@soapjs/soap-auth 0.1.1 → 0.3.0

package/build/strategies/jwt/jwt.strategy.js

@@ -5,77 +5,138 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JwtStrategy = void 0;
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const token_based_auth_strategy_1 = require("../token-based-auth.strategy");
+const token_auth_strategy_1 = require("../token-auth.strategy");
 const errors_1 = require("../../errors");
 const jwt_tools_1 = require("./jwt.tools");
-class JwtStrategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy {
+class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
     config;
     session;
     logger;
+    accessTokenConfig;
+    refreshTokenConfig;
     constructor(config, session, logger) {
-        if (!config.accessToken.secretKey) {
+        if (!config.accessToken.issuer.secretKey) {
             throw new errors_1.UndefinedTokenSecretError("Access");
         }
-        if (config.refreshToken && !config.refreshToken.secretKey) {
+        if (config.refreshToken && !config.refreshToken.issuer.secretKey) {
             throw new errors_1.UndefinedTokenSecretError("Refresh");
         }
-        const accessTokenConfig = (0, jwt_tools_1.prepareAccessTokenConfig)(config);
-        const refreshTokenConfig = (0, jwt_tools_1.prepareRefreshTokenConfig)(config);
-        super(config, {
-            ...accessTokenConfig,
-            generate(payload) {
-                return jsonwebtoken_1.default.sign(payload, accessTokenConfig.secretKey, accessTokenConfig.signOptions);
-            },
-            verify(token) {
-                try {
-                    if (!token)
-                        throw new errors_1.UndefinedTokenError("Access");
-                    if (!accessTokenConfig.secretKey)
-                        throw new errors_1.UndefinedTokenSecretError("Access");
-                    return new Promise((resolve, reject) => {
-                        jsonwebtoken_1.default.verify(token, accessTokenConfig.secretKey, accessTokenConfig.verifyOptions, (err, payload) => {
-                            if (err)
-                                reject(err);
-                            else
-                                resolve(payload);
-                        });
-                    });
-                }
-                catch (error) {
-                    this.logger?.error("JWT verification failed:", error);
-                    throw new errors_1.InvalidTokenError("Access");
-                }
-            },
-        }, {
-            ...refreshTokenConfig,
-            generate(payload) {
-                return jsonwebtoken_1.default.sign(payload, refreshTokenConfig.secretKey, refreshTokenConfig.signOptions);
-            },
-            verify(token) {
-                try {
-                    if (!token)
-                        throw new errors_1.UndefinedTokenError("Refresh");
-                    if (!refreshTokenConfig.secretKey)
-                        throw new errors_1.UndefinedTokenSecretError("Refresh");
-                    return new Promise((resolve, reject) => {
-                        jsonwebtoken_1.default.verify(token, refreshTokenConfig.secretKey, refreshTokenConfig.verifyOptions, (err, payload) => {
-                            if (err)
-                                reject(err);
-                            else
-                                resolve(payload);
-                        });
-                    });
-                }
-                catch (error) {
-                    this.logger?.error("JWT verification failed:", error);
-                    throw new errors_1.InvalidTokenError("Refresh");
-                }
-            },
-        });
+        super(config, session, logger);
         this.config = config;
         this.session = session;
         this.logger = logger;
+        this.accessTokenConfig = (0, jwt_tools_1.prepareAccessTokenConfig)(config.accessToken);
+        this.refreshTokenConfig = (0, jwt_tools_1.prepareRefreshTokenConfig)(config.refreshToken);
         this.logger?.info("JWTStrategy initialized with provided configurations.");
     }
+    async invalidateRefreshToken(token) {
+        await this.refreshTokenConfig.persistence.remove?.(token);
+    }
+    verifyAccessToken(token) {
+        try {
+            if (!token)
