEVBQUUsR0FBRyxDQUFDLElBQWdCO1NBQzNCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMscUNBQXFDLEdBQUcsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFFRCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQ2pCLFFBQVEsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ3hCLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksNEJBQWdCLENBQ3hCLFlBQVksR0FBRyxDQUFDLEdBQUcsMEJBQTBCLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxHQUFHLENBQ3RFLENBQUM7WUFDSixLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGdDQUFvQixDQUFDLFlBQVksR0FBRyxDQUFDLEdBQUcsd0JBQXdCLENBQUMsQ0FBQztZQUM5RSxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGlDQUFxQixDQUM3QixZQUFZLEdBQUcsQ0FBQyxHQUFHLHdDQUF3QyxDQUM1RCxDQUFDO1lBQ0o7Z0JBQ0UsSUFBSSxRQUFRLENBQUMsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDO29CQUMzQixNQUFNLElBQUksd0JBQVksQ0FDcEIsR0FBRyxRQUFRLENBQUMsTUFBTSxTQUFTLEdBQUcsQ0FBQyxHQUFHLDJDQUEyQyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUN0RyxDQUFDO2dCQUNKLENBQUM7Z0JBQ0QsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLEdBQUcsR0FBRyxDQUFDLE1BQU0sSUFBSSxHQUFHLENBQUMsR0FBRyxPQUFPLFFBQVEsQ0FBQyxNQUFNLElBQUksUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUN4RSxDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztBQUN6QixDQUFDO0FBRU0sS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxXQUFtQixFQUNuQixZQUEwQjtJQUUxQixJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUM7SUFDbkIsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3RCLEdBQUcsQ0FBQztRQUNGLE1BQU0sR0FBRyxHQUFHLE1BQU0sWUFBWSxDQUFDLFNBQVMsQ0FBQztZQUN2QyxHQUFHLEVBQUUsR0FBRyxXQUFXLHlDQUF5QyxVQUFVLEVBQUU7WUFDeEUsTUFBTSxFQUFFLEtBQUs7WUFDYixPQUFPLEVBQUU7Z0JBQ1AsY0FBYyxFQUFFLGtCQUFrQjthQUNuQztTQUNGLENBQUMsQ0FBQztRQUNILElBQUksUUFBa0IsQ0FBQztRQUN2QixJQUFJLENBQUM7WUFDSCxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtnQkFDOUIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNO2dCQUNsQixPQUFPLEVBQUUsR0FBRyxDQUFDLE9BQU87Z0JBQ3BCLElBQUksRUFBRSxHQUFHLENBQUMsSUFBZ0I7Z0JBQzFCLElBQUksRUFBRSxNQUFNO2dCQUNaLEtBQUssRUFBRSxVQUFVO2dCQUNqQixXQUFXLEVBQUUsYUFBYTtnQkFDMUIsUUFBUSxFQUFFLFFBQVE7Z0JBQ2xCLGNBQWMsRUFBRSxhQUFhO2FBQzlCLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsa0NBQWtDLEdBQUcsQ0FBQyxHQUFHLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUMxRSxDQUFDO1FBQ0QsMkRBQTJEO1FBQzNELElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLGtDQUFrQyxHQUFHLENBQUMsR0FBRyxjQUFjLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FDekUsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLEVBQUUsZ0JBQWdCLEdBQUcsRUFBRSxFQUFFLFVBQVUsR0FBRyxFQUFFLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUN6RSxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQztRQUNyQyxVQUFVLEdBQUcsVUFBVSxDQUFDLFVBQVUsSUFBSSxDQUFDLENBQUM7SUFDMUMsQ0FBQyxRQUFRLFVBQVUsR0FBRyxDQUFDLEVBQUU7SUFFekIsTUFBTSxVQUFVLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFELHdCQUF3QjtJQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxJQUFJLDJCQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFFTSxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELHVEQUF1RDtJQUN2RCxJQUFBLDRCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRS9CLG9GQUFvRjtJQUNwRixJQUFJLE9BQVksQ0FBQztJQUNqQixJQUFJLENBQUM7UUFDSCxPQUFPLEdBQUcsSUFBSSxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksOEJBQWtCLENBQUMsNEJBQTRCLFdBQVcsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDO1FBQ2pELElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sQ0FBQyxRQUFRLElBQUksR0FBRyxDQUFDO1FBQzFCLENBQUM7UUFDRCxPQUFPLENBQUMsUUFBUSxJQUFJLG1CQUFtQixDQUFDO0lBQzFDLENBQUM7SUFDRCxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsU0FBUyxJQUFJLFVBQVUsQ0FBQyxDQUFDO0lBQy9ELElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQ25DLE9BQU8sQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxHQUFHLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQsSUFBSSxtQkFBNkIsQ0FBQztJQUNsQyxJQUFJLENBQUM7UUFDSCxtQkFBbUIsR0FBRyxNQUFNLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUFDLG9DQUFvQyxPQUFPLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBQ0QsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQzVCLFFBQVEsbUJBQW1CLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDbkMsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDdkQsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxnQ0FBb0IsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDekQsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxpQ0FBcUIsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDMUQ7Z0JBQ0UsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLEdBQUcsT0FBTyxPQUFPLG1CQUFtQixDQUFDLE1BQU0sSUFBSSxtQkFBbUIsQ0FBQyxVQUFVLEVBQUUsQ0FDaEYsQ0FBQztRQUNOLENBQUM7SUFDSCxDQUFDO0lBQ0QsTUFBTSxXQUFXLEdBQUcsTUFBTSxtQkFBbUIsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNyRCxNQUFNLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxHQUFxQixXQUFXLENBQUM7SUFDekQsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ2YsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLDhDQUE4QyxJQUFJLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQzdFLENBQUM7SUFDSixDQUFDO0lBQ0QsT0FBTztRQUNMLFNBQVM7UUFDVCxHQUFHLEVBQUUsV0FBVztRQUNoQixTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7UUFDbEMsR0FBRyxDQUFDLEdBQUcsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO0tBQ3BCLENBQUM7QUFDSixDQUFDIn0=
|
|
@@ -46,7 +46,7 @@ function handleRpcRewrapError(e, platformUrl) {
|
|
|
46
46
|
case connect_1.Code.InvalidArgument: // 400 Bad Request
|
|
47
47
|
throw new errors_js_1.InvalidFileError(`400 for [${platformUrl}]: rewrap bad request [${e.message}]`);
|
|
48
48
|
case connect_1.Code.PermissionDenied: // 403 Forbidden
|
|
49
|
-
throw new errors_js_1.PermissionDeniedError(`403 for [${platformUrl}]; rewrap permission denied`);
|
|
49
|
+
throw new errors_js_1.PermissionDeniedError(`403 for [${platformUrl}]; rewrap permission denied: forbidden`);
