@soapjs/soap-auth 0.3.1 → 0.3.2

package/build/strategies/token-auth.strategy.js

@@ -1,8 +1,33 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TokenAuthStrategy = void 0;
+const Soap = __importStar(require("@soapjs/soap"));
 const base_auth_strategy_1 = require("./base-auth.strategy");
 const errors_1 = require("../errors");
+const jsonwebtoken_1 = require("jsonwebtoken");
 class TokenAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     config;
     session;
@@ -13,66 +38,165 @@ class TokenAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
         this.session = session;
         this.logger = logger;
     }
+    async fetchUser(payload) {
+        if (this.config?.user?.fetchUser) {
+            return this.config.user.fetchUser(payload);
+        }
+        throw new Soap.NotImplementedError("fetchUser");
+    }
     async authenticate(context) {
         try {
-            let accessToken = await this.retrieveAccessToken(context);
-            let refreshToken;
-            await this.checkRateLimit(context);
+            await this.rateLimit?.checkRateLimit(context);
+            const accessToken = this.extractAccessToken(context);
+            const refreshToken = this.extractRefreshToken(context);
             if (accessToken) {
-                try {
-                    const decoded = await this.verifyAccessToken(accessToken);
-                    const user = await this.config.user.getUserData(decoded);
-                    if (!user)
-                        throw new errors_1.UserNotFoundError();
-                    await this.isAuthorized(user);
+                const { user, isExpired } = await this.verifyAndFetchUser(accessToken);
+                if (user) {
+                    await this.role?.isAuthorized(user);
                     return { user, tokens: { accessToken } };
                 }
-                catch (error) {
-                    this.logger?.warn("Access token is invalid or expired, trying refresh token...");
+                if (!isExpired) {
+                    throw new errors_1.InvalidTokenError("Access");
                 }
+                this.logger?.warn("Access token expired, attempting refresh...");
             }
-            refreshToken = await this.retrieveRefreshToken(context);
-            if (!refreshToken)
-                throw new errors_1.MissingTokenError("Refresh");
-            const newTokens = await this.rotateTokens(context);
-            accessToken = newTokens.accessToken;
-            refreshToken = newTokens.refreshToken;
-            if (!accessToken)
+            if (!this.config.refreshToken) {
                 throw new errors_1.MissingTokenError("Access");
+            }
+            if (!refreshToken) {
+                throw new errors_1.MissingTokenError("Refresh");
+            }
+            return this.refreshTokens(context);
+        }
+        catch (error) {
+            await this.onFailure("authenticate", { error });
+            throw error;
+        }
+    }
+    async verifyAndFetchUser(accessToken) {
+        try {
             const decoded = await this.verifyAccessToken(accessToken);
-            const user = await this.config.user.getUserData(decoded);
-            if (!user)
+            const user = await this.fetchUser(decoded);
+            if (!user) {
                 throw new errors_1.UserNotFoundError();
-            await this.isAuthorized(user);
-            return { user, tokens: { accessToken, refreshToken } };
+            }
+            return { user, isExpired: false };
         }
         catch (error) {
-            this.logger?.error("Authentication failed:", error);
-            throw new errors_1.AuthError(error, "Authentication failed.");
+            this.logger?.error(error);
+            if (error instanceof jsonwebtoken_1.TokenExpiredError) {
+                return { user: null, isExpired: true };
+            }
+            return { user: null, isExpired: false };
         }
     }
-    async rotateTokens(context) {
+    async refreshTokens(context, existingUser) {
         try {
-            const refreshToken = await this.retrieveRefreshToken(context);
-            if (!refreshToken)
+            if (!this.config.refreshToken) {
+                throw new Error("Refresh tokens are not enabled.");
+            }
+            const refreshToken = this.extractRefreshToken(context);
+            if (!refreshToken) {
                 throw new errors_1.MissingTokenError("Refresh");
+            }
             const payload = await this.verifyRefreshToken(refreshToken);
-            if (!payload)
+            if (!payload) {
                 throw new errors_1.InvalidTokenError("Refresh");
-            const newAccessToken = await this.generateAccessToken(payload);
-            let newRefreshToken = await this.generateRefreshToken(payload);