+                throw new errors_1.UndefinedTokenError("Access");
+            if (!this.accessTokenConfig.issuer.secretKey)
+                throw new errors_1.UndefinedTokenSecretError("Access");
+            return new Promise((resolve, reject) => {
+                jsonwebtoken_1.default.verify(token, this.accessTokenConfig.issuer.secretKey, this.accessTokenConfig.verifier.options, (err, payload) => {
+                    if (err)
+                        reject(err);
+                    else
+                        resolve(payload);
+                });
+            });
+        }
+        catch (error) {
+            this.logger?.error("JWT verification failed:", error);
+            throw new errors_1.InvalidTokenError("Access");
+        }
+    }
+    verifyRefreshToken(token) {
+        try {
+            if (!token)
+                throw new errors_1.UndefinedTokenError("Refresh");
+            if (!this.refreshTokenConfig.issuer.secretKey)
+                throw new errors_1.UndefinedTokenSecretError("Refresh");
+            return new Promise((resolve, reject) => {
+                jsonwebtoken_1.default.verify(token, this.refreshTokenConfig.issuer.secretKey, this.refreshTokenConfig.verifier.options, (err, payload) => {
+                    if (err)
+                        reject(err);
+                    else
+                        resolve(payload);
+                });
+            });
+        }
+        catch (error) {
+            this.logger?.error("JWT verification failed:", error);
+            throw new errors_1.InvalidTokenError("Refresh");
+        }
+    }
+    generateAccessToken(payload) {
+        const options = this.accessTokenConfig.issuer.options || {};
+        return jsonwebtoken_1.default.sign(payload, this.accessTokenConfig.issuer.secretKey, {
+            ...options,
+            jti: payload.jti || crypto.randomUUID(),
+        });
+    }
+    generateRefreshToken(payload) {
+        const options = this.refreshTokenConfig.issuer.options || {};
+        return jsonwebtoken_1.default.sign(payload, this.refreshTokenConfig.issuer.secretKey, {
+            ...options,
+            jti: payload.jti || crypto.randomUUID(),
+        });
+    }
+    async storeAccessToken(token, context) {
+        if (this.accessTokenConfig.persistence.store) {
+            await this.accessTokenConfig.persistence.store(token, null, this.accessTokenConfig.issuer.options.expiresIn);
+        }
+    }
+    async storeRefreshToken(token, context) {
+        if (this.refreshTokenConfig.persistence.store) {
+            await this.refreshTokenConfig.persistence.store(token, null, this.refreshTokenConfig.issuer.options.expiresIn);
+        }
+    }
+    embedAccessToken(token, context) {
+        if (this.accessTokenConfig.embed) {
+            this.accessTokenConfig.embed(context, token);
+        }
+        else {
+            (0, jwt_tools_1.setDefaultJwtHeader)(token, context);
+        }
+    }
+    embedRefreshToken(token, context) {
+        if (this.refreshTokenConfig.embed) {
+            this.refreshTokenConfig.embed(context, token);
+        }
+        else {
+            (0, jwt_tools_1.setDefaultJwtCookie)(token, context);
+        }
+    }
+    retrieveAccessToken(context) {
+        if (this.accessTokenConfig.retrieve) {
+            return this.accessTokenConfig.retrieve(context);
+        }
+        else {
+            return (context.req.headers.authorization?.split(" ")[1] ||
+                context.request.headers.authorization?.split(" ")[1] ||
+                context.headers.authorization?.split(" ")[1]);
+        }
+    }
+    retrieveRefreshToken(context) {
+        if (this.refreshTokenConfig.retrieve) {
+            return this.refreshTokenConfig.retrieve(context);
+        }
+        return (context.req.cookies?.refreshToken ||
+            context.request.cookies?.refreshToken ||
+            context.cookies.refreshToken);
+    }
+    async logout(context) {
+        const refreshToken = await this.retrieveRefreshToken(context);
+        if (refreshToken) {
+            await this.invalidateRefreshToken(refreshToken);
+            (0, jwt_tools_1.clearDefaultJwtCookie)(context);
+            (0, jwt_tools_1.clearDefaultJwtHeader)(context);
+        }
+    }
 }
 exports.JwtStrategy = JwtStrategy;

