npm - @productcraft/heimdall-passport - Versions diffs - 0.0.2 - Mend

@productcraft/heimdall-passport 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,44 @@
+# @productcraft/heimdall-passport
+Passport-JWT adapter for [`@productcraft/heimdall`](../heimdall). Plug a Heimdall `ConsumerScope` into a `passport-jwt` Strategy so existing Passport setups can authenticate Heimdall-issued tokens.
+```bash
+npm install @productcraft/heimdall @productcraft/heimdall-passport passport-jwt
+```
+## Usage
+```ts
+import passportJwt from "passport-jwt";
+import { Heimdall } from "@productcraft/heimdall";
+import { createPassportSecretOrKeyProvider } from "@productcraft/heimdall-passport";
+const heimdall = new Heimdall({
+  auth: { type: "apiKey", key: process.env.PCFT_KEY! },
+});
+const scope = heimdall.consumer("my-app-slug");
+new passportJwt.Strategy(
+  {
+    jwtFromRequest: passportJwt.ExtractJwt.fromAuthHeaderAsBearerToken(),
+    secretOrKeyProvider: createPassportSecretOrKeyProvider(scope),
+    issuer: scope.expectedIssuer,
+    audience: "my-app", // optional
+    algorithms: ["ES256"],
+  },
+  (payload, done) => {
+    // payload is the verified Heimdall claims object (sub, role, permissions, ...)
+    return done(null, payload);
+  },
+);
+```
+The helper decodes the JWT header, asks the Heimdall `ConsumerScope` for the matching signing key via its cached JWKS, converts the resulting `CryptoKey` into a Node `KeyObject`, and hands it to passport-jwt.
+## How it relates to the main package
+`@productcraft/heimdall` already ships a `scope.verifyToken(token)` one-liner. Use **this** package only when you have an existing Passport setup you'd rather keep. For Express middleware without Passport, the direct verify is simpler.
+## License
+[MIT](../../LICENSE).

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,32 @@
+'use strict';
+var crypto = require('crypto');
+var jose = require('jose');
+// src/index.ts
+function createPassportSecretOrKeyProvider(scope) {
+  return (_request, rawJwt, done) => {
+    let header;
+    try {
+      header = jose.decodeProtectedHeader(rawJwt);
+    } catch (err) {
+      done(err);
+      return;
+    }
+    scope.jwks.getKey(header).then(
+      (cryptoKey) => {
+        try {
+          const keyObject = crypto.KeyObject.from(cryptoKey);
+          done(null, keyObject);
+        } catch (err) {
+          done(err);
+        }
+      },
+      (err) => done(err)
+    );
+  };
+}
+exports.createPassportSecretOrKeyProvider = createPassportSecretOrKeyProvider;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"names":["decodeProtectedHeader","KeyObject"],"mappings":";;;;;;AAsDO,SAAS,kCACd,KAAA,EAC6B;AAC7B,EAAA,OAAO,CAAC,QAAA,EAAU,MAAA,EAAQ,IAAA,KAAS;AACjC,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACF,MAAA,MAAA,GAASA,2BAAsB,MAAM,CAAA;AAAA,IACvC,SAAS,GAAA,EAAK;AACZ,MAAA,IAAA,CAAK,GAAG,CAAA;AACR,MAAA;AAAA,IACF;AAEA,IAAA,KAAA,CAAM,IAAA,CAAK,MAAA,CAAO,MAA6B,CAAA,CAAE,IAAA;AAAA,MAC/C,CAAC,SAAA,KAAc;AACb,QAAA,IAAI;AAKF,UAAA,MAAM,SAAA,GAAYC,gBAAA,CAAU,IAAA,CAAK,SAAS,CAAA;AAC1C,UAAA,IAAA,CAAK,MAAM,SAAS,CAAA;AAAA,QACtB,SAAS,GAAA,EAAK;AACZ,UAAA,IAAA,CAAK,GAAG,CAAA;AAAA,QACV;AAAA,MACF,CAAA;AAAA,MACA,CAAC,GAAA,KAAQ,IAAA,CAAK,GAAG;AAAA,KACnB;AAAA,EACF,CAAA;AACF","file":"index.cjs","sourcesContent":["/**\n * `@productcraft/heimdall-passport` — passport-jwt adapter for Heimdall.