npm - @pristine-ts/gcp-identity-platform - Versions diffs - 2.0.16 - Mend

@pristine-ts/gcp-identity-platform 2.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/dist/lib/esm/authenticators/identity-platform.authenticator.js ADDED Viewed

@@ -0,0 +1,150 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var IdentityPlatformAuthenticator_1;
+import { inject, injectable, singleton } from "tsyringe";
+import * as jwt from "jsonwebtoken";
+import { HttpMethod, Request, traced } from "@pristine-ts/common";
+import { ResponseTypeEnum } from "@pristine-ts/http";
+import { GcpIdentityPlatformModuleKeyname } from "../gcp-identity-platform.module.keyname";
+/**
+ * The IdentityPlatformAuthenticator verifies Firebase ID tokens (issued by Identity
+ * Platform / Firebase Auth). To use, apply via `@authenticator(IdentityPlatformAuthenticator)`
+ * on a controller class or method.
+ *
+ * Verification flow (mirrors `AwsCognitoAuthenticator`):
+ *   1. Fetch the X.509 cert set from the Google securetoken endpoint and cache it.
+ *   2. Extract the Bearer token from the Authorization header.
+ *   3. Pick the cert that matches the token's `kid`.
+ *   4. Verify the RS256 signature.
+ *   5. Validate standard claims: `iss === https://securetoken.google.com/{projectId}`,
+ *      `aud === projectId`, `exp` in the future, `auth_time` in the past.
+ *
+ * Singleton so the cert cache is reused across requests.
+ */
+let IdentityPlatformAuthenticator = IdentityPlatformAuthenticator_1 = class IdentityPlatformAuthenticator {
+    constructor(projectId, httpClient, logHandler) {
+        this.projectId = projectId;
+        this.httpClient = httpClient;
+        this.logHandler = logHandler;
+    }
+    setContext(context) {
+        this.context = context;
+        return Promise.resolve();
+    }
+    authenticate(request) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
+            this.cachedCerts = (_a = this.cachedCerts) !== null && _a !== void 0 ? _a : yield this.getCerts();
+            const token = this.validateRequestAndReturnToken(request);
+            const cert = this.getCertForToken(token, this.cachedCerts);
+            const claim = this.getAndVerifyClaims(token, cert);
+            this.logHandler.debug("IdentityPlatformAuthenticator: Claim verified.", { extra: { claim } });
+            return {
+                id: (_b = claim.user_id) !== null && _b !== void 0 ? _b : claim.sub,
+                claims: claim,
+            };
+        });
+    }
+    getCerts() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield this.httpClient.request({
+                httpMethod: HttpMethod.Get,
+                url: IdentityPlatformAuthenticator_1.CERTS_URL,
+            }, {
+                responseType: ResponseTypeEnum.Json,
+            });
+            return response.body;
+        });
+    }
+    validateRequestAndReturnToken(request) {
+        var _a;
+        if (request.headers === undefined || (request.hasHeader("Authorization") === false && request.hasHeader("authorization") === false)) {
+            throw new Error("The Authorization header wasn't found in the Request.");
+        }
+        const authorizationHeader = (_a = request.headers.Authorization) !== null && _a !== void 0 ? _a : request.headers.authorization;
+        if (authorizationHeader === undefined) {
+            throw new Error("The Authorization header wasn't found in the Request.");
+        }
+        if (authorizationHeader.startsWith("Bearer ") === false) {
+            throw new Error("The value in Authorization header doesn't start with 'Bearer '");
+        }
+        return authorizationHeader.substr(7, authorizationHeader.length);
+    }
+    getCertForToken(token, certs) {
+        const header = this.getTokenHeader(token);
+        const cert = certs[header.kid];
+        if (cert === undefined) {
+            throw new Error("Claim made for unknown kid");
+        }
+        return cert;
+    }
+    getTokenHeader(token) {
+        const tokenSections = (token || "").split(".");
+        if (tokenSections.length < 2) {
+            throw new Error("Token is invalid");
+        }
+        const headerJSON = Buffer.from(tokenSections[0], "base64").toString("utf8");
+        return JSON.parse(headerJSON);
+    }
+    getAndVerifyClaims(token, cert) {
+        let claim;
+        try {
+            claim = jwt.verify(token, cert, { algorithms: ["RS256"] });
+        }
+        catch (err) {
+            throw new Error("Invalid jwt: " + err.message);
+        }
+        const currentSeconds = Math.floor(Date.now() / 1000);
+        if (currentSeconds > claim.exp || currentSeconds < claim.auth_time) {
+            throw new Error("Claim is expired or invalid");
+        }
+        const expectedIssuer = `https://securetoken.google.com/${this.projectId}`;
+        if (claim.iss !== expectedIssuer) {
+            throw new Error("Claim issuer is invalid");
+        }
+        if (claim.aud !== this.projectId) {
+            throw new Error("Claim audience is invalid");
+        }
+        return claim;
+    }
+};
+/**
+ * Google's X.509 cert endpoint for Firebase ID tokens. Each entry maps `kid` →
+ * PEM-encoded public cert.
+ */
+IdentityPlatformAuthenticator.CERTS_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
+__decorate([
+    traced(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Request]),
+    __metadata("design:returntype", Promise)
+], IdentityPlatformAuthenticator.prototype, "authenticate", null);
+IdentityPlatformAuthenticator = IdentityPlatformAuthenticator_1 = __decorate([
+    singleton(),
+    injectable(),
+    __param(0, inject(`%${GcpIdentityPlatformModuleKeyname}.projectId%`)),
+    __param(1, inject("HttpClientInterface")),
+    __param(2, inject("LogHandlerInterface")),
+    __metadata("design:paramtypes", [String, Object, Object])
+], IdentityPlatformAuthenticator);
+export { IdentityPlatformAuthenticator };
+//# sourceMappingURL=identity-platform.authenticator.js.map