-            await this.storeAccessToken(newAccessToken, context);
-            if (newRefreshToken) {
-                await this.storeRefreshToken(newRefreshToken, context);
             }
-            this.embedAccessToken(newAccessToken, context);
-            this.embedRefreshToken(newRefreshToken, context);
-            return { accessToken: newAccessToken, refreshToken: newRefreshToken };
+            if (this.config.refreshToken.absoluteExpiry) {
+                const { payloadField, onExpiry } = this.config.refreshToken.absoluteExpiry;
+                const field = payloadField || "absoluteExp";
+                const maxTime = payload[field];
+                if (maxTime && Date.now() / 1000 > maxTime) {
+                    this.logger?.warn(`Absolute expiry exceeded for refresh token.`);
+                    switch (onExpiry) {
+                        case "logout": {
+                            await this.session?.logoutSession(context);
+                            await this.invalidateRefreshToken(refreshToken, context);
+                            throw new errors_1.InvalidTokenError("Refresh");
+                        }
+                        case "error":
+                            throw new errors_1.InvalidTokenError("Refresh");
+                        case "ignore":
+                            break;
+                    }
+                }
+            }
+            let user = existingUser ?? (await this.fetchUser(payload));
+            if (!user) {
+                throw new errors_1.UserNotFoundError();
+            }
+            await this.role?.isAuthorized(user);
+            const newTokens = await this.issueTokens(user, context, true);
+            return {
+                user,
+                tokens: newTokens,
+            };
         }
         catch (error) {
-            this.logger?.error("Token rotation failed:", error);
-            throw new errors_1.InvalidTokenError("Refresh");
+            await this.onFailure("refresh_tokens", {
+                error,
+            });
+            throw error;
+        }
+    }
+    async issueTokens(user, context, rotate) {
+        try {
+            const accessToken = await this.generateAccessToken(user, context);
+            let refreshToken;
+            if (this.config.refreshToken) {
+                refreshToken = await this.generateRefreshToken(user, context);
+                if (rotate && this.config?.refreshToken?.rotation) {
+                    const oldRefreshToken = this.extractRefreshToken(context);
+                    refreshToken = await this.rotateToken(oldRefreshToken, user, context);
+                }
+                else if (this.generateRefreshToken) {
+                    refreshToken = await this.generateRefreshToken(user, context);
+                }
+            }
+            await this.storeAccessToken(accessToken);
+            this.embedAccessToken(accessToken, context);
+            if (refreshToken) {
+                await this.storeRefreshToken(refreshToken);
+                this.embedRefreshToken(refreshToken, context);
+            }
+            this.logger?.info(`JWT issued successfully`);
+            return { accessToken, refreshToken };
+        }
+        catch (error) {
+            await this.onFailure("issueTokens", {
+                context,
+                error,
+            });
+            throw error;
+        }
+    }
+    async rotateToken(refreshToken, user, context) {
+        let rotationCount = 0;
+        let newRefreshToken;
+        if (this.config.refreshToken.rotation.getRotationCount) {
+            rotationCount = await this.config.refreshToken.rotation.getRotationCount(refreshToken, user, context);
+        }
+        if (this.config.refreshToken.rotation.isLimitReached(rotationCount, this.config.refreshToken.rotation.maxRotations, user, context)) {
+            throw new errors_1.TokenRotationLimitReachedError();
+        }
+        if (this.config.refreshToken.rotation.rotateToken) {
+            const result = await this.config.refreshToken.rotation.rotateToken(refreshToken, user, context);
+            newRefreshToken = result.newToken;
+            if (typeof result.newRotationCount === "number") {
+                rotationCount = result.newRotationCount;
+            }
+            else {
+                rotationCount += 1;
+            }
+            if (this.config.refreshToken.rotation.afterRotation) {
+                await this.config.refreshToken.rotation.afterRotation(refreshToken, newRefreshToken, user, context, rotationCount);
+            }
+        }
+        else {
+            this.logger?.warn("Rotation enabled but rotateToken not provided.");
         }
+        return newRefreshToken;
     }
 }
 exports.TokenAuthStrategy = TokenAuthStrategy;