\n *\n * Install alongside `@productcraft/heimdall` + `passport-jwt`:\n *\n * ```bash\n * npm install @productcraft/heimdall @productcraft/heimdall-passport passport-jwt\n * ```\n *\n * Usage:\n *\n * ```ts\n * import passportJwt from \"passport-jwt\";\n * import { Heimdall } from \"@productcraft/heimdall\";\n * import { createPassportSecretOrKeyProvider } from \"@productcraft/heimdall-passport\";\n *\n * const heimdall = new Heimdall({ auth: { type: \"apiKey\", key: process.env.PCFT_KEY! } });\n * const scope = heimdall.consumer(\"my-app-slug\");\n *\n * new passportJwt.Strategy(\n * {\n * jwtFromRequest: passportJwt.ExtractJwt.fromAuthHeaderAsBearerToken(),\n * secretOrKeyProvider: createPassportSecretOrKeyProvider(scope),\n * issuer: scope.expectedIssuer,\n * algorithms: [\"ES256\"],\n * },\n * (payload, done) => done(null, payload),\n * );\n * ```\n */\n\nimport { KeyObject } from \"node:crypto\";\nimport { decodeProtectedHeader, type JWTHeaderParameters } from \"jose\";\n\nimport type { ConsumerScope } from \"@productcraft/heimdall\";\n\n/**\n * passport-jwt's `secretOrKeyProvider` callback signature. We don't\n * depend on passport-jwt's types directly (to keep it a soft dep),\n * so this is the same shape as `SecretOrKeyProvider` in their typings.\n */\ntype PassportSecretOrKeyProvider = (\n request: unknown,\n rawJwtToken: string,\n done: (err: unknown, secretOrKey?: string | Buffer | KeyObject) => void,\n) => void;\n\n/**\n * Returns a passport-jwt `secretOrKeyProvider` bound to a Heimdall\n * `ConsumerScope`. Decodes the protected header, looks up the matching\n * key via the scope's JWKS cache, and converts the resulting jose\n * `CryptoKey` into a Node `KeyObject` that `jsonwebtoken` (the library\n * passport-jwt delegates to) accepts.\n */\nexport function createPassportSecretOrKeyProvider(\n scope: ConsumerScope,\n): PassportSecretOrKeyProvider {\n return (_request, rawJwt, done) => {\n let header;\n try {\n header = decodeProtectedHeader(rawJwt);\n } catch (err) {\n done(err);\n return;\n }\n\n scope.jwks.getKey(header as JWTHeaderParameters).then(\n (cryptoKey) => {\n try {\n // `jsonwebtoken` (passport-jwt's verifier) doesn't accept\n // Web Crypto `CryptoKey`, but it does accept Node's\n // `KeyObject`. `KeyObject.from(cryptoKey)` was added in\n // Node 16.6 and is the right adapter.\n const keyObject = KeyObject.from(cryptoKey);\n done(null, keyObject);\n } catch (err) {\n done(err);\n }\n },\n (err) => done(err),\n );\n };\n}\n"]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,50 @@
+import { KeyObject } from 'node:crypto';
+import { ConsumerScope } from '@productcraft/heimdall';
+/**
+ * `@productcraft/heimdall-passport` — passport-jwt adapter for Heimdall.
+ *
+ * Install alongside `@productcraft/heimdall` + `passport-jwt`:
+ *
+ * ```bash
+ * npm install @productcraft/heimdall @productcraft/heimdall-passport passport-jwt
+ * ```
+ *
+ * Usage:
+ *
+ * ```ts
+ * import passportJwt from "passport-jwt";
+ * import { Heimdall } from "@productcraft/heimdall";
+ * import { createPassportSecretOrKeyProvider } from "@productcraft/heimdall-passport";
+ *
+ * const heimdall = new Heimdall({ auth: { type: "apiKey", key: process.env.PCFT_KEY! } });
+ * const scope = heimdall.consumer("my-app-slug");
+ *
+ * new passportJwt.Strategy(
+ *   {
+ *     jwtFromRequest: passportJwt.ExtractJwt.fromAuthHeaderAsBearerToken(),
+ *     secretOrKeyProvider: createPassportSecretOrKeyProvider(scope),
+ *     issuer: scope.expectedIssuer,
+ *     algorithms: ["ES256"],
+ *   },
+ *   (payload, done) => done(null, payload),
+ * );
+ * ```
+ */
+/**
+ * passport-jwt's `secretOrKeyProvider` callback signature. We don't
+ * depend on passport-jwt's types directly (to keep it a soft dep),
+ * so this is the same shape as `SecretOrKeyProvider` in their typings.