package/build/strategies/jwt/jwt.tools.d.ts

@@ -1,3 +1,7 @@
-import { JwtAccessTokenConfig, JwtConfig, JwtRefreshTokenConfig } from "./jwt.types";
-export declare const prepareAccessTokenConfig: (config: JwtConfig) => JwtAccessTokenConfig;
-export declare const prepareRefreshTokenConfig: (config: JwtConfig) => JwtRefreshTokenConfig;
+import { TokenConfig } from "../../types";
+export declare const prepareAccessTokenConfig: <TContext = any>(config: TokenConfig<TContext>) => TokenConfig<TContext>;
+export declare const prepareRefreshTokenConfig: <TContext = any>(config: TokenConfig<TContext>) => TokenConfig<TContext>;
+export declare const setDefaultJwtCookie: (token: string, context: any) => void;
+export declare const setDefaultJwtHeader: (token: string, context: any) => void;
+export declare const clearDefaultJwtHeader: (context: any) => void;
+export declare const clearDefaultJwtCookie: (context: any) => void;

package/build/strategies/jwt/jwt.tools.js

@@ -23,57 +23,96 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.prepareRefreshTokenConfig = exports.prepareAccessTokenConfig = void 0;
+exports.clearDefaultJwtCookie = exports.clearDefaultJwtHeader = exports.setDefaultJwtHeader = exports.setDefaultJwtCookie = exports.prepareRefreshTokenConfig = exports.prepareAccessTokenConfig = void 0;
 const Soap = __importStar(require("@soapjs/soap"));
 const prepareAccessTokenConfig = (config) => {
     return Soap.removeUndefinedProperties({
-        ...config.accessToken,
-        tokenType: "Access",
-        expiresIn: config.accessToken.expiresIn || "1h",
-        signOptions: {
-            ...config.accessToken.signOptions,
-            algorithm: config.accessToken.signOptions.algorithm || "HS256",
-            expiresIn: config.accessToken.expiresIn || "1h",
-            audience: config.accessToken.audience,
-            issuer: config.accessToken.issuer,
-            subject: config.accessToken.subject,
+        ...config,
+        generation: {
+            ...config.issuer.options,
+            expiresIn: config.issuer.options.expiresIn || "1h",
+            algorithm: config.issuer.options.algorithm || "HS256",
+        },
+        verification: {
+            ...config.verifier.options,
+            algorithms: config.verifier.options.algorithms || ["HS256"],
+            expiresIn: config.verifier.options.expiresIn || "1h",
         },
-        verifyOptions: config.accessToken.verifyOptions
-            ? {
-                ...config.accessToken.verifyOptions,
-                algorithms: config.accessToken.verifyOptions.algorithms || ["HS256"],
-                expiresIn: config.accessToken.expiresIn || "1h",
-                audience: config.accessToken.audience,
-                issuer: config.accessToken.issuer,
-                subject: config.accessToken.subject,
-            }
-            : {},
     });
 };
 exports.prepareAccessTokenConfig = prepareAccessTokenConfig;
 const prepareRefreshTokenConfig = (config) => {
     return Soap.removeUndefinedProperties({
-        ...config.refreshToken,
-        secretKey: config.refreshToken.secretKey,
-        tokenType: "Refresh",
-        signOptions: {
-            ...config.refreshToken.signOptions,
-            algorithm: config.refreshToken.signOptions.algorithm || "HS256",
-            expiresIn: config.refreshToken.expiresIn || "7d",
-            audience: config.refreshToken.audience,
-            issuer: config.refreshToken.issuer,
-            subject: config.refreshToken.subject,
+        ...config,
+        generation: {
+            ...config.issuer,
+            expiresIn: config.issuer.options.expiresIn || "7d",
+            algorithm: config.issuer.options.algorithm || "HS256",
+        },
+        verification: {
+            ...config.verifier.options,
+            algorithms: config.verifier.options.algorithms || ["HS256"],
+            expiresIn: config.verifier.options.expiresIn || "7d",
         },
-        verifyOptions: config.refreshToken.verifyOptions
-            ? {
-                ...config.refreshToken.verifyOptions,
-                algorithm: config.refreshToken.verifyOptions.algorithms || ["HS256"],
-                expiresIn: config.refreshToken.expiresIn || "7d",
-                audience: config.refreshToken.audience,
-                issuer: config.refreshToken.issuer,
-                subject: config.refreshToken.subject,
-            }
-            : {},
     });
 };
 exports.prepareRefreshTokenConfig = prepareRefreshTokenConfig;
+const setDefaultJwtCookie = (token, context) => {
+    const options = {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Strict",
+        maxAge: 7 * 24 * 60 * 60 * 1000,
+    };
+    if (context?.res) {
+        context.res.cookie("refreshToken", token, options);
+    }
+    else if (context?.response) {
+        context.response.cookie("refreshToken", token, options);
+    }
+    else if (context?.cookie) {
+        context.cookie("refreshToken", token, options);
+    }
+};
+exports.setDefaultJwtCookie = setDefaultJwtCookie;
+const setDefaultJwtHeader = (token, context) => {
+    if (typeof context?.res?.setHeader === "function") {
+        context.res.setHeader("Authorization", `Bearer ${token}`);
+    }
+    else if (typeof context?.response?.setHeader === "function") {
+        context.response.setHeader("Authorization", `Bearer ${token}`);
+    }
+    else if (typeof context?.setHeader === "function") {
+        context.setHeader("Authorization", `Bearer ${token}`);
+    }
+};
+exports.setDefaultJwtHeader = setDefaultJwtHeader;
+const clearDefaultJwtHeader = (context) => {
+    if (typeof context?.res?.setHeader === "function") {
+        context.res.setHeader("Authorization", ``);
+    }
+    else if (typeof context?.response?.setHeader === "function") {
+        context.response.setHeader("Authorization", ``);
+    }
+    else if (typeof context?.setHeader === "function") {
+        context.setHeader("Authorization", ``);
+    }
+};
+exports.clearDefaultJwtHeader = clearDefaultJwtHeader;
+const clearDefaultJwtCookie = (context) => {
+    const options = {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Strict",
+    };
+    if (typeof context?.res?.clearCookie === "function") {
+        context.res.clearCookie("refreshToken", options);
+    }
+    else if (typeof context?.response?.clearCookie === "function") {
+        context.response.clearCookie("refreshToken", options);
+    }
+    else if (typeof context?.clearCookie === "function") {
+        context.clearCookie("refreshToken", options);
+    }
+};
+exports.clearDefaultJwtCookie = clearDefaultJwtCookie;