package/build/tools/index.d.ts

@@ -1,3 +1 @@
-export * from "./session.tools";
-export * from "./token.tools";
 export * from "./tools";

package/build/tools/index.js

@@ -14,6 +14,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./session.tools"), exports);
-__exportStar(require("./token.tools"), exports);
 __exportStar(require("./tools"), exports);

package/build/tools/tools.d.ts

@@ -1,3 +1,4 @@
+/// <reference types="node" />
 export declare const generateUUID: () => Promise<string>;
-export declare const generateSecureToken: (tokenLength?: number, encoding?: string) => Promise<string>;
 export declare function resolveConfig<T>(strategyConfig: T | undefined, globalConfig: T | undefined): T | undefined;
+export declare const generateRandomString: (size?: number, encoding?: BufferEncoding) => string;

package/build/tools/tools.js

@@ -1,23 +1,20 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.resolveConfig = exports.generateSecureToken = exports.generateUUID = void 0;
-const crypto_1 = require("crypto");
+exports.generateRandomString = exports.resolveConfig = exports.generateUUID = void 0;
 const uuid_1 = require("uuid");
+const crypto_1 = __importDefault(require("crypto"));
 const generateUUID = async () => {
     return Promise.resolve((0, uuid_1.v4)());
 };
 exports.generateUUID = generateUUID;
-const generateSecureToken = async (tokenLength = 32, encoding = "hex") => {
-    return new Promise((resolve, reject) => {
-        (0, crypto_1.randomBytes)(tokenLength, (err, buffer) => {
-            if (err)
-                return reject(err);
-            resolve(buffer.toString(encoding));
-        });
-    });
-};
-exports.generateSecureToken = generateSecureToken;
 function resolveConfig(strategyConfig, globalConfig) {
     return strategyConfig || globalConfig;
 }
 exports.resolveConfig = resolveConfig;
+const generateRandomString = (size = 32, encoding = "hex") => {
+    return crypto_1.default.randomBytes(size).toString(encoding);
+};
+exports.generateRandomString = generateRandomString;