+ */
+type PassportSecretOrKeyProvider = (request: unknown, rawJwtToken: string, done: (err: unknown, secretOrKey?: string | Buffer | KeyObject) => void) => void;
+/**
+ * Returns a passport-jwt `secretOrKeyProvider` bound to a Heimdall
+ * `ConsumerScope`. Decodes the protected header, looks up the matching
+ * key via the scope's JWKS cache, and converts the resulting jose
+ * `CryptoKey` into a Node `KeyObject` that `jsonwebtoken` (the library
+ * passport-jwt delegates to) accepts.
+ */
+declare function createPassportSecretOrKeyProvider(scope: ConsumerScope): PassportSecretOrKeyProvider;
+export { createPassportSecretOrKeyProvider };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { KeyObject } from 'node:crypto';
+import { ConsumerScope } from '@productcraft/heimdall';
+/**
+ * `@productcraft/heimdall-passport` — passport-jwt adapter for Heimdall.
+ *
+ * Install alongside `@productcraft/heimdall` + `passport-jwt`:
+ *
+ * ```bash
+ * npm install @productcraft/heimdall @productcraft/heimdall-passport passport-jwt
+ * ```
+ *
+ * Usage:
+ *
+ * ```ts
+ * import passportJwt from "passport-jwt";
+ * import { Heimdall } from "@productcraft/heimdall";
+ * import { createPassportSecretOrKeyProvider } from "@productcraft/heimdall-passport";
+ *
+ * const heimdall = new Heimdall({ auth: { type: "apiKey", key: process.env.PCFT_KEY! } });
+ * const scope = heimdall.consumer("my-app-slug");
+ *
+ * new passportJwt.Strategy(
+ *   {
+ *     jwtFromRequest: passportJwt.ExtractJwt.fromAuthHeaderAsBearerToken(),
+ *     secretOrKeyProvider: createPassportSecretOrKeyProvider(scope),
+ *     issuer: scope.expectedIssuer,
+ *     algorithms: ["ES256"],
+ *   },
+ *   (payload, done) => done(null, payload),
+ * );
+ * ```
+ */
+/**
+ * passport-jwt's `secretOrKeyProvider` callback signature. We don't
+ * depend on passport-jwt's types directly (to keep it a soft dep),
+ * so this is the same shape as `SecretOrKeyProvider` in their typings.
+ */
+type PassportSecretOrKeyProvider = (request: unknown, rawJwtToken: string, done: (err: unknown, secretOrKey?: string | Buffer | KeyObject) => void) => void;
+/**
+ * Returns a passport-jwt `secretOrKeyProvider` bound to a Heimdall
+ * `ConsumerScope`. Decodes the protected header, looks up the matching
+ * key via the scope's JWKS cache, and converts the resulting jose
+ * `CryptoKey` into a Node `KeyObject` that `jsonwebtoken` (the library
+ * passport-jwt delegates to) accepts.
+ */
+declare function createPassportSecretOrKeyProvider(scope: ConsumerScope): PassportSecretOrKeyProvider;
+export { createPassportSecretOrKeyProvider };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { KeyObject } from 'crypto';
+import { decodeProtectedHeader } from 'jose';
+// src/index.ts
+function createPassportSecretOrKeyProvider(scope) {
+  return (_request, rawJwt, done) => {
+    let header;
+    try {
+      header = decodeProtectedHeader(rawJwt);
+    } catch (err) {
+      done(err);
+      return;
+    }
+    scope.jwks.getKey(header).then(
+      (cryptoKey) => {
+        try {
+          const keyObject = KeyObject.from(cryptoKey);
+          done(null, keyObject);
+        } catch (err) {
+          done(err);
+        }
+      },
+      (err) => done(err)
+    );
+  };
+}