package/build/strategies/jwt/jwt.types.d.ts

@@ -1,4 +1,4 @@
-import { TokenBasedAuthStrategyConfig, TokenConfig } from "../../types";
+import { TokenAuthStrategyConfig } from "../../types";
 export interface JwtVerifyOptions {
     algorithms?: string[];
     notBefore?: string | number;
@@ -12,36 +12,12 @@ export interface JwtVerifyOptions {
 export interface JwtSignOptions {
     algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "none";
     notBefore?: string | number;
-    jwtid?: string;
+    jti?: string;
     issuedAt?: number;
     mutatePayload?: (payload: Record<string, any>) => Record<string, any>;
     noTimestamp?: boolean;
     keyid?: string;
     allowUnsafe?: boolean;
 }
-export type JwtAccessTokenConfig = {
-    verifyOptions?: JwtVerifyOptions;
-    signOptions: JwtSignOptions;
-} & TokenConfig;
-export type JwtRefreshTokenConfig = {
-    verifyOptions?: JwtVerifyOptions;
-    signOptions: JwtSignOptions;
-} & TokenConfig;
-export interface JwtConfig<TContext = unknown, TUser = unknown> extends TokenBasedAuthStrategyConfig<TContext, TUser> {
-    accessToken: JwtAccessTokenConfig;
-    refreshToken?: JwtRefreshTokenConfig;
-    routes?: {
-        login?: {
-            path: string;
-            method?: "POST" | "GET";
-        };
-        logout?: {
-            path: string;
-            method?: "POST" | "GET";
-        };
-        refresh?: {
-            path: string;
-            method?: "POST" | "GET";
-        };
-    };
+export interface JwtConfig<TContext = unknown, TUser = unknown> extends TokenAuthStrategyConfig<TContext, TUser> {
 }