package/build/types.d.ts

@@ -4,11 +4,13 @@ import { OAuth2StrategyConfig } from "./strategies/oauth2/oauth2.types";
 import { ApiKeyStrategyConfig } from "./strategies/api-key/api-key.types";
 import { BasicStrategyConfig } from "./strategies/basic/basic.types";
 import { JwtConfig } from "./strategies/jwt/jwt.types";
+export type AuthCategories = "http" | "socket" | "grpc" | "webhook" | "edge" | "isa" | "event";
 export interface SessionStore {
     getSession<T = SessionData>(sid: string, ...args: unknown[]): Promise<T | null>;
     setSession<T = SessionData>(sid: string, session: T, ...args: unknown[]): void | Promise<void>;
     destroySession(sid: string, ...args: unknown[]): void | Promise<void>;
     touchSession<T = SessionData>(sid: string, session: T, ...args: unknown[]): void | Promise<void>;
+    getSessionIds(): Promise<string[]>;
 }
 export type SessionData = {
     [key: string]: any;
@@ -39,23 +41,19 @@ export interface AuthResultConfig<TContext = unknown, TUser = unknown> {
     onSuccess?: (action: string, context: AuthSuccessContext<TUser, TContext>) => Promise<void> | void;
     onFailure?: (action: string, context: AuthFailureContext<TContext>) => Promise<void> | void;
 }
-export interface SecurityConfig {
-    maxFailedLoginAttempts?: number;
-    lockoutDuration?: number;
-    notifyOnLockout?: (account: any) => Promise<void>;
+export interface AuthThrottleConfig {
+    incrementFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
+    resetFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
+    getFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<number>;
+    maxFailedAttempts?: number;
 }
 export interface BaseAuthStrategyConfig<TContext = unknown, TUser = unknown> extends AuthResultConfig<TContext, TUser> {
     mfa?: MfaConfig<TUser, TContext>;
     session?: SessionConfig;
     role?: RoleAuthorizationConfig<TUser>;
     rateLimit?: RateLimitConfig;
-    security?: SecurityConfig;
+    throttle?: AuthThrottleConfig;
     lock?: AccountLockConfig<TContext>;
-    failedAttempts?: FailedAttemptsConfig;
-}
-export interface AuditLoggingConfig<TContext = unknown> {
-    logAttempt?: (userId: string, success: boolean, context?: TContext) => Promise<void>;
-    logPasswordChange?: (userId: string, context?: TContext) => Promise<void>;
 }
 export interface MfaConfig<TUser = unknown, TContext = unknown> {
     extractMfaCode?: (context?: TContext) => string;
@@ -74,19 +72,17 @@ export interface MfaConfig<TUser = unknown, TContext = unknown> {
     incrementMfaAttempts?: (user: TUser) => Promise<void>;
 }
 export interface PasswordPolicyConfig {
-    validatePassword?: (password: string) => boolean;
-    getLastPasswordChange?: (identifier: string) => Date;
-    forcePasswordChangeOnFirstLogin?: boolean;
+    validatePassword?: (password: string) => Promise<boolean>;
+    getLastPasswordChange?: (identifier: string) => Promise<Date>;
     passwordExpirationDays?: number;
-    isPasswordChangeRequired?: (identifier: string) => Promise<boolean>;
     generateResetToken?: (identifier: string) => Promise<string>;
     sendResetEmail?: (identifier: string, token: string) => Promise<void>;
     validateResetToken?: (token: string) => Promise<boolean>;
     updatePassword?: (identifier: string, newPassword: string) => Promise<void>;
 }
-export interface UserConfig {
-    getUserData: (payload: any) => Promise<any>;
-    validateUser?: (payload: any) => Promise<any>;
+export interface UserConfig<TUser = unknown> {
+    fetchUser: (payload: unknown) => Promise<TUser | null>;
+    validateUser?: (payload: unknown) => Promise<any>;
 }
 export interface CredentailsConfig<TContext = any> {
     extractCredentials: <TCredentials = {
@@ -95,44 +91,48 @@ export interface CredentailsConfig<TContext = any> {
     }>(context: TContext) => TCredentials;
     verifyCredentials: (identifier: string, password: string) => Promise<boolean>;
 }
-export interface FailedAttemptsConfig {
-    incrementFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
-    resetFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
-    getFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<number>;
-}
 export interface CredentialAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
