@quanticjs/auth-web-bff 4.3.1 → 4.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bff.service.js +13 -7
- package/package.json +2 -2
package/dist/bff.service.js
CHANGED
|
@@ -18,6 +18,17 @@ const openid_client_1 = require("openid-client");
|
|
|
18
18
|
const uuid_1 = require("uuid");
|
|
19
19
|
const core_1 = require("@quanticjs/core");
|
|
20
20
|
const interfaces_1 = require("./interfaces");
|
|
21
|
+
function extractRealmRoles(accessToken) {
|
|
22
|
+
try {
|
|
23
|
+
const payload = JSON.parse(Buffer.from(accessToken.split('.')[1], 'base64url').toString());
|
|
24
|
+
return Array.isArray(payload.realm_access?.roles)
|
|
25
|
+
? payload.realm_access.roles
|
|
26
|
+
: [];
|
|
27
|
+
}
|
|
28
|
+
catch {
|
|
29
|
+
return [];
|
|
30
|
+
}
|
|
31
|
+
}
|
|
21
32
|
let BffService = class BffService {
|
|
22
33
|
options;
|
|
23
34
|
redis;
|
|
@@ -72,9 +83,7 @@ let BffService = class BffService {
|
|
|
72
83
|
keycloakId: claims.sub,
|
|
73
84
|
email: claims.email ?? '',
|
|
74
85
|
displayName: claims.name ?? claims.preferred_username ?? '',
|
|
75
|
-
roles:
|
|
76
|
-
? claims.realm_access.roles
|
|
77
|
-
: [],
|
|
86
|
+
roles: extractRealmRoles(tokenSet.access_token),
|
|
78
87
|
username: claims.preferred_username,
|
|
79
88
|
};
|
|
80
89
|
await this.saveSession(sessionId, sessionData);
|
|
@@ -111,16 +120,13 @@ let BffService = class BffService {
|
|
|
111
120
|
return null;
|
|
112
121
|
try {
|
|
113
122
|
const tokenSet = await this.client.refresh(sess.refreshToken);
|
|
114
|
-
const claims = tokenSet.claims();
|
|
115
123
|
const updated = {
|
|
116
124
|
...sess,
|
|
117
125
|
accessToken: tokenSet.access_token,
|
|
118
126
|
refreshToken: tokenSet.refresh_token ?? sess.refreshToken,
|
|
119
127
|
idToken: tokenSet.id_token ?? sess.idToken,
|
|
120
128
|
expiresAt: tokenSet.expires_at ?? Math.floor(Date.now() / 1000) + 300,
|
|
121
|
-
roles:
|
|
122
|
-
? claims.realm_access.roles
|
|
123
|
-
: sess.roles,
|
|
129
|
+
roles: extractRealmRoles(tokenSet.access_token),
|
|
124
130
|
};
|
|
125
131
|
await this.saveSession(sessionId, updated);
|
|
126
132
|
return updated.accessToken;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@quanticjs/auth-web-bff",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.4.0",
|
|
4
4
|
"description": "BFF authentication module — Keycloak OIDC, Redis sessions, httpOnly cookies",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
"clean": "rm -rf dist"
|
|
10
10
|
},
|
|
11
11
|
"dependencies": {
|
|
12
|
-
"@quanticjs/core": "^4.
|
|
12
|
+
"@quanticjs/core": "^4.4.0"
|
|
13
13
|
},
|
|
14
14
|
"peerDependencies": {
|
|
15
15
|
"@nestjs/common": "^10.0.0 || ^11.0.0",
|