@travetto/auth 6.0.0-rc.0 → 6.0.0-rc.2

package/README.md

@@ -21,9 +21,9 @@ This module provides the high-level backdrop for managing security principals.
    *  Authorization Context
 
 ## Standard Types
-The module's goal is to be as flexible as possible.  To that end, the primary contract that this module defines, is that of the [Principal Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L8).
+The module's goal is to be as flexible as possible.  To that end, the primary contract that this module defines, is that of the [Principal](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L7).
 
-**Code: Principal Contract**
+**Code: Principal**
 ```typescript
 export interface Principal<D = AnyMap> {
   /**
@@ -57,11 +57,11 @@ export interface Principal<D = AnyMap> {
 }
 ```
 
-As referenced above, a [Principal Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L8) is defined as a user with respect to a security context. This can be information the application knows about the user (authorized) or what a separate service may know about a user (3rd-party authentication).
+As referenced above, a [Principal](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L7) is defined as a user with respect to a security context. This can be information the application knows about the user (authorized) or what a separate service may know about a user (3rd-party authentication).
 
 ## Authentication Contract
 
-**Code: Authenticator Contract**
+**Code: Authenticator**
 ```typescript
 export interface Authenticator<T = unknown, C = unknown, P extends Principal = Principal> {
   /**
@@ -80,14 +80,11 @@ export interface Authenticator<T = unknown, C = unknown, P extends Principal = P
 }
 ```
 
-The [Authenticator Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authenticator.ts#L14) only requires one method to be defined, and that is `authenticate`. This method receives a generic payload, and a supplemental context as an input. The interface is responsible for converting that to an authenticated principal.
-
-### Example
-The [JWT](https://github.com/travetto/travetto/tree/main/module/jwt#readme "JSON Web Token implementation") module is a good example of an authenticator. This is a common use case for simple internal auth.
+The [Authenticator](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authenticator.ts#L9) only requires one method to be defined, and that is `authenticate`. This method receives a generic payload, and a supplemental context as an input. The interface is responsible for converting that to an authenticated principal.
 
 ## Authorization Contract
 
-**Code: Authorizer Contract**
+**Code: Authorizer**
 ```typescript
 export interface Authorizer<P extends Principal = Principal> {
   /**
@@ -100,7 +97,7 @@ export interface Authorizer<P extends Principal = Principal> {
 
 Authorizers are generally seen as a secondary step post-authentication. Authentication acts as a very basic form of authorization, assuming the principal store is owned by the application. 
 
-The [Authorizer Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authorizer.ts#L8) only requires one method to be defined, and that is `authorizer`. This method receives an authenticated principal as an input, and is responsible for converting that to an authorized principal.
+The [Authorizer](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authorizer.ts#L8) only requires one method to be defined, and that is `authorize`. This method receives an authenticated principal as an input, and is responsible for converting that to an authorized principal.
 
 ### Example
 The [Data Modeling Support](https://github.com/travetto/travetto/tree/main/module/model#readme "Datastore abstraction for core operations.") extension is a good example of an authenticator. This is a common use case for simple internal auth. 
@@ -137,34 +134,24 @@ export class AuthService {
 }
 ```
 
-The [AuthService](https://github.com/travetto/travetto/tree/main/module/auth/src/service.ts#L14) operates as the owner of the current auth state for a given "request".  "Request" here implies a set of operations over a period of time, with the http request/response model being an easy point of reference.  This could also tie to a CLI operation, or any other invocation that requires some concept of authentication and authorization. 
+The [AuthService](https://github.com/travetto/travetto/tree/main/module/auth/src/service.ts#L13) operates as the owner of the current auth state for a given "request". "Request" here implies a set of operations over a period of time, with the http request/response model being an easy point of reference.  This could also tie to a CLI operation, or any other invocation that requires some concept of authentication and authorization. 
 
-The service allows for storing and retrieving the active [Principal Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L8), and/or the actively persisted auth token.  This is extremely useful for other parts of the framework that may request authenticated information (if available).  [Rest Auth](https://github.com/travetto/travetto/tree/main/module/auth-rest#readme "Rest authentication integration support for the Travetto framework") makes heavy use of this state for enforcing routes when authentication is required. 
+The service allows for storing and retrieving the active [Principal](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L7), and/or the actively persisted auth token.  This is extremely useful for other parts of the framework that may request authenticated information (if available).  [Web Auth](https://github.com/travetto/travetto/tree/main/module/auth-web#readme "Web authentication integration support for the Travetto framework") makes heavy use of this state for enforcing endpoints when authentication is required. 
 