     passwordPolicy?: PasswordPolicyConfig;
-    audit?: AuditLoggingConfig<TContext>;
     credentials?: CredentailsConfig<TContext>;
-    user?: UserConfig;
-    routes?: {
-        login?: AuthRouteConfig;
-        logout?: AuthRouteConfig;
+    jwt?: TokenAuthConfig<TContext>;
+    user?: UserConfig<TUser>;
+    allowGuest?: boolean;
+    routes: {
+        login: AuthRouteConfig;
+        logout: AuthRouteConfig;
         resetPassword?: AuthRouteConfig;
+        changePassword?: AuthRouteConfig;
+        requestPasswordReset?: AuthRouteConfig;
     };
 }
 export type AuthRouteConfig = {
-    path?: string;
-    method?: string;
+    path: string;
+    method: string;
 };
-export interface TokenAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
-    user?: UserConfig;
+export interface TokenAuthConfig<TContext = unknown, TUser = unknown> {
+    accessToken?: TokenConfig<TContext>;
+    refreshToken?: RefreshTokenConfig<TContext, TUser>;
+}
+export interface TokenAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser>, TokenAuthConfig<TContext> {
+    user?: UserConfig<TUser>;
     routes: {
         login?: AuthRouteConfig;
         logout?: AuthRouteConfig;
         refresh?: AuthRouteConfig;
         [key: string]: AuthRouteConfig;
     };
-    accessToken?: TokenConfig<TContext>;
-    refreshToken?: TokenConfig<TContext>;
 }
 export interface AccountLockConfig<TContext = unknown> {
     logFailedAttempt?: (account: any, context?: TContext) => Promise<void>;
-    lockAccount?: (account: any) => Promise<void>;
-    isAccountLocked?: (account: any, context?: TContext) => Promise<boolean>;
+    lockAccount: (account: any) => Promise<void>;
+    removeAccountLock: (account: any) => Promise<void>;
+    hasAccountLockExpired: (account: any) => Promise<boolean>;
+    isAccountLocked: (account: any, context?: TContext) => Promise<boolean>;
+    lockoutDuration?: number;
+    notifyOnLockout?: (account: any) => Promise<void>;
 }
 export interface RateLimitConfig {
-    checkRateLimit?: (...args: unknown[]) => Promise<boolean>;
+    checkRateLimit: (...args: unknown[]) => Promise<boolean>;
     incrementRequestCount?: (...args: unknown[]) => Promise<void>;
 }
 export interface RoleAuthorizationConfig<TUser = unknown> {
@@ -143,23 +143,26 @@ export type AuthSuccessContext<TUser = unknown, TContext = unknown, TSessionData
     user?: TUser;
     context?: TContext;
     session?: SessionInfo<TSessionData>;
-    tokens?: string;
+    tokens?: Record<string, unknown>;
     identifier?: string;
     email?: string;
+    additional?: Record<string, unknown>;
 };
 export type AuthFailureContext<TContext = unknown> = {
     error: Error;
     context?: TContext;
     identifier?: string;
     email?: string;
+    additional?: Record<string, unknown>;
 };
-export type AuthResult<TUser, TSessionData = unknown> = {
+export type AuthResult<TUser = unknown, TSessionData = unknown> = {
     user: TUser;
     session?: SessionInfo<TSessionData>;
     tokens?: {
         accessToken?: string;
         refreshToken?: string | null;
         apiKey?: string | null;
+        [key: string]: string;
     };
 };
 export interface AuthStrategy<TContext = unknown, TUser = unknown> {
@@ -168,6 +171,7 @@ export interface AuthStrategy<TContext = unknown, TUser = unknown> {
     authorize?(user: any, action: string, resource?: string): Promise<boolean>;
     refresh?(refreshToken: string): Promise<string>;
     logout?(context?: TContext): Promise<void>;
+    logout?(context?: TContext): Promise<void>;
 }
 export interface SoapHttpAuthConfig<TContext = unknown, TUser = unknown> {
     local?: LocalStrategyConfig<TContext, TUser>;
@@ -175,7 +179,6 @@ export interface SoapHttpAuthConfig<TContext = unknown, TUser = unknown> {
         [provider: string]: OAuth2StrategyConfig<TContext, TUser>;
     };
     apiKey?: ApiKeyStrategyConfig<TContext, TUser>;
-    jwt?: JwtConfig<TContext, TUser>;
     basic?: BasicStrategyConfig<TContext, TUser>;
     custom: {
         [label: string]: AuthStrategy;
@@ -190,6 +193,7 @@ export interface SoapSocketAuthConfig<TContext = unknown, TUser = unknown> {
 }
 export interface SoapAuthConfig<TContext = unknown, TUser = unknown> {
