@tekcify/auth-backend 2.2.0 → 2.2.1

package/dist/jwks-verifier.d.ts

@@ -11,7 +11,7 @@ export declare class JwksVerifier {
     private readonly client;
     private readonly issuer;
     private readonly audience;
-    constructor(options: JwksVerifierOptions);
+    constructor(options?: JwksVerifierOptions);
     verify(token: string): Promise<VerifiedToken>;
     getPublicKey(kid: string): Promise<string>;
 }

package/dist/jwks-verifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwks-verifier.d.ts","sourceRoot":"","sources":["../src/jwks-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAgB,aAAa,EAAE,MAAM,SAAS,CAAC;AAK3D,MAAM,WAAW,mBAAmB;IAClC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAWD,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;gBAEtB,OAAO,EAAE,mBAAmB;IAelC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAsC7C,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAIjD;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,YAAY,CAE7E"}
+{"version":3,"file":"jwks-verifier.d.ts","sourceRoot":"","sources":["../src/jwks-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAgB,aAAa,EAAE,MAAM,SAAS,CAAC;AAS3D,MAAM,WAAW,mBAAmB;IAClC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAWD,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;gBAEtB,OAAO,GAAE,mBAAwB;IAevC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA6C7C,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAIjD;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,YAAY,CAE7E"}

package/dist/jwks-verifier.js

@@ -9,15 +9,18 @@ const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
 const DEFAULT_AUTH_SERVER_URL = 'https://auth-api.tekcify.com';
 const JWKS_PATH = '/api/.well-known/jwks.json';
+function getAuthServerUrl(optionUrl) {
+    return optionUrl ?? process.env.AUTH_SERVER_URL ?? DEFAULT_AUTH_SERVER_URL;
+}
 function resolveJwksUri(options) {
     if (options.jwksUri) {
         return options.jwksUri;
     }
-    const baseUrl = (options.authServerUrl ?? DEFAULT_AUTH_SERVER_URL).replace(/\/$/, '');
+    const baseUrl = getAuthServerUrl(options.authServerUrl).replace(/\/$/, '');
     return `${baseUrl}${JWKS_PATH}`;
 }
 class JwksVerifier {
-    constructor(options) {
+    constructor(options = {}) {
         const jwksUri = resolveJwksUri(options);
         this.client = (0, jwks_rsa_1.default)({
             jwksUri,
@@ -39,7 +42,14 @@ class JwksVerifier {
             if (!kid) {
                 return { payload: {}, valid: false };
             }
-            const key = await this.client.getSigningKey(kid);
+            let key;
+            try {
+                key = await this.client.getSigningKey(kid);
+            }
+            catch (keyError) {
+                console.error(`[JwksVerifier] Failed to get signing key for kid=${kid}:`, keyError instanceof Error ? keyError.message : keyError);
+                return { payload: {}, valid: false };
+            }
             const publicKey = key.getPublicKey();
             const decoded = jsonwebtoken_1.default.verify(token, publicKey, {
                 algorithms: ['RS256'],

package/dist/nestjs/jwks-guard.d.ts

@@ -6,9 +6,9 @@ export interface JwksAuthGuardOptions extends JwksVerifierOptions {
     } | null>;
 }
 export declare class JwksAuthGuard implements CanActivate {
-    private readonly options;
     private readonly verifier;
-    constructor(options: JwksAuthGuardOptions);
+    private readonly options;
+    constructor(options?: JwksAuthGuardOptions);
     canActivate(context: ExecutionContext): Promise<boolean>;
 }
 //# sourceMappingURL=jwks-guard.d.ts.map

package/dist/nestjs/jwks-guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwks-guard.d.ts","sourceRoot":"","sources":["../../src/nestjs/jwks-guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAEjB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAgB,KAAK,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAG1E,MAAM,WAAW,oBAAqB,SAAQ,mBAAmB;IAC/D,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;CACrE;AAED,qBACa,aAAc,YAAW,WAAW;IAGnC,OAAO,CAAC,QAAQ,CAAC,OAAO;IAFpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAe;gBAEX,OAAO,EAAE,oBAAoB;IAIpD,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAkD/D"}
+{"version":3,"file":"jwks-guard.d.ts","sourceRoot":"","sources":["../../src/nestjs/jwks-guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAEjB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAgB,KAAK,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAG1E,MAAM,WAAW,oBAAqB,SAAQ,mBAAmB;IAC/D,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;CACrE;AAED,qBACa,aAAc,YAAW,WAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAe;IACxC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAuB;gBAEnC,OAAO,GAAE,oBAAyB;IAKxC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAkD/D"}

package/dist/nestjs/jwks-guard.js

@@ -13,7 +13,7 @@ exports.JwksAuthGuard = void 0;
 const common_1 = require("@nestjs/common");
 const jwks_verifier_1 = require("../jwks-verifier");
 let JwksAuthGuard = class JwksAuthGuard {
-    constructor(options) {
+    constructor(options = {}) {
         this.options = options;
         this.verifier = new jwks_verifier_1.JwksVerifier(options);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tekcify/auth-backend",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "Backend authentication helpers for Tekcify Auth. Provides middleware, guards, and utilities for validating JWT tokens and protecting API routes in NestJS and Express applications.",
   "author": "Tekcify",
   "main": "./dist/index.js",