package/dist/lib/esm/authenticators/identity-platform.authenticator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"identity-platform.authenticator.js","sourceRoot":"","sources":["../../../../src/authenticators/identity-platform.authenticator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AACvD,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AACpC,OAAO,EAAC,UAAU,EAAqB,OAAO,EAAE,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAEnF,OAAO,EAAsB,gBAAgB,EAAC,MAAM,mBAAmB,CAAC;AAExE,OAAO,EAAC,gCAAgC,EAAC,MAAM,yCAAyC,CAAC;AAIzF;;;;;;;;;;;;;;GAcG;AAGI,IAAM,6BAA6B,qCAAnC,MAAM,6BAA6B;IAUxC,YAC8E,SAAiB,EAC7C,UAA+B,EAC/B,UAA+B;QAFH,cAAS,GAAT,SAAS,CAAQ;QAC7C,eAAU,GAAV,UAAU,CAAqB;QAC/B,eAAU,GAAV,UAAU,CAAqB;IAEjF,CAAC;IAED,UAAU,CAAC,OAAY;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAGK,YAAY,CAAC,OAAgB;;;YACjC,IAAI,CAAC,WAAW,GAAG,MAAA,IAAI,CAAC,WAAW,mCAAI,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,CAAC;YAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAEnD,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,gDAAgD,EAAE,EAAC,KAAK,EAAE,EAAC,KAAK,EAAC,EAAC,CAAC,CAAC;YAE1F,OAAO;gBACL,EAAE,EAAE,MAAA,KAAK,CAAC,OAAO,mCAAI,KAAK,CAAC,GAAG;gBAC9B,MAAM,EAAE,KAAK;aACd,CAAC;QACJ,CAAC;KAAA;IAEa,QAAQ;;YACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;gBAC7C,UAAU,EAAE,UAAU,CAAC,GAAG;gBAC1B,GAAG,EAAE,+BAA6B,CAAC,SAAS;aAC7C,EAAE;gBACD,YAAY,EAAE,gBAAgB,CAAC,IAAI;aACpC,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC,IAAiC,CAAC;QACpD,CAAC;KAAA;IAEO,6BAA6B,CAAC,OAAgB;;QACpD,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,KAAK,IAAI,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YACpI,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,mBAAmB,GAAG,MAAA,OAAO,CAAC,OAAO,CAAC,aAAa,mCAAI,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC3F,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,mBAAmB,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACpF,CAAC;QACD,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;IAEO,eAAe,CAAC,KAAa,EAAE,KAAgC;QACrE,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,KAAa;QAClC,MAAM,aAAa,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/C,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAyB,CAAC;IACxD,CAAC;IAEO,kBAAkB,CAAC,KAAa,EAAE,IAAY;QACpD,IAAI,KAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAC,UAAU,EAAE,CAAC,OAAO,CAAC,EAAC,CAAmB,CAAC;QAC7E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,eAAe,GAAI,GAAa,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACrD,IAAI,cAAc,GAAG,KAAK,CAAC,GAAG,IAAI,cAAc,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,cAAc,GAAG,kCAAkC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1E,IAAI,KAAK,CAAC,GAAG,KAAK,cAAc,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,KAAK,CAAC,GAAG,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;;AAlGD;;;GAGG;AACqB,uCAAS,GAAG,0FAA0F,AAA7F,CAA8F;AAkBzH;IADL,MAAM,EAAE;;qCACmB,OAAO;;iEAYlC;AAnCU,6BAA6B;IAFzC,SAAS,EAAE;IACX,UAAU,EAAE;IAYR,WAAA,MAAM,CAAC,IAAI,gCAAgC,aAAa,CAAC,CAAA;IACzD,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;IAC7B,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;;GAbrB,6BAA6B,CAoGzC"}