     session?: SessionConfig;
+    jwt?: TokenAuthConfig<TContext>;
     http?: SoapHttpAuthConfig<TContext, TUser>;
     socket?: SoapSocketAuthConfig<TContext, TUser>;
     logger?: Soap.Logger;
@@ -235,7 +239,7 @@ export interface StorageContext {
     encrypt?: (data: string) => Promise<string> | string;
     decrypt?: (data: string) => Promise<string> | string;
 }
-export interface TokenIssuerConfig {
+export interface TokenIssuerConfig<TContext = unknown> {
     secretKey: string;
     options: {
         expiresIn: string | number;
@@ -244,7 +248,8 @@ export interface TokenIssuerConfig {
         subject?: string;
         [option: string]: unknown;
     };
-    generate?: (payload: any) => string;
+    buildPayload?: (user: any, context?: TContext) => Record<string, any>;
+    generate?: (data: any, context?: TContext) => string;
 }
 export interface TokenVerifierConfig {
     options: {
@@ -252,26 +257,52 @@ export interface TokenVerifierConfig {
     };
     verify?: (token: string) => Promise<any>;
 }
-export interface TokenPersistenceConfig {
-    store?: (token: string, data: any, expiresIn: string | number) => Promise<void>;
-    read?: (...args: any[]) => Promise<string | null>;
-    remove?: (...args: any[]) => Promise<void>;
+export interface PersistenceConfig<T = any> {
+    store: (data: any, ...args: any[]) => Promise<void>;
+    read: (...args: any[]) => Promise<T | null>;
+    remove: (...args: any[]) => Promise<void>;
+}
+export interface ContextOperationConfig<TContext = any, TData = any> {
+    embed?: (context: TContext, data: TData) => void;
+    extract?: (context: TContext) => TData | null;
 }
-export interface TokenConfig<TContext = any> {
-    embed?: (context: TContext, token: string) => void;
-    retrieve?: (context: TContext) => Promise<string | null>;
-    rotation?: TokenRotationConfig;
-    issuer?: TokenIssuerConfig;
+export interface TokenConfig<TContext = any, TUser = any> extends ContextOperationConfig<TContext, string> {
+    rotation?: TokenRotationConfig<TContext, TUser>;
+    issuer?: TokenIssuerConfig<TContext>;
     verifier?: TokenVerifierConfig;
-    persistence?: TokenPersistenceConfig;
+    persistence?: PersistenceConfig;
     additional?: Record<string, unknown>;
 }
-export interface TokenRotationConfig {
-    maxRotations?: number;
-    rotateToken?: (token: string) => Promise<string>;
+export interface RefreshTokenConfig<TContext = any, TUser = any> extends TokenConfig<TContext, TUser> {
+    absoluteExpiry?: AbsoluteExpiryConfig;
+}
+export interface AbsoluteExpiryConfig {
+    payloadField?: string;
+    onExpiry?: "error" | "logout" | "ignore";
+}
+export interface TokenRotationConfig<TContext, TUser> {
+    maxRotations: number;
+    getRotationCount: (token: string, user: TUser, context: TContext) => Promise<number>;
+    rotateToken: (oldToken: string, user: TUser, context: TContext) => Promise<{
+        newToken: string;
+        newRotationCount?: number;
+    }>;
+    afterRotation?: (oldToken: string, newToken: string, user: TUser, context: TContext, rotationCount?: number) => Promise<void>;
+    isLimitReached?: (rotationCount: number, maxRotations: number | undefined, user: TUser, context: TContext) => boolean;
 }
 export interface PKCEConfig<TContext> {
-    generateCodeVerifier?: () => string;
-    storeCodeVerifier?: (context: TContext, codeVerifier: string) => void;
-    retrieveCodeVerifier?: (context: TContext) => string | null;
+    challenge: {
+        expiresIn?: number;
+        generate?: (codeVerifier: string) => string;
+        embed?: (context: TContext, challenge: string) => void;
+        extract?: (context: TContext) => string | null;
+        persistence?: PersistenceConfig;
+    };
+    verifier: {
+        expiresIn?: number;
+        generate?: () => string;
+        embed?: (context: TContext, codeVerifier: string) => void;
+        extract?: (context: TContext) => string | null;
+        persistence?: PersistenceConfig;
+    };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soapjs/soap-auth",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "",
   "homepage": "https://docs.soapjs.com",
   "repository": "https://github.com/soapjs/soap-auth",