|
|
50
50
|
case connect_1.Code.Unauthenticated: // 401 Unauthorized
|
|
51
51
|
throw new errors_js_1.UnauthenticatedError(`401 for [${platformUrl}]; rewrap auth failure`);
|
|
52
52
|
case connect_1.Code.Internal:
|
|
@@ -69,9 +69,9 @@ function handleRpcRewrapErrorString(e, platformUrl, requiredObligations) {
|
|
|
69
69
|
}
|
|
70
70
|
if (e.includes(connect_1.Code[connect_1.Code.PermissionDenied])) {
|
|
71
71
|
if (requiredObligations && requiredObligations.length > 0) {
|
|
72
|
-
throw new errors_js_1.PermissionDeniedError(`403 for [${platformUrl}]; rewrap permission denied`, requiredObligations);
|
|
72
|
+
throw new errors_js_1.PermissionDeniedError(`403 for [${platformUrl}]; rewrap permission denied: forbidden`, requiredObligations);
|
|
73
73
|
}
|
|
74
|
-
throw new errors_js_1.PermissionDeniedError(`403 for [${platformUrl}]; rewrap permission denied`);
|
|
74
|
+
throw new errors_js_1.PermissionDeniedError(`403 for [${platformUrl}]; rewrap permission denied: forbidden`);
|
|
75
75
|
}
|
|
76
76
|
if (e.includes(connect_1.Code[connect_1.Code.Unauthenticated])) {
|
|
77
77
|
// 401 Unauthorized
|
|
@@ -187,4 +187,4 @@ async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
187
187
|
throw new errors_js_1.NetworkError(`[${platformUrl}] [PublicKey] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
188
188
|
}
|
|
189
189
|
}
|
|
190
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
190
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQW9DQSwwQ0FxQkM7QUFFRCxvREEwQkM7QUFFRCxnRUFvQ0M7QUFFRCxzREFpQ0M7QUEyQkQsd0NBNkJDO0FBU0QsZ0RBNkJDO0FBM1BELDRDQUtzQjtBQUV0Qiw2REFBK0U7QUFDL0UsNENBT3NCO0FBQ3RCLGdEQUFnRDtBQUdoRCwwQ0FJcUI7QUFDckIsaURBQTZEO0FBQzdELGlEQUF5RDtBQUV6RDs7Ozs7OztHQU9HO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixJQUFnQixFQUNoQiw2QkFBc0M7SUFFdEMsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxHQUFHLENBQUMsQ0FBQztJQUN2RCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsSUFBQSxxQ0FBbUIsRUFBQyxJQUFJLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQzlGLE1BQU0sT0FBTyxHQUFnQixFQUFFLENBQUM7SUFDaEMsSUFBSSw2QkFBNkIsRUFBRSxDQUFDO1FBQ2xDLE9BQU8sQ0FBQyxPQUFPLEdBQUc7WUFDaEIsQ0FBQywwQ0FBMkIsQ0FBQyxFQUFFLDZCQUE2QjtTQUM3RCxDQUFDO0lBQ0osQ0FBQztJQUNELElBQUksUUFBd0IsQ0FBQztJQUM3QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxrQkFBa0IsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsb0JBQW9CLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFDRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQsU0FBZ0Isb0JBQW9CLENBQUMsQ0FBVSxFQUFFLFdBQW1CO0lBQ2xFLElBQUksQ0FBQyxZQUFZLHNCQUFZLEVBQUUsQ0FBQztRQUM5QixPQUFPLENBQUMsR0FBRyxDQUFDLG9DQUFvQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNmLEtBQUssY0FBSSxDQUFDLGVBQWUsRUFBRSxrQkFBa0I7Z0JBQzNDLE1BQU0sSUFBSSw0QkFBZ0IsQ0FBQyxZQUFZLFdBQVcsMEJBQTBCLENBQUMsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQzVGLEtBQUssY0FBSSxDQUFDLGdCQUFnQixFQUFFLGdCQUFnQjtnQkFDMUMsTUFBTSxJQUFJLGlDQUFxQixDQUM3QixZQUFZLFdBQVcsd0NBQXdDLENBQ2hFLENBQUM7WUFDSixLQUFLLGNBQUksQ0FBQyxlQUFlLEVBQUUsbUJBQW1CO2dCQUM1QyxNQUFNLElBQUksZ0NBQW9CLENBQUMsWUFBWSxXQUFXLHdCQUF3QixDQUFDLENBQUM7WUFDbEYsS0FBSyxjQUFJLENBQUMsUUFBUSxDQUFDO1lBQ25CLEtBQUssY0FBSSxDQUFDLGFBQWEsQ0FBQztZQUN4QixLQUFLLGNBQUksQ0FBQyxRQUFRLENBQUM7WUFDbkIsS0FBSyxjQUFJLENBQUMsT0FBTyxDQUFDO1lBQ2xCLEtBQUssY0FBSSxDQUFDLGdCQUFnQixDQUFDO1lBQzNCLEtBQUssY0FBSSxDQUFDLFdBQVcsRUFBRSxxQkFBcUI7Z0JBQzFDLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixHQUFHLENBQUMsQ0FBQyxJQUFJLFNBQVMsV0FBVywyQ0FBMkMsQ0FBQyxDQUFDLE9BQU8sR0FBRyxDQUNyRixDQUFDO1lBQ0o7Z0JBQ0UsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksd0JBQVksQ0FBQyxJQUFJLFdBQVcsY0FBYyxJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUNuRixDQUFDO0FBRUQsU0FBZ0IsMEJBQTBCLENBQ3hDLENBQVMsRUFDVCxXQUFtQixFQUNuQixtQkFBOEI7SUFFOUIsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzNDLGtCQUFrQjtRQUNsQixNQUFNLElBQUksNEJBQWdCLENBQUMsWUFBWSxXQUFXLDBCQUEwQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUM1QyxJQUFJLG1CQUFtQixJQUFJLG1CQUFtQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUMxRCxNQUFNLElBQUksaUNBQXFCLENBQzdCLFlBQVksV0FBVyx3Q0FBd0MsRUFDL0QsbUJBQW1CLENBQ3BCLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxJQUFJLGlDQUFxQixDQUM3QixZQUFZLFdBQVcsd0NBQXdDLENBQ2hFLENBQUM7SUFDSixDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzNDLG1CQUFtQjtRQUNuQixNQUFNLElBQUksZ0NBQW9CLENBQUMsWUFBWSxXQUFXLHdCQUF3QixDQUFDLENBQUM7SUFDbEYsQ0FBQztJQUNELElBQ0UsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQy9CLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNwQyxDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDL0IsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzlCLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ3ZDLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxFQUNsQyxDQUFDO1FBQ0QsUUFBUTtRQUNSLE1BQU0sSUFBSSx3QkFBWSxDQUFDLFNBQVMsV0FBVywyQ0FBMkMsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM5RixDQUFDO0lBQ0QsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUMzRCxDQUFDO0FBRU0sS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxXQUFtQixFQUNuQixJQUFnQjtJQUVoQixJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUM7SUFDbkIsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3RCLE1BQU0sUUFBUSxHQUFHLElBQUksNEJBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxJQUFBLHFDQUFtQixFQUFDLElBQUksQ0FBQyxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7SUFFOUYsR0FBRyxDQUFDO1FBQ0YsSUFBSSxRQUFzQyxDQUFDO1FBQzNDLElBQUksQ0FBQztZQUNILFFBQVEsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsb0JBQW9CLENBQUM7Z0JBQ3hFLFVBQVUsRUFBRTtvQkFDVixNQUFNLEVBQUUsVUFBVTtpQkFDbkI7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixJQUFJLFdBQVcsNEJBQTRCLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FDdkUsQ0FBQztRQUNKLENBQUM7UUFFRCxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsUUFBUSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDOUMsVUFBVSxHQUFHLFFBQVEsRUFBRSxVQUFVLEVBQUUsVUFBVSxJQUFJLENBQUMsQ0FBQztJQUNyRCxDQUFDLFFBQVEsVUFBVSxHQUFHLENBQUMsRUFBRTtJQUV6QixNQUFNLFVBQVUsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDMUQsd0JBQXdCO0lBQ3hCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQy9DLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRCxPQUFPLElBQUksMkJBQWUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQVlELFNBQVMsU0FBUyxDQUFDLE9BQWlCO0lBQ2xDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNiLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUNELE1BQU0sRUFBRSxHQUFHLE9BQTBCLENBQUM7SUFDdEMsT0FBTyxDQUNMLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTztRQUNaLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVTtRQUNmLE9BQU8sRUFBRSxDQUFDLFVBQVUsS0FBSyxRQUFRO1FBQ2pDLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLEdBQUc7UUFDbkIsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUztRQUN6QixJQUFBLGdDQUFvQixFQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQzlDLENBQUM7QUFDSixDQUFDO0FBRU0sS0FBSyxVQUFVLGNBQWMsQ0FDbEMsV0FBbUIsRUFDbkIsU0FBaUM7SUFFakMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCx1REFBdUQ7SUFDdkQsSUFBQSw0QkFBaUIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixNQUFNLFdBQVcsR0FBRyxJQUFBLHdDQUE2QixFQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9ELE1BQU0sUUFBUSxHQUFHLElBQUksNEJBQWMsQ0FBQztRQUNsQyxXQUFXO0tBQ1osQ0FBQyxDQUFDO0lBQ0gsSUFBSSxDQUFDO1FBQ0gsTUFBTSxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQztZQUM1RCxTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7WUFDbEMsQ0FBQyxFQUFFLEdBQUc7U0FDUCxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBcUI7WUFDL0IsU0FBUztZQUNULEdBQUcsRUFBRSxXQUFXO1lBQ2hCLFNBQVMsRUFBRSxTQUFTLElBQUksVUFBVTtZQUNsQyxHQUFHLENBQUMsR0FBRyxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDcEIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSxrQkFBa0IsQ0FBQyxXQUFtQjtJQUMxRCxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxhQUFhLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsU0FBUyxDQUFDLHlCQUF5QixDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0sT0FBTyxHQUFHLGFBQWEsRUFBRSxRQUFzQyxDQUFDO1FBQ3RFLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksd0JBQVksQ0FDcEIsb0NBQW9DLFdBQVcsZ0RBQWdELENBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQXFCO1lBQy9CLFNBQVMsRUFBRSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUc7WUFDakMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxPQUFPO1lBQ3BCLFNBQVMsRUFBRSxPQUFPLENBQUMsVUFBVSxDQUFDLFNBQVM7WUFDdkMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsR0FBRztTQUM1QixDQUFDO1FBQ0YsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxJQUFJLFdBQVcsaUJBQWlCLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3RGLENBQUM7QUFDSCxDQUFDIn0=
|
|
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.AccessToken = void 0;
|
|
7
7
|
const dpop_js_1 = __importDefault(require("./dpop.js"));
|
|
8
8
|
const auth_js_1 = require("./auth.js");
|
|
9
|
+
const tokenExpiry_js_1 = require("./tokenExpiry.js");
|
|
9
10
|
const index_js_1 = require("../encodings/index.js");
|
|
10
11
|
const errors_js_1 = require("../errors.js");
|
|
11
12
|
const utils_js_1 = require("../utils.js");
|
|
@@ -140,19 +141,24 @@ class AccessToken {
|
|
|
140
141
|
}
|
|
141
142
|
/**
|
|
142
143
|
* Gets an access token; operates lazily/cached, with an optional check for freshness.
|
|
143
|
-
*
|
|
144
|
+
*
|
|
145
|
+
* Freshness is determined locally from the token's `exp` claim (or the OAuth
|
|
146
|
+
* `expires_in` from the token response) — no network round trip. This replaces an
|
|
147
|
+
* earlier scheme that validated cached tokens against the OIDC `userinfo` endpoint.
|
|
148
|
+
* @param validate if we should check that any cached access token is still fresh
|
|
149
|
+
* before returning it; when false, a cached token is returned regardless of expiry
|
|
144
150
|
* @returns
|
|
145
151
|
*/
|
|
146
152
|
async get(validate = true) {
|
|
147
|
-
if (this.data?.access_token) {
|
|
153
|
+
if (this.data?.access_token && (!validate || !(0, tokenExpiry_js_1.isTokenExpired)(this.cachedExpiry))) {
|
|
154
|
+
return this.data.access_token;
|
|
155
|
+
}
|
|
156
|
+
// Dedupe concurrent refreshes so a burst of requests triggers one exchange.
|
|
157
|
+
if (this.inFlight) {
|
|
158
|
+
return this.inFlight;
|
|
159
|
+
}
|
|
160
|
+
this.inFlight = (async () => {
|
|
148
161
|
try {
|
|
149
|
-
if (validate) {
|
|
150
|
-
await this.info(this.data.access_token);
|
|
151
|
-
}
|
|
152
|
-
return this.data.access_token;
|
|
153
|
-
}
|
|
154
|
-
catch (e) {
|
|
155
|
-
console.log('access_token fails on user_info endpoint; attempting to renew', e);
|
|
156
162
|
if (this.data?.refresh_token) {
|
|
157
163
|
// Prefer the latest refresh_token if present over creds passed in
|
|
158
164
|
// to constructor
|
|
@@ -163,10 +169,15 @@ class AccessToken {
|
|
|
163
169
|
};
|
|
164
170
|
}
|
|
165
171
|
delete this.data;
|
|
172
|
+
const tokenResponse = (this.data = await this.accessTokenLookup(this.config));
|
|
173
|
+
this.cachedExpiry = (0, tokenExpiry_js_1.resolveTokenExpiry)(tokenResponse.access_token, tokenResponse.expires_in);
|
|
174
|
+
return tokenResponse.access_token;
|
|
166
175
|
}
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
176
|
+
finally {
|
|
177
|
+
delete this.inFlight;
|
|
178
|
+
}
|
|
179
|
+
})();
|
|
180
|
+
return this.inFlight;
|
|
170
181
|
}
|
|
171
182
|
/**
|
|
172
183
|
* A TDF client MUST call this method whenever the client wants to use a new
|
|
@@ -176,13 +187,15 @@ class AccessToken {
|
|
|
176
187
|
* Calling this function will trigger a forcible token refresh using the cached refresh token, and contact the auth server.
