npm - @toa.io/extensions.exposition - Versions diffs - 1.0.0-alpha.137 → 1.0.0-alpha.138 - Mend

@toa.io/extensions.exposition 1.0.0-alpha.137 → 1.0.0-alpha.138

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/features/identity.federation.feature CHANGED Viewed

@@ -266,3 +266,40 @@ Feature: Identity Federation
       id: ${{ Bob.id }}
       """
+  Scenario: Tokens with `jti` are one-time
+    Given the `identity.federation` configuration:
+      """yaml
+      trust:
+        - iss: http://localhost:44444
+      implicit: true
+      """
+    And ID token with jti is issued for User
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Bearer ${{ User.id_token }}
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ User.token }}
+      id: ${{ User.id }}
+      roles: []
+      """
+    # second use
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      host: nex.toa.io
+      authorization: Bearer ${{ User.id_token }}
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      401 Unauthorized
+      """

package/features/steps/IdP.ts CHANGED Viewed

@@ -184,4 +184,33 @@ export class IdP {
     this.captures.set(`${user}.id_token`, idToken)
   }
+  @given('ID token with jti is issued for {word}')
+  public async issueTokenWithJti (user: string): Promise<void> {
+    assert.ok(IdP.privateKey, 'IdP private key is not available')
+    const jwt = [
+      {
+        typ: 'JWT',
+        alg: 'RS256'
+      },
+      {
+        iss: IdP.issuer,
+        sub: user,
+        aud: 'test',
+        email: user + '@test.local',
+        iat: Math.floor(Date.now() / 1000),
+        exp: Math.floor((Date.now() + 1000 * 60 * 5) / 1000),
+        jti: crypto.randomUUID()
+      }
+    ]
+      .map((v) => Buffer.from(JSON.stringify(v)).toString('base64url'))
+      .join('.')
+    const signature = crypto.createSign('RSA-SHA256').end(jwt).sign(IdP.privateKey, 'base64url')
+    const idToken = `${jwt}.${signature}`
+    this.captures.set(`${user}.id_token`, idToken)
+  }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@toa.io/extensions.exposition",
-  "version": "1.0.0-alpha.137",
+  "version": "1.0.0-alpha.138",
   "description": "Toa Exposition",
   "author": "temich <tema.gurtovoy@gmail.com>",
   "homepage": "https://github.com/toa-io/toa#readme",
@@ -63,5 +63,5 @@
     "@types/negotiator": "0.6.1",
     "jest-esbuild": "0.3.0"
   },
-  "gitHead": "13e288b4898be9dd4fa97e2208d75131364888de"
+  "gitHead": "f50ba7a0b226c03a7c9a6e217a10dc66d8ccd956"
 }