package/dist/lib/esm/gcp-identity-platform.configuration-keys.js ADDED Viewed

@@ -0,0 +1,4 @@
+export const GcpIdentityPlatformConfigurationKeys = {
+    ProjectId: "pristine.gcp-identity-platform.projectId",
+};
+//# sourceMappingURL=gcp-identity-platform.configuration-keys.js.map

package/dist/lib/esm/gcp-identity-platform.configuration-keys.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"gcp-identity-platform.configuration-keys.js","sourceRoot":"","sources":["../../../src/gcp-identity-platform.configuration-keys.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,oCAAoC,GAAG;IAClD,SAAS,EAAE,0CAA0C;CAC7C,CAAC"}

package/dist/lib/esm/gcp-identity-platform.module.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { HttpModule } from "@pristine-ts/http";
+import { EnvironmentVariableResolver } from "@pristine-ts/configuration";
+import { GcpIdentityPlatformModuleKeyname } from "./gcp-identity-platform.module.keyname";
+export * from "./authenticators/authenticators";
+export * from "./guards/guards";
+export * from "./interfaces/interfaces";
+export * from "./gcp-identity-platform.module.keyname";
+export * from "./gcp-identity-platform.configuration-keys";
+export const GcpIdentityPlatformModule = {
+    keyname: GcpIdentityPlatformModuleKeyname,
+    configurationDefinitions: [
+        /**
+         * The Firebase / Identity Platform project id. Verified against the JWT `aud`
+         * claim. The issuer is derived as `https://securetoken.google.com/{projectId}`.
+         */
+        {
+            parameterName: GcpIdentityPlatformModuleKeyname + ".projectId",
+            isRequired: true,
+            defaultResolvers: [
+                new EnvironmentVariableResolver("PRISTINE_GCP_IDENTITY_PLATFORM_PROJECT_ID"),
+                new EnvironmentVariableResolver("GOOGLE_CLOUD_PROJECT"),
+            ],
+        },
+    ],
+    importModules: [
+        HttpModule,
+    ],
+};
+//# sourceMappingURL=gcp-identity-platform.module.js.map

package/dist/lib/esm/gcp-identity-platform.module.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gcp-identity-platform.module.js","sourceRoot":"","sources":["../../../src/gcp-identity-platform.module.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,UAAU,EAAC,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAC,2BAA2B,EAAC,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAC,gCAAgC,EAAC,MAAM,wCAAwC,CAAC;AAExF,cAAc,iCAAiC,CAAC;AAChD,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AAExC,cAAc,wCAAwC,CAAC;AACvD,cAAc,4CAA4C,CAAC;AAE3D,MAAM,CAAC,MAAM,yBAAyB,GAAoB;IACxD,OAAO,EAAE,gCAAgC;IACzC,wBAAwB,EAAE;QACxB;;;WAGG;QACH;YACE,aAAa,EAAE,gCAAgC,GAAG,YAAY;YAC9D,UAAU,EAAE,IAAI;YAChB,gBAAgB,EAAE;gBAChB,IAAI,2BAA2B,CAAC,2CAA2C,CAAC;gBAC5E,IAAI,2BAA2B,CAAC,sBAAsB,CAAC;aACxD;SACF;KACF;IACD,aAAa,EAAE;QACb,UAAU;KACX;CACF,CAAC"}

package/dist/lib/esm/gcp-identity-platform.module.keyname.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export const GcpIdentityPlatformModuleKeyname = "pristine.gcp-identity-platform";
2	+ //# sourceMappingURL=gcp-identity-platform.module.keyname.js.map

package/dist/lib/esm/gcp-identity-platform.module.keyname.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"gcp-identity-platform.module.keyname.js","sourceRoot":"","sources":["../../../src/gcp-identity-platform.module.keyname.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gCAAgC,GAAW,gCAAgC,CAAC"}