package/build/factories/auth-strategy.factory.d.ts

@@ -1,9 +0,0 @@
-import * as Soap from "@soapjs/soap";
-import { AuthStrategy, SessionConfig, SoapAuthConfig } from "../types";
-import { SessionHandler } from "../session/session-handler";
-export declare abstract class AuthStrategyFactory {
-    protected logger?: Soap.Logger;
-    abstract createStrategies(config: SoapAuthConfig): Map<string, AuthStrategy>;
-    constructor(logger?: Soap.Logger);
-    protected getSessionHandler(strategyConfig: SessionConfig, globalConfig: SessionConfig): SessionHandler<unknown, any>;
-}

package/build/factories/auth-strategy.factory.js

@@ -1,16 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthStrategyFactory = void 0;
-const tools_1 = require("../tools/tools");
-const session_handler_1 = require("../session/session-handler");
-class AuthStrategyFactory {
-    logger;
-    constructor(logger) {
-        this.logger = logger;
-    }
-    getSessionHandler(strategyConfig, globalConfig) {
-        const sessionConfig = (0, tools_1.resolveConfig)(strategyConfig, globalConfig);
-        return sessionConfig ? new session_handler_1.SessionHandler(sessionConfig) : undefined;
-    }
-}
-exports.AuthStrategyFactory = AuthStrategyFactory;

package/build/factories/http-auth-strategy.factory.d.ts

@@ -1,5 +0,0 @@
-import { AuthStrategy, SoapAuthConfig } from "../types";
-import { AuthStrategyFactory } from "./auth-strategy.factory";
-export declare class HttpAuthStrategyFactory extends AuthStrategyFactory {
-    createStrategies(config: SoapAuthConfig): Map<string, AuthStrategy>;
-}

package/build/factories/http-auth-strategy.factory.js

@@ -1,41 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.HttpAuthStrategyFactory = void 0;
-const oauth2_strategy_1 = require("../strategies/oauth2/oauth2.strategy");
-const api_key_strategy_1 = require("../strategies/api-key/api-key.strategy");
-const jwt_strategy_1 = require("../strategies/jwt/jwt.strategy");
-const basic_strategy_1 = require("../strategies/basic/basic.strategy");
-const auth_strategy_factory_1 = require("./auth-strategy.factory");
-const local_strategy_1 = require("../strategies/local/local.strategy");
-class HttpAuthStrategyFactory extends auth_strategy_factory_1.AuthStrategyFactory {
-    createStrategies(config) {
-        const strategies = new Map();
-        if (!config.http) {
-            return strategies;
-        }
-        if (config.http.oauth2) {
-            for (const provider in config.http.oauth2) {
-                strategies.set(provider, new oauth2_strategy_1.OAuth2Strategy(config.http.oauth2[provider], this.getSessionHandler(config.http.oauth2[provider].session, config.session), config.logger));
-            }
-        }
-        if (config.http.apiKey) {
-            strategies.set("apiKey", new api_key_strategy_1.ApiKeyStrategy(config.http.apiKey, this.logger));
-        }
-        if (config.http.basic) {
-            strategies.set("basic", new basic_strategy_1.BasicStrategy(config.http.basic, this.getSessionHandler(config.http.basic.session, config.session), config.logger));
-        }
-        if (config.http.local) {
-            strategies.set("local", new local_strategy_1.LocalStrategy(config.http.local, this.getSessionHandler(config.http.local.session, config.session), config.logger));
-        }
-        if (config.http.jwt) {
-            strategies.set("jwt", new jwt_strategy_1.JwtStrategy(config.http.jwt, this.getSessionHandler(config.http.jwt.session, config.session), this.logger));
-        }
-        if (config.http.custom) {
-            Object.entries(config.http.custom).forEach(([key, strategy]) => {
-                strategies.set(key, strategy);
-            });
-        }
-        return strategies;
-    }
-}
-exports.HttpAuthStrategyFactory = HttpAuthStrategyFactory;

package/build/factories/index.d.ts

@@ -1,3 +0,0 @@
-export * from "./auth-strategy.factory";
-export * from "./http-auth-strategy.factory";
-export * from "./socket-auth-strategy.factory";