|
|
177
188
|
*/
|
|
178
189
|
async refreshTokenClaimsWithClientPubkeyIfNeeded(signingKey) {
|
|
179
|
-
// If we already have a token, and the pubkey
|
|
180
|
-
// we
|
|
181
|
-
//
|
|
182
|
-
if (this.
|
|
190
|
+
// If we already have a token, and the pubkey is unchanged,
|
|
191
|
+
// we can keep the cached token - otherwise drop it so the next `get()`
|
|
192
|
+
// refetches a token bound to the new public key.
|
|
193
|
+
if (this.data?.access_token && signingKey === this.signingKey) {
|
|
183
194
|
return;
|
|
184
195
|
}
|
|
185
|
-
delete this.
|
|
196
|
+
delete this.data;
|
|
197
|
+
delete this.cachedExpiry;
|
|
198
|
+
delete this.inFlight;
|
|
186
199
|
this.signingKey = signingKey;
|
|
187
200
|
}
|
|
188
201
|
/**
|
|
@@ -213,7 +226,7 @@ class AccessToken {
|
|
|
213
226
|
if (this.config.dpopEnabled && !this.signingKey) {
|
|
214
227
|
throw new errors_js_1.ConfigurationError('Client public key was not set via `updateClientPublicKey` or passed in via constructor; required when DPoP is enabled');
|
|
215
228
|
}
|
|
216
|
-
const accessToken =
|
|
229
|
+
const accessToken = await this.get();
|
|
217
230
|
if (this.config.dpopEnabled && this.signingKey) {
|
|
218
231
|
const dpopToken = await (0, dpop_js_1.default)(this.signingKey, this.cryptoService, httpReq.url, httpReq.method,
|
|
219
232
|
/* nonce */ undefined, accessToken);
|
|
@@ -224,4 +237,4 @@ class AccessToken {
|
|
|
224
237
|
}
|
|
225
238
|
}
|
|
226
239
|
exports.AccessToken = AccessToken;
|
|
227
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
240
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsd0RBQThDO0FBQzlDLHVDQUFxRDtBQUNyRCxxREFBc0U7QUFDdEUsb0RBQStDO0FBQy9DLDRDQUE0RDtBQUM1RCwwQ0FBcUM7QUFxRHJDLE1BQU0sVUFBVSxHQUFHLENBQUMsR0FBMkIsRUFBRSxFQUFFLENBQUMsSUFBSSxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7QUFReEY7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXFCRztBQUNILE1BQWEsV0FBVztJQXVCdEIsWUFBWSxHQUFvQixFQUFFLGFBQTRCLEVBQUUsT0FBc0I7UUFWdEYsaUJBQVksR0FBMkIsRUFBRSxDQUFDO1FBV3hDLElBQUksQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiw0RUFBNEUsQ0FDN0UsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssUUFBUSxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ25ELE1BQU0sSUFBSSw4QkFBa0IsQ0FDMUIsNEVBQTRFLENBQzdFLENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxHQUFHLENBQUMsUUFBUSxLQUFLLFNBQVMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNwRCxNQUFNLElBQUksOEJBQWtCLENBQUMsNERBQTRELENBQUMsQ0FBQztRQUM3RixDQUFDO1FBQ0QsSUFBSSxHQUFHLENBQUMsUUFBUSxLQUFLLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNwRCxNQUFNLElBQUksOEJBQWtCLENBQUMsbURBQW1ELENBQUMsQ0FBQztRQUNwRixDQUFDO1FBQ0QsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksOEJBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBQ0QsSUFBSSxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUM7UUFDbEIsSUFBSSxDQUFDLGFBQWEsR0FBRyxhQUFhLENBQUM7UUFDbkMsSUFBSSxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUM7UUFDdkIsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFBLGlCQUFNLEVBQUMsR0FBRyxDQUFDLFVBQVUsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMzQyxJQUFJLENBQUMsYUFBYSxHQUFHLEdBQUcsQ0FBQyxpQkFBaUIsSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLGdDQUFnQyxDQUFDO1FBQzlGLElBQUksQ0FBQyxnQkFBZ0I7WUFDbkIsR0FBRyxDQUFDLG9CQUFvQixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sbUNBQW1DLENBQUM7UUFDakYsSUFBSSxDQUFDLFVBQVUsR0FBRyxHQUFHLENBQUMsVUFBVSxDQUFDO0lBQ25DLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFtQjtRQUM1QixNQUFNLE9BQU8sR0FBRztZQUNkLEdBQUcsSUFBSSxDQUFDLFlBQVk7WUFDcEIsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFO1NBQ2IsQ0FBQztRQUM1QixJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMvQyxPQUFPLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBQSxpQkFBTSxFQUN6QixJQUFJLENBQUMsVUFBVSxFQUNmLElBQUksQ0FBQyxhQUFhLEVBQ2xCLElBQUksQ0FBQyxnQkFBZ0IsRUFDckIsTUFBTSxDQUNQLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLENBQUMsSUFBSSxDQUFDLGdCQUFnQixFQUFFO1lBQ3BFLE9BQU87U0FDUixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2pCLE9BQU8sQ0FBQyxLQUFLLENBQUMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUNyQyxNQUFNLElBQUksb0JBQVEsQ0FDaEIsd0JBQXdCLElBQUksQ0FBQyxnQkFBZ0IsUUFBUSxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FDOUYsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLENBQUMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQVksQ0FBQztJQUM1QyxDQUFDO0lBRUQsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFXLEVBQUUsQ0FBeUI7UUFDakQsTUFBTSxPQUFPLEdBQTJCO1lBQ3RDLGNBQWMsRUFBRSxtQ0FBbUM7WUFDbkQsTUFBTSxFQUFFLGtCQUFrQjtTQUMzQixDQUFDO1FBQ0YsaUNBQWlDO1FBQ2pDLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO2dCQUNyQixNQUFNLElBQUksOEJBQWtCLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUMxRCxDQUFDO1lBQ0Qsb0RBQW9EO1lBQ3BELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQzVGLHFFQUFxRTtZQUNyRSwwRUFBMEU7WUFDMUUsT0FBTyxDQUFDLGdCQUFnQixDQUFDLEdBQUcsaUJBQU0sQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDeEQsT0FBTyxDQUFDLElBQUksR0FBRyxNQUFNLElBQUEsaUJBQU0sRUFBQyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxhQUFhLEVBQUUsR0FBRyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQ2hGLENBQUM7UUFDRCxPQUFPLENBQUMsSUFBSSxDQUFDLE9BQU8sSUFBSSxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUU7WUFDbEMsTUFBTSxFQUFFLE1BQU07WUFDZCxPQUFPO1lBQ1AsSUFBSSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUM7U0FDcEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxHQUFvQjtRQUMxQyxJQUFJLElBQUksQ0FBQztRQUNULFFBQVEsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3JCLEtBQUssUUFBUTtnQkFDWCxJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLG9CQUFvQjtvQkFDaEMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO29CQUN2QixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7aUJBQ2hDLENBQUM7Z0JBQ0YsTUFBTTtZQUNSLEtBQUssVUFBVTtnQkFDYixJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLGlEQUFpRDtvQkFDN0QsYUFBYSxFQUFFLEdBQUcsQ0FBQyxXQUFXO29CQUM5QixrQkFBa0IsRUFBRSxzQ0FBc0M7b0JBQzFELFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtvQkFDdEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO2lCQUN4QixDQUFDO2dCQUNGLE1BQU07WUFDUixLQUFLLFNBQVM7Z0JBQ1osSUFBSSxHQUFHO29CQUNMLFVBQVUsRUFBRSxlQUFlO29CQUMzQixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7b0JBQy9CLFNBQVMsRUFBRSxHQUFHLENBQUMsUUFBUTtpQkFDeEIsQ0FBQztnQkFDRixNQUFNO1FBQ1YsQ0FBQztRQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQzdELElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDakIsT0FBTyxDQUFDLEtBQUssQ0FBQyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3JDLE1BQU0sSUFBSSxvQkFBUSxDQUNoQixtQ0FBbUMsSUFBSSxDQUFDLGFBQWEsUUFBUSxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FDdEcsQ0FBQztRQUNKLENBQUM7UUFDRCxPQUFPLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0gsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEdBQUcsSUFBSTtRQUN2QixJQUFJLElBQUksQ0FBQyxJQUFJLEVBQUUsWUFBWSxJQUFJLENBQUMsQ0FBQyxRQUFRLElBQUksQ0FBQyxJQUFBLCtCQUFjLEVBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUNqRixPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDO1FBQ2hDLENBQUM7UUFFRCw0RUFBNEU7UUFDNUUsSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3ZCLENBQUM7UUFFRCxJQUFJLENBQUMsUUFBUSxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDMUIsSUFBSSxDQUFDO2dCQUNILElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUUsQ0FBQztvQkFDN0Isa0VBQWtFO29CQUNsRSxpQkFBaUI7b0JBQ2pCLElBQUksQ0FBQyxNQUFNLEdBQUc7d0JBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTt3QkFDZCxRQUFRLEVBQUUsU0FBUzt3QkFDbkIsWUFBWSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYTtxQkFDdEMsQ0FBQztnQkFDSixDQUFDO2dCQUNELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQztnQkFFakIsTUFBTSxhQUFhLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO2dCQUM5RSxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUEsbUNBQWtCLEVBQ3BDLGFBQWEsQ0FBQyxZQUFZLEVBQzFCLGFBQWEsQ0FBQyxVQUFVLENBQ3pCLENBQUM7Z0JBQ0YsT0FBTyxhQUFhLENBQUMsWUFBWSxDQUFDO1lBQ3BDLENBQUM7b0JBQVMsQ0FBQztnQkFDVCxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUM7WUFDdkIsQ0FBQztRQUNILENBQUMsQ0FBQyxFQUFFLENBQUM7UUFFTCxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUM7SUFDdkIsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxVQUFtQjtRQUNsRSwyREFBMkQ7UUFDM0QsdUVBQXVFO1FBQ3ZFLGlEQUFpRDtRQUNqRCxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQUUsWUFBWSxJQUFJLFVBQVUsS0FBSyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDOUQsT0FBTztRQUNULENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7UUFDakIsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQixJQUFJLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQztJQUMvQixDQUFDO0lBRUQ7O09BRUc7SUFDSCxLQUFLLENBQUMsdUJBQXVCO1FBQzNCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUM7UUFDeEIsSUFBSSxHQUFHLENBQUMsUUFBUSxJQUFJLFVBQVUsSUFBSSxHQUFHLENBQUMsUUFBUSxJQUFJLFNBQVMsRUFBRSxDQUFDO1lBQzVELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFDRCxNQUFNLGFBQWEsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDOUUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNqQyxPQUFPLENBQUMsR0FBRyxDQUFDLDJCQUEyQixDQUFDLENBQUM7WUFDekMsT0FBTyxDQUNMLENBQUMsR0FBRyxDQUFDLFFBQVEsSUFBSSxTQUFTLElBQUksR0FBRyxDQUFDLFlBQVksQ0FBQztnQkFDL0MsQ0FBQyxHQUFHLENBQUMsUUFBUSxJQUFJLFVBQVUsSUFBSSxHQUFHLENBQUMsV0FBVyxDQUFDO2dCQUMvQyxFQUFFLENBQ0gsQ0FBQztRQUNKLENBQUM7UUFDRCxrRUFBa0U7UUFDbEUsaUJBQWlCO1FBQ2pCLElBQUksQ0FBQyxNQUFNLEdBQUc7WUFDWixHQUFHLElBQUksQ0FBQyxNQUFNO1lBQ2QsUUFBUSxFQUFFLFNBQVM7WUFDbkIsWUFBWSxFQUFFLGFBQWEsQ0FBQyxhQUFhO1NBQzFDLENBQUM7UUFDRixPQUFPLGFBQWEsQ0FBQyxZQUFZLENBQUM7SUFDcEMsQ0FBQztJQUVELEtBQUssQ0FBQyxTQUFTLENBQUMsT0FBb0I7UUFDbEMsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNoRCxNQUFNLElBQUksOEJBQWtCLENBQzFCLHVIQUF1SCxDQUN4SCxDQUFDO1FBQ0osQ0FBQztRQUNELE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQ3JDLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQy9DLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBQSxpQkFBTSxFQUM1QixJQUFJLENBQUMsVUFBVSxFQUNmLElBQUksQ0FBQyxhQUFhLEVBQ2xCLE9BQU8sQ0FBQyxHQUFHLEVBQ1gsT0FBTyxDQUFDLE1BQU07WUFDZCxXQUFXLENBQUMsU0FBUyxFQUNyQixXQUFXLENBQ1osQ0FBQztZQUNGLHVFQUF1RTtZQUN2RSxPQUFPLElBQUEscUJBQVcsRUFBQyxPQUFPLEVBQUUsRUFBRSxhQUFhLEVBQUUsVUFBVSxXQUFXLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztRQUMzRixDQUFDO1FBQ0QsT0FBTyxJQUFBLHFCQUFXLEVBQUMsT0FBTyxFQUFFLEVBQUUsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7Q0FDRjtBQXBRRCxrQ0FvUUMifQ==
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.clientCredentialsTokenProvider = clientCredentialsTokenProvider;
|
|
4
4
|
exports.refreshTokenProvider = refreshTokenProvider;
|
|
5
5
|
exports.externalJwtTokenProvider = externalJwtTokenProvider;
|
|
6
|
+
const tokenExpiry_js_1 = require("./tokenExpiry.js");
|
|
6
7
|
const errors_js_1 = require("../errors.js");
|
|
7
8
|
const utils_js_1 = require("../utils.js");
|
|
8
9
|
function resolveTokenEndpoint(oidcOrigin, override) {
|
|
@@ -14,40 +15,6 @@ function resolveTokenEndpoint(oidcOrigin, override) {
|
|
|
14
15
|
}
|
|
15
16
|
return `${(0, utils_js_1.rstrip)(base, '/')}/protocol/openid-connect/token`;
|
|
16
17
|
}
|
|
17
|
-
/**
|
|
18
|
-
* Decode a JWT's exp claim without verifying the signature.