package/dist/lib/esm/guards/guards.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from "./identity-platform-claim.guard";
2	+ //# sourceMappingURL=guards.js.map

package/dist/lib/esm/guards/guards.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"guards.js","sourceRoot":"","sources":["../../../../src/guards/guards.ts"],"names":[],"mappings":"AAAA,cAAc,iCAAiC,CAAC"}

package/dist/lib/esm/guards/identity-platform-claim.guard.js ADDED Viewed

@@ -0,0 +1,74 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { injectable } from "tsyringe";
+import { Request, traced } from "@pristine-ts/common";
+/**
+ * A guard that checks the authenticated identity has every named custom claim set
+ * to a truthy value. Use with the `@guard` decorator:
+ *
+ * ```ts
+ * @guard(IdentityPlatformClaimGuard, "admin-routes", { claims: ["admin", "billing"] })
+ * ```
+ *
+ * Mirror of `AwsCognitoGroupGuard` — that one checks `cognito:groups`; this one
+ * checks arbitrary top-level claim keys set via `admin.auth().setCustomUserClaims(...)`.
+ */
+let IdentityPlatformClaimGuard = class IdentityPlatformClaimGuard {
+    constructor() {
+        this.keyname = "gcp.identity-platform.claim";
+    }
+    setContext(context) {
+        this.guardContext = context;
+        return Promise.resolve();
+    }
+    isAuthorized(request, identity) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.guardContext === undefined) {
+                return false;
+            }
+            const neededClaims = [];
+            if (this.guardContext.options && Array.isArray(this.guardContext.options.claims)) {
+                neededClaims.push(...this.guardContext.options.claims);
+            }
+            if (neededClaims.length === 0) {
+                return true;
+            }
+            if ((identity === null || identity === void 0 ? void 0 : identity.claims) === undefined) {
+                return false;
+            }
+            for (const claim of neededClaims) {
+                if (!identity.claims[claim]) {
+                    return false;
+                }
+            }
+            return true;
+        });
+    }
+};
+__decorate([
+    traced(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Request, Object]),
+    __metadata("design:returntype", Promise)
+], IdentityPlatformClaimGuard.prototype, "isAuthorized", null);
+IdentityPlatformClaimGuard = __decorate([
+    injectable()
+], IdentityPlatformClaimGuard);
+export { IdentityPlatformClaimGuard };
+//# sourceMappingURL=identity-platform-claim.guard.js.map

package/dist/lib/esm/guards/identity-platform-claim.guard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"identity-platform-claim.guard.js","sourceRoot":"","sources":["../../../../src/guards/identity-platform-claim.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAC,UAAU,EAAC,MAAM,UAAU,CAAC;AACpC,OAAO,EAAoB,OAAO,EAAE,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAGvE;;;;;;;;;;GAUG;AAEI,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;IAAhC;QACE,YAAO,GAAG,6BAA6B,CAAC;IA+BjD,CAAC;IA5BC,UAAU,CAAC,OAAY;QACrB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;QAC5B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAGK,YAAY,CAAC,OAAgB,EAAE,QAA4B;;YAC/D,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;gBACpC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,YAAY,GAAa,EAAE,CAAC;YAClC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjF,YAAY,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACzD,CAAC;YACD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,MAAK,SAAS,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;gBACjC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5B,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KAAA;CACF,CAAA;AAtBO;IADL,MAAM,EAAE;;qCACmB,OAAO;;8DAqBlC;AA/BU,0BAA0B;IADtC,UAAU,EAAE;GACA,0BAA0B,CAgCtC"}

package/dist/lib/esm/interfaces/claim.interface.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=claim.interface.js.map

package/dist/lib/esm/interfaces/claim.interface.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"claim.interface.js","sourceRoot":"","sources":["../../../../src/interfaces/claim.interface.ts"],"names":[],"mappings":""}

package/dist/lib/esm/interfaces/interfaces.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./claim.interface";
+export * from "./token-header.interface";
+//# sourceMappingURL=interfaces.js.map

package/dist/lib/esm/interfaces/interfaces.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../../../src/interfaces/interfaces.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,0BAA0B,CAAC"}

package/dist/lib/esm/interfaces/token-header.interface.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=token-header.interface.js.map

package/dist/lib/esm/interfaces/token-header.interface.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"token-header.interface.js","sourceRoot":"","sources":["../../../../src/interfaces/token-header.interface.ts"],"names":[],"mappings":""}