+export { createPassportSecretOrKeyProvider };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;;AAsDO,SAAS,kCACd,KAAA,EAC6B;AAC7B,EAAA,OAAO,CAAC,QAAA,EAAU,MAAA,EAAQ,IAAA,KAAS;AACjC,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACF,MAAA,MAAA,GAAS,sBAAsB,MAAM,CAAA;AAAA,IACvC,SAAS,GAAA,EAAK;AACZ,MAAA,IAAA,CAAK,GAAG,CAAA;AACR,MAAA;AAAA,IACF;AAEA,IAAA,KAAA,CAAM,IAAA,CAAK,MAAA,CAAO,MAA6B,CAAA,CAAE,IAAA;AAAA,MAC/C,CAAC,SAAA,KAAc;AACb,QAAA,IAAI;AAKF,UAAA,MAAM,SAAA,GAAY,SAAA,CAAU,IAAA,CAAK,SAAS,CAAA;AAC1C,UAAA,IAAA,CAAK,MAAM,SAAS,CAAA;AAAA,QACtB,SAAS,GAAA,EAAK;AACZ,UAAA,IAAA,CAAK,GAAG,CAAA;AAAA,QACV;AAAA,MACF,CAAA;AAAA,MACA,CAAC,GAAA,KAAQ,IAAA,CAAK,GAAG;AAAA,KACnB;AAAA,EACF,CAAA;AACF","file":"index.js","sourcesContent":["/**\n * `@productcraft/heimdall-passport` — passport-jwt adapter for Heimdall.\n *\n * Install alongside `@productcraft/heimdall` + `passport-jwt`:\n *\n * ```bash\n * npm install @productcraft/heimdall @productcraft/heimdall-passport passport-jwt\n * ```\n *\n * Usage:\n *\n * ```ts\n * import passportJwt from \"passport-jwt\";\n * import { Heimdall } from \"@productcraft/heimdall\";\n * import { createPassportSecretOrKeyProvider } from \"@productcraft/heimdall-passport\";\n *\n * const heimdall = new Heimdall({ auth: { type: \"apiKey\", key: process.env.PCFT_KEY! } });\n * const scope = heimdall.consumer(\"my-app-slug\");\n *\n * new passportJwt.Strategy(\n * {\n * jwtFromRequest: passportJwt.ExtractJwt.fromAuthHeaderAsBearerToken(),\n * secretOrKeyProvider: createPassportSecretOrKeyProvider(scope),\n * issuer: scope.expectedIssuer,\n * algorithms: [\"ES256\"],\n * },\n * (payload, done) => done(null, payload),\n * );\n * ```\n */\n\nimport { KeyObject } from \"node:crypto\";\nimport { decodeProtectedHeader, type JWTHeaderParameters } from \"jose\";\n\nimport type { ConsumerScope } from \"@productcraft/heimdall\";\n\n/**\n * passport-jwt's `secretOrKeyProvider` callback signature. We don't\n * depend on passport-jwt's types directly (to keep it a soft dep),\n * so this is the same shape as `SecretOrKeyProvider` in their typings.\n */\ntype PassportSecretOrKeyProvider = (\n request: unknown,\n rawJwtToken: string,\n done: (err: unknown, secretOrKey?: string | Buffer | KeyObject) => void,\n) => void;\n\n/**\n * Returns a passport-jwt `secretOrKeyProvider` bound to a Heimdall\n * `ConsumerScope`. Decodes the protected header, looks up the matching\n * key via the scope's JWKS cache, and converts the resulting jose\n * `CryptoKey` into a Node `KeyObject` that `jsonwebtoken` (the library\n * passport-jwt delegates to) accepts.\n */\nexport function createPassportSecretOrKeyProvider(\n scope: ConsumerScope,\n): PassportSecretOrKeyProvider {\n return (_request, rawJwt, done) => {\n let header;\n try {\n header = decodeProtectedHeader(rawJwt);\n } catch (err) {\n done(err);\n return;\n }\n\n scope.jwks.getKey(header as JWTHeaderParameters).then(\n (cryptoKey) => {\n try {\n // `jsonwebtoken` (passport-jwt's verifier) doesn't accept\n // Web Crypto `CryptoKey`, but it does accept Node's\n // `KeyObject`. `KeyObject.from(cryptoKey)` was added in\n // Node 16.6 and is the right adapter.\n const keyObject = KeyObject.from(cryptoKey);\n done(null, keyObject);\n } catch (err) {\n done(err);\n }\n },\n (err) => done(err),\n );\n };\n}\n"]}

package/package.json ADDED Viewed

@@ -0,0 +1,56 @@
+{
+  "name": "@productcraft/heimdall-passport",
+  "version": "0.0.2",
+  "description": "Passport-JWT adapter for ProductCraft Heimdall. Plug a Heimdall ConsumerScope into a `passport-jwt` Strategy so existing Passport setups can authenticate Heimdall-issued tokens.",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist/**",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run"
+  },
+  "keywords": [
+    "productcraft",
+    "sdk",
+    "heimdall",
+    "passport",
+    "passport-jwt",
+    "auth",
+    "jwt"
+  ],
+  "author": "ProductCraft",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/clauderanelagh/productcraft-node.git",
+    "directory": "packages/heimdall-passport"
+  },
+  "homepage": "https://github.com/clauderanelagh/productcraft-node/tree/main/packages/heimdall-passport",
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "dependencies": {
+    "@productcraft/heimdall": "workspace:^",
+    "jose": "^6.2.3"
+  },
+  "peerDependencies": {
+    "passport-jwt": "^4.0.0"
+  }
+}