|
|
19
|
-
* Returns the expiration time in seconds since epoch, or undefined if not present.
|
|
20
|
-
*/
|
|
21
|
-
function getJwtExpiration(token) {
|
|
22
|
-
try {
|
|
23
|
-
const parts = token.split('.');
|
|
24
|
-
if (parts.length !== 3)
|
|
25
|
-
return undefined;
|
|
26
|
-
// Base64url decode the payload
|
|
27
|
-
const payload = parts[1].replace(/-/g, '+').replace(/_/g, '/');
|
|
28
|
-
const padded = payload + '='.repeat((4 - (payload.length % 4)) % 4);
|
|
29
|
-
const decoded = JSON.parse(atob(padded));
|
|
30
|
-
return typeof decoded.exp === 'number' ? decoded.exp : undefined;
|
|
31
|
-
}
|
|
32
|
-
catch {
|
|
33
|
-
return undefined;
|
|
34
|
-
}
|
|
35
|
-
}
|
|
36
|
-
/**
|
|
37
|
-
* Compute the absolute expiry (seconds since epoch) for a token response.
|
|
38
|
-
* Prefers `expires_in` from the token response, falls back to the JWT `exp` claim.
|
|
39
|
-
*/
|
|
40
|
-
function resolveTokenExpiry(accessToken, expiresIn) {
|
|
41
|
-
if (typeof expiresIn === 'number') {
|
|
42
|
-
return Date.now() / 1000 + expiresIn;
|
|
43
|
-
}
|
|
44
|
-
return getJwtExpiration(accessToken);
|
|
45
|
-
}
|
|
46
|
-
function isTokenExpired(expiry, bufferSeconds = 30) {
|
|
47
|
-
if (expiry === undefined)
|
|
48
|
-
return true;
|
|
49
|
-
return Date.now() / 1000 >= expiry - bufferSeconds;
|
|
50
|
-
}
|
|
51
18
|
async function fetchToken(tokenEndpoint, body) {
|
|
52
19
|
const response = await fetch(tokenEndpoint, {
|
|
53
20
|
method: 'POST',
|
|
@@ -91,7 +58,7 @@ function clientCredentialsTokenProvider(options) {
|
|
|
91
58
|
let cachedExpiry;
|
|
92
59
|
let inFlight;
|
|
93
60
|
return async () => {
|
|
94
|
-
if (cachedToken && !isTokenExpired(cachedExpiry)) {
|
|
61
|
+
if (cachedToken && !(0, tokenExpiry_js_1.isTokenExpired)(cachedExpiry)) {
|
|
95
62
|
return cachedToken;
|
|
96
63
|
}
|
|
97
64
|
if (!inFlight) {
|
|
@@ -103,7 +70,7 @@ function clientCredentialsTokenProvider(options) {
|
|
|
103
70
|
client_secret: options.clientSecret,
|
|
104
71
|
});
|
|
105
72
|
cachedToken = resp.access_token;
|
|
106
|
-
cachedExpiry = resolveTokenExpiry(resp.access_token, resp.expires_in);
|
|
73
|
+
cachedExpiry = (0, tokenExpiry_js_1.resolveTokenExpiry)(resp.access_token, resp.expires_in);
|
|
107
74
|
return cachedToken;
|
|
108
75
|
}
|
|
109
76
|
finally {
|
|
@@ -141,7 +108,7 @@ function refreshTokenProvider(options) {
|
|
|
141
108
|
let cachedExpiry;
|
|
142
109
|
let inFlight;
|
|
143
110
|
return async () => {
|
|
144
|
-
if (cachedToken && !isTokenExpired(cachedExpiry)) {
|
|
111
|
+
if (cachedToken && !(0, tokenExpiry_js_1.isTokenExpired)(cachedExpiry)) {
|
|
145
112
|
return cachedToken;
|
|
146
113
|
}
|
|
147
114
|
if (!inFlight) {
|
|
@@ -153,7 +120,7 @@ function refreshTokenProvider(options) {
|
|
|
153
120
|
client_id: options.clientId,
|
|
154
121
|
});
|
|
155
122
|
cachedToken = resp.access_token;
|
|
156
|
-
cachedExpiry = resolveTokenExpiry(resp.access_token, resp.expires_in);
|
|
123
|
+
cachedExpiry = (0, tokenExpiry_js_1.resolveTokenExpiry)(resp.access_token, resp.expires_in);
|
|
157
124
|
if (resp.refresh_token) {
|
|
158
125
|
currentRefreshToken = resp.refresh_token;
|
|
159
126
|
}
|
|
@@ -195,7 +162,7 @@ function externalJwtTokenProvider(options) {
|
|
|
195
162
|
let initialExchangeDone = false;
|
|
196
163
|
let inFlight;
|
|
197
164
|
return async () => {
|
|
198
|
-
if (cachedToken && !isTokenExpired(cachedExpiry)) {
|
|
165
|
+
if (cachedToken && !(0, tokenExpiry_js_1.isTokenExpired)(cachedExpiry)) {
|
|
199
166
|
return cachedToken;
|
|
200
167
|
}
|
|
201
168
|
if (!inFlight) {
|
|
@@ -230,7 +197,7 @@ function externalJwtTokenProvider(options) {
|
|
|
230
197
|
});
|
|
231
198
|
}
|
|
232
199
|
cachedToken = resp.access_token;
|
|
233
|
-
cachedExpiry = resolveTokenExpiry(resp.access_token, resp.expires_in);
|
|
200
|
+
cachedExpiry = (0, tokenExpiry_js_1.resolveTokenExpiry)(resp.access_token, resp.expires_in);
|
|
234
201
|
if (resp.refresh_token) {
|
|
235
202
|
currentRefreshToken = resp.refresh_token;
|
|
236
203
|
}
|
|
@@ -244,4 +211,4 @@ function externalJwtTokenProvider(options) {
|
|
|
244
211
|
return inFlight;
|
|
245
212
|
};
|
|
246
213
|
}
|
|
247
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
214