package/build/strategies/local/local.strategy.d.ts

@@ -1,8 +1,8 @@
 import * as Soap from "@soapjs/soap";
-import { CredentialBasedAuthStrategy } from "../credential-based-auth.strategy";
+import { CredentialAuthStrategy } from "../credential-auth.strategy";
 import { LocalStrategyConfig } from "./local.types";
 import { SessionHandler } from "../../session/session-handler";
-export declare class LocalStrategy<TContext = unknown, TUser = unknown> extends CredentialBasedAuthStrategy<TContext, TUser> {
+export declare class LocalStrategy<TContext = unknown, TUser = unknown> extends CredentialAuthStrategy<TContext, TUser> {
     protected config: LocalStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
@@ -11,15 +11,9 @@ export declare class LocalStrategy<TContext = unknown, TUser = unknown> extends
         identifier: string;
         password: string;
     }>;
-    protected verifyCredentials(credentials: {
-        identifier: string;
-        password: string;
-    }): Promise<boolean>;
+    protected verifyCredentials(identifier: string, password: string): Promise<boolean>;
     protected retrieveUser(credentials: {
         identifier: string;
         password: string;
     }): Promise<TUser | null>;
-    requestPasswordReset(email: string): Promise<void>;
-    resetPassword(email: string, token: string, newPassword: string): Promise<void>;
-    changePassword(email: string, oldPassword: string, newPassword: string): Promise<void>;
 }

package/build/strategies/local/local.strategy.js

@@ -1,9 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LocalStrategy = void 0;
-const errors_1 = require("../../errors");
-const credential_based_auth_strategy_1 = require("../credential-based-auth.strategy");
-class LocalStrategy extends credential_based_auth_strategy_1.CredentialBasedAuthStrategy {
+const credential_auth_strategy_1 = require("../credential-auth.strategy");
+class LocalStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
     config;
     session;
     logger;
@@ -13,64 +12,14 @@ class LocalStrategy extends credential_based_auth_strategy_1.CredentialBasedAuth
         this.session = session;
         this.logger = logger;
     }
-    async extractCredentials(context) {
-        return this.config.login.extractCredentials(context);
+    extractCredentials(context) {
+        return this.config.credentials.extractCredentials(context);
     }
-    async verifyCredentials(credentials) {
-        return this.config.login.verifyUserCredentials(credentials.identifier, credentials.password);
+    async verifyCredentials(identifier, password) {
+        return this.config.credentials.verifyCredentials(identifier, password);
     }
     async retrieveUser(credentials) {
-        return this.config.login.retrieveUserData(credentials.identifier);
-    }
-    async requestPasswordReset(email) {
-        try {
-            if (!this.config.passwordReset?.generateResetToken) {
-                throw new Error("Password reset token generation is not configured.");
-            }
-            const token = await this.config.passwordReset.generateResetToken(email);
-            await this.config.passwordReset.sendResetEmail?.(email, token);
-            this.logger?.info(`Password reset requested for email: ${email}`);
-            await this.config.passwordReset.onSuccess?.({ email });
-        }
-        catch (error) {
-            this.logger?.error("Password reset request error:", error);
-            await this.config.passwordReset.onFailure?.({ email, error });
-            throw new errors_1.AuthError(error, "Password reset request failed.");
-        }
-    }
-    async resetPassword(email, token, newPassword) {
-        try {
-            if (!this.config.passwordReset?.validateResetToken) {
-                throw new Error("Password reset token validation is not configured.");
-            }
-            const isValid = await this.config.passwordReset.validateResetToken(token);
-            if (!isValid)
-                throw new Error("Invalid or expired reset token.");
-            await this.config.passwordReset.updatePassword(email, newPassword);
-            this.logger?.info(`Password reset successful for email: ${email}`);
-            await this.config.passwordReset.onSuccess?.({ email });
-        }
-        catch (error) {
-            this.logger?.error("Password reset error:", error);
-            await this.config.passwordReset.onFailure?.({ email, error });
-            throw new errors_1.AuthError(error, "Password reset failed.");
-        }
-    }
-    async changePassword(email, oldPassword, newPassword) {
-        try {
-            const isAuthenticated = await this.config.login.verifyUserCredentials(email, oldPassword);
-            if (!isAuthenticated) {
-                throw new errors_1.InvalidCredentialsError();
-            }
-            await this.config.passwordReset?.updatePassword?.(email, newPassword);
-            this.logger?.info(`Password changed successfully for email: ${email}`);
-            await this.config.passwordReset?.onSuccess?.({ email });
-        }
-        catch (error) {
-            this.logger?.error("Change password error:", error);
-            await this.config.passwordReset?.onFailure?.({ email, error });
-            throw new errors_1.AuthError(error, "Change password failed.");
-        }
+        return this.config.user.getUserData(credentials.identifier);
     }
 }
 exports.LocalStrategy = LocalStrategy;

package/build/strategies/local/local.types.d.ts

@@ -1,3 +1,3 @@
-import { CredentialBasedAuthStrategyConfig } from "../../types";
-export interface LocalStrategyConfig<TContext = unknown, TUser = unknown> extends CredentialBasedAuthStrategyConfig<TContext, TUser> {
+import { CredentialAuthStrategyConfig } from "../../types";
+export interface LocalStrategyConfig<TContext = unknown, TUser = unknown> extends CredentialAuthStrategyConfig<TContext, TUser> {
 }

package/build/strategies/oauth2/oauth2.strategy.d.ts

@@ -1,16 +1,30 @@
 import * as Soap from "@soapjs/soap";
-import { TokenConfig, AuthResult } from "../../types";
-import { TokenBasedAuthStrategy } from "../token-based-auth.strategy";
+import { AuthResult } from "../../types";
 import { OAuth2StrategyConfig } from "./oauth2.types";
 import { SessionHandler } from "../../session/session-handler";
-export declare class OAuth2Strategy<TContext = unknown, TUser = unknown> extends TokenBasedAuthStrategy<TContext, TUser> {
+import { BaseAuthStrategy } from "../base-auth.strategy";
+export declare class OAuth2Strategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
     protected config: OAuth2StrategyConfig<TContext, TUser>;
-    protected accessTokenConfig: TokenConfig;
-    protected refreshTokenConfig?: TokenConfig;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
-    constructor(config: OAuth2StrategyConfig<TContext, TUser>, accessTokenConfig: TokenConfig, refreshTokenConfig?: TokenConfig, session?: SessionHandler, logger?: Soap.Logger);
+    constructor(config: OAuth2StrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
+    logout(context: TContext): Promise<void>;
+    protected getCredentialsForPasswordGrant(context: TContext): Promise<{
+        identifier: string;
+        password: string;
+    }>;
+    protected retrieveAccessToken(context: TContext): Promise<string | undefined>;
+    protected retrieveRefreshToken(context: TContext): Promise<string | undefined>;
+    protected storeAccessToken(token: string, context: TContext): Promise<void>;
+    protected storeRefreshToken(token: string, context: TContext): Promise<void>;
+    protected embedAccessToken(token: string, context: TContext): void;
+    protected embedRefreshToken(token: string, context: TContext): void;
+    isTokenExpired(token: string): Promise<boolean>;
     authenticate(context: TContext): Promise<AuthResult<TUser>>;
+    protected processOAuthFlow(context: TContext): Promise<{
+        accessToken: string;
+        refreshToken?: string;
+    }>;
     protected verifyAuthorizationCode(context: TContext, code: string): void;
     protected extractAuthorizationCode(context: TContext): string | null;
     protected redirectUser(context: TContext, authUrl: string): void;
@@ -24,7 +38,7 @@ export declare class OAuth2Strategy<TContext = unknown, TUser = unknown> extends
     protected exchangeClientCredentials(): Promise<{
         accessToken: string;
     }>;
-    protected exchangePasswordGrant(): Promise<{
+    protected exchangePasswordGrant(username: string, password: string): Promise<{
         accessToken: string;
     }>;
     refreshAccessToken(context: TContext): Promise<{