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidG9rZW4tcHJvdmlkZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2F1dGgvdG9rZW4tcHJvdmlkZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBeUdBLHdFQWlDQztBQW1CRCxvREFtQ0M7QUFtQkQsNERBMERDO0FBNVFELHFEQUFzRTtBQUN0RSw0Q0FBNEQ7QUFDNUQsMENBQXFDO0FBcURyQyxTQUFTLG9CQUFvQixDQUFDLFVBQWtCLEVBQUUsUUFBaUI7SUFDakUsSUFBSSxRQUFRLEVBQUUsSUFBSSxFQUFFO1FBQUUsT0FBTyxRQUFRLENBQUM7SUFDdEMsTUFBTSxJQUFJLEdBQUcsVUFBVSxFQUFFLElBQUksRUFBRSxDQUFDO0lBQ2hDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNWLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFDRCxPQUFPLEdBQUcsSUFBQSxpQkFBTSxFQUFDLElBQUksRUFBRSxHQUFHLENBQUMsZ0NBQWdDLENBQUM7QUFDOUQsQ0FBQztBQUVELEtBQUssVUFBVSxVQUFVLENBQ3ZCLGFBQXFCLEVBQ3JCLElBQTRCO0lBRTVCLE1BQU0sUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLGFBQWEsRUFBRTtRQUMxQyxNQUFNLEVBQUUsTUFBTTtRQUNkLE9BQU8sRUFBRTtZQUNQLGNBQWMsRUFBRSxtQ0FBbUM7WUFDbkQsTUFBTSxFQUFFLGtCQUFrQjtTQUMzQjtRQUNELElBQUksRUFBRSxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxRQUFRLEVBQUU7S0FDM0MsQ0FBQyxDQUFDO0lBQ0gsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNuQyxNQUFNLElBQUksb0JBQVEsQ0FDaEIsK0JBQStCLGFBQWEsUUFBUSxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEtBQUssSUFBSSxFQUFFLENBQ3RHLENBQUM7SUFDSixDQUFDO0lBQ0QsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFrQixDQUFDO0FBQ2xELENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBQ0gsU0FBZ0IsOEJBQThCLENBQzVDLE9BQThDO0lBRTlDLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQy9DLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFDRCxNQUFNLGFBQWEsR0FBRyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQzFGLElBQUksV0FBK0IsQ0FBQztJQUNwQyxJQUFJLFlBQWdDLENBQUM7SUFDckMsSUFBSSxRQUFxQyxDQUFDO0lBRTFDLE9BQU8sS0FBSyxJQUFJLEVBQUU7UUFDaEIsSUFBSSxXQUFXLElBQUksQ0FBQyxJQUFBLCtCQUFjLEVBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUNqRCxPQUFPLFdBQVcsQ0FBQztRQUNyQixDQUFDO1FBQ0QsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2QsUUFBUSxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ3JCLElBQUksQ0FBQztvQkFDSCxNQUFNLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxhQUFhLEVBQUU7d0JBQzNDLFVBQVUsRUFBRSxvQkFBb0I7d0JBQ2hDLFNBQVMsRUFBRSxPQUFPLENBQUMsUUFBUTt3QkFDM0IsYUFBYSxFQUFFLE9BQU8sQ0FBQyxZQUFZO3FCQUNwQyxDQUFDLENBQUM7b0JBQ0gsV0FBVyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUM7b0JBQ2hDLFlBQVksR0FBRyxJQUFBLG1DQUFrQixFQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO29CQUN0RSxPQUFPLFdBQVcsQ0FBQztnQkFDckIsQ0FBQzt3QkFBUyxDQUFDO29CQUNULFFBQVEsR0FBRyxTQUFTLENBQUM7Z0JBQ3ZCLENBQUM7WUFDSCxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ1AsQ0FBQztRQUNELE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7OztHQWdCRztBQUNILFNBQWdCLG9CQUFvQixDQUFDLE9BQW9DO0lBQ3ZFLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQy9DLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFDRCxNQUFNLGFBQWEsR0FBRyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQzFGLElBQUksbUJBQW1CLEdBQUcsT0FBTyxDQUFDLFlBQVksQ0FBQztJQUMvQyxJQUFJLFdBQStCLENBQUM7SUFDcEMsSUFBSSxZQUFnQyxDQUFDO0lBQ3JDLElBQUksUUFBcUMsQ0FBQztJQUUxQyxPQUFPLEtBQUssSUFBSSxFQUFFO1FBQ2hCLElBQUksV0FBVyxJQUFJLENBQUMsSUFBQSwrQkFBYyxFQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDakQsT0FBTyxXQUFXLENBQUM7UUFDckIsQ0FBQztRQUNELElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNkLFFBQVEsR0FBRyxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNyQixJQUFJLENBQUM7b0JBQ0gsTUFBTSxJQUFJLEdBQUcsTUFBTSxVQUFVLENBQUMsYUFBYSxFQUFFO3dCQUMzQyxVQUFVLEVBQUUsZUFBZTt3QkFDM0IsYUFBYSxFQUFFLG1CQUFtQjt3QkFDbEMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxRQUFRO3FCQUM1QixDQUFDLENBQUM7b0JBQ0gsV0FBVyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUM7b0JBQ2hDLFlBQVksR0FBRyxJQUFBLG1DQUFrQixFQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO29CQUN0RSxJQUFJLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQzt3QkFDdkIsbUJBQW1CLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQztvQkFDM0MsQ0FBQztvQkFDRCxPQUFPLFdBQVcsQ0FBQztnQkFDckIsQ0FBQzt3QkFBUyxDQUFDO29CQUNULFFBQVEsR0FBRyxTQUFTLENBQUM7Z0JBQ3ZCLENBQUM7WUFDSCxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ1AsQ0FBQztRQUNELE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7OztHQWdCRztBQUNILFNBQWdCLHdCQUF3QixDQUFDLE9BQXdDO0lBQy9FLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQzlDLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO0lBQ3hFLENBQUM7SUFDRCxNQUFNLGFBQWEsR0FBRyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQzFGLElBQUksV0FBK0IsQ0FBQztJQUNwQyxJQUFJLFlBQWdDLENBQUM7SUFDckMsSUFBSSxtQkFBdUMsQ0FBQztJQUM1QyxJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztJQUNoQyxJQUFJLFFBQXFDLENBQUM7SUFFMUMsT0FBTyxLQUFLLElBQUksRUFBRTtRQUNoQixJQUFJLFdBQVcsSUFBSSxDQUFDLElBQUEsK0JBQWMsRUFBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1lBQ2pELE9BQU8sV0FBVyxDQUFDO1FBQ3JCLENBQUM7UUFDRCxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDZCxRQUFRLEdBQUcsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDckIsSUFBSSxDQUFDO29CQUNILElBQUksSUFBbUIsQ0FBQztvQkFDeEIsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7d0JBQ3pCLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxhQUFhLEVBQUU7NEJBQ3JDLFVBQVUsRUFBRSxpREFBaUQ7NEJBQzdELGFBQWEsRUFBRSxPQUFPLENBQUMsV0FBVzs0QkFDbEMsa0JBQWtCLEVBQUUsc0NBQXNDOzRCQUMxRCxRQUFRLEVBQUUsT0FBTyxDQUFDLFFBQVE7NEJBQzFCLFNBQVMsRUFBRSxPQUFPLENBQUMsUUFBUTt5QkFDNUIsQ0FBQyxDQUFDO3dCQUNILG1CQUFtQixHQUFHLElBQUksQ0FBQztvQkFDN0IsQ0FBQzt5QkFBTSxJQUFJLG1CQUFtQixFQUFFLENBQUM7d0JBQy9CLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxhQUFhLEVBQUU7NEJBQ3JDLFVBQVUsRUFBRSxlQUFlOzRCQUMzQixhQUFhLEVBQUUsbUJBQW1COzRCQUNsQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFFBQVE7eUJBQzVCLENBQUMsQ0FBQztvQkFDTCxDQUFDO3lCQUFNLENBQUM7d0JBQ04sNkRBQTZEO3dCQUM3RCxJQUFJLEdBQUcsTUFBTSxVQUFVLENBQUMsYUFBYSxFQUFFOzRCQUNyQyxVQUFVLEVBQUUsaURBQWlEOzRCQUM3RCxhQUFhLEVBQUUsT0FBTyxDQUFDLFdBQVc7NEJBQ2xDLGtCQUFrQixFQUFFLHNDQUFzQzs0QkFDMUQsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFROzRCQUMxQixTQUFTLEVBQUUsT0FBTyxDQUFDLFFBQVE7eUJBQzVCLENBQUMsQ0FBQztvQkFDTCxDQUFDO29CQUVELFdBQVcsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDO29CQUNoQyxZQUFZLEdBQUcsSUFBQSxtQ0FBa0IsRUFBQyxJQUFJLENBQUMsWUFBWSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztvQkFDdEUsSUFBSSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7d0JBQ3ZCLG1CQUFtQixHQUFHLElBQUksQ0FBQyxhQUFhLENBQUM7b0JBQzNDLENBQUM7b0JBQ0QsT0FBTyxXQUFXLENBQUM7Z0JBQ3JCLENBQUM7d0JBQVMsQ0FBQztvQkFDVCxRQUFRLEdBQUcsU0FBUyxDQUFDO2dCQUN2QixDQUFDO1lBQ0gsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUNQLENBQUM7UUFDRCxPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDLENBQUM7QUFDSixDQUFDIn0=
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Helpers for deciding whether a cached access token is still fresh, using the
|
|
4
|
+
* JWT `exp` claim (or an OAuth `expires_in`) rather than a network round trip.
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.getJwtExpiration = getJwtExpiration;
|
|
8
|
+
exports.resolveTokenExpiry = resolveTokenExpiry;
|
|
9
|
+
exports.isTokenExpired = isTokenExpired;
|
|
10
|
+
/**
|
|
11
|
+
* Decode a JWT's exp claim without verifying the signature.
|
|
12
|
+
* Returns the expiration time in seconds since epoch, or undefined if not present.
|
|
13
|
+
*/
|
|
14
|
+
function getJwtExpiration(token) {
|
|
15
|
+
try {
|
|
16
|
+
const parts = token.split('.');
|
|
17
|
+
if (parts.length !== 3)
|
|
18
|
+
return undefined;
|
|
19
|
+
// Base64url decode the payload
|
|
20
|
+
const payload = parts[1].replace(/-/g, '+').replace(/_/g, '/');
|
|
21
|
+
const padded = payload + '='.repeat((4 - (payload.length % 4)) % 4);
|
|
22
|
+
const decoded = JSON.parse(atob(padded));
|
|
23
|
+
return typeof decoded.exp === 'number' ? decoded.exp : undefined;
|
|
24
|
+
}
|
|
25
|
+
catch {
|
|
26
|
+
return undefined;
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Compute the absolute expiry (seconds since epoch) for a token response.
|
|
31
|
+
* Prefers `expires_in` from the token response, falls back to the JWT `exp` claim.
|
|
32
|
+
*/
|
|
33
|
+
function resolveTokenExpiry(accessToken, expiresIn) {
|
|
34
|
+
if (typeof expiresIn === 'number') {
|
|
35
|
+
return Math.floor(Date.now() / 1000) + expiresIn;
|
|
36
|
+
}
|
|
37
|
+
return getJwtExpiration(accessToken);
|
|
38
|
+
}
|
|
39
|
+
function isTokenExpired(expiry, bufferSeconds = 30) {
|
|
40
|
+
if (expiry === undefined)
|
|
41
|
+
return true;
|
|
42
|
+
return Math.floor(Date.now() / 1000) >= expiry - bufferSeconds;
|
|
43
|
+
}
|
|
44
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidG9rZW5FeHBpcnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvYXV0aC90b2tlbkV4cGlyeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7OztHQUdHOztBQU1ILDRDQVlDO0FBTUQsZ0RBS0M7QUFFRCx3Q0FHQztBQWhDRDs7O0dBR0c7QUFDSCxTQUFnQixnQkFBZ0IsQ0FBQyxLQUFhO0lBQzVDLElBQUksQ0FBQztRQUNILE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDL0IsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUN6QywrQkFBK0I7UUFDL0IsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMvRCxNQUFNLE1BQU0sR0FBRyxPQUFPLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUNwRSxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQ3pDLE9BQU8sT0FBTyxPQUFPLENBQUMsR0FBRyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBQ25FLENBQUM7SUFBQyxNQUFNLENBQUM7UUFDUCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7R0FHRztBQUNILFNBQWdCLGtCQUFrQixDQUFDLFdBQW1CLEVBQUUsU0FBa0I7SUFDeEUsSUFBSSxPQUFPLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNsQyxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLFNBQVMsQ0FBQztJQUNuRCxDQUFDO0lBQ0QsT0FBTyxnQkFBZ0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztBQUN2QyxDQUFDO0FBRUQsU0FBZ0IsY0FBYyxDQUFDLE1BQTBCLEVBQUUsYUFBYSxHQUFHLEVBQUU7SUFDM0UsSUFBSSxNQUFNLEtBQUssU0FBUztRQUFFLE9BQU8sSUFBSSxDQUFDO0lBQ3RDLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLElBQUksTUFBTSxHQUFHLGFBQWEsQ0FBQztBQUNqRSxDQUFDIn0=
|
package/dist/cjs/src/version.js
CHANGED
|
@@ -4,7 +4,7 @@ exports.tdfSpecVersion = exports.clientType = exports.version = void 0;
|
|
|
4
4
|
/**
|
|
5
5
|
* Exposes the released version number of the `@opentdf/sdk` package
|
|
6
6
|
*/
|
|
7
|
-
exports.version = '0.
|
|
7
|
+
exports.version = '0.20.0'; // x-release-please-version
|
|
8
8
|
/**
|
|
9
9
|
* A string name used to label requests as coming from this library client.
|
|
10
10
|
*/
|