 ### Login
-"Logging in" can be thought of going through the action of finding a single source that can authenticate the identity for the request credentials.  Some times there may be more than one valid source of authentication that you want to leverage, and the first one to authenticate wins. The [AuthService](https://github.com/travetto/travetto/tree/main/module/auth/src/service.ts#L14) operates in this fashion, in which a set of credentials and potential [Authenticator Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authenticator.ts#L14)s are submitted, and the service will attempt to authenticate.  
+"Logging in" can be thought of going through the action of finding a single source that can authenticate the identity for the request credentials.  Some times there may be more than one valid source of authentication that you want to leverage, and the first one to authenticate wins. The [AuthService](https://github.com/travetto/travetto/tree/main/module/auth/src/service.ts#L13) operates in this fashion, in which a set of credentials and potential [Authenticator](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authenticator.ts#L9)s are submitted, and the service will attempt to authenticate.  
 
-Upon successful authentication, an optional [Authorizer Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authorizer.ts#L8) may be invoked to authorize the authenticated user.  The [Authenticator Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authenticator.ts#L14) is assumed to be only one within the system, and should be tied to the specific product you are building for.  The [Authorizer Contract](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authorizer.ts#L8) should be assumed to have multiple sources, and are generally specific to external third parties.  All of these values are collected via the [Dependency Injection](https://github.com/travetto/travetto/tree/main/module/di#readme "Dependency registration/management and injection support.") module and will be auto-registered on startup. 
+Upon successful authentication, an optional [Authorizer](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authorizer.ts#L8) may be invoked to authorize the authenticated user.  The [Authenticator](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authenticator.ts#L9) is assumed to be only one within the system, and should be tied to the specific product you are building for.  The [Authorizer](https://github.com/travetto/travetto/tree/main/module/auth/src/types/authorizer.ts#L8) should be assumed to have multiple sources, and are generally specific to external third parties.  All of these values are collected via the [Dependency Injection](https://github.com/travetto/travetto/tree/main/module/di#readme "Dependency registration/management and injection support.") module and will be auto-registered on startup. 
 
 If this process is too cumbersome or restrictive, manually authenticating and authorizing is still more than permissible, and setting the principal within the service is a logical equivalent to login.
 
 ## Authorization Context
-When working with framework's authentication, the authenticated information is exposed via the [AuthContext](https://github.com/travetto/travetto/tree/main/module/auth/src/context.ts#L16), object. 
+When working with framework's authentication, the authenticated information is exposed via the [AuthContext](https://github.com/travetto/travetto/tree/main/module/auth/src/context.ts#L14), object. 
 
 **Code: Auth Context Outline**
 ```typescript
-type AuthContextShape = {
-  principal?: Principal;
-  authToken?: AuthToken;
-  authenticatorState?: AuthenticatorState;
-};
-@Injectable()
 export class AuthContext {
   @Inject()
-  /**
-   * Get the principal, if set
-   */
-  get principal(): Principal | undefined;
   /**
    * Set principal
    */

package/__index__.ts

@@ -1,8 +1,8 @@
-export * from './src/service';
-export * from './src/context';
-export * from './src/config';
-export * from './src/types/authenticator';
-export * from './src/types/authorizer';
-export * from './src/types/principal';
-export * from './src/types/error';
-export * from './src/types/token';
+export * from './src/service.ts';
+export * from './src/context.ts';
+export * from './src/config.ts';
+export * from './src/types/authenticator.ts';
+export * from './src/types/authorizer.ts';
+export * from './src/types/principal.ts';
+export * from './src/types/error.ts';
+export * from './src/types/token.ts';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@travetto/auth",
-  "version": "6.0.0-rc.0",
+  "version": "6.0.0-rc.2",
   "description": "Authentication scaffolding for the Travetto framework",
   "keywords": [
     "authentication",
@@ -23,7 +23,7 @@
     "directory": "module/auth"
   },
   "dependencies": {
-    "@travetto/context": "^6.0.0-rc.0"
+    "@travetto/context": "^6.0.0-rc.2"
   },
   "travetto": {
     "displayName": "Authentication"

package/src/context.ts

@@ -1,73 +1,65 @@
-
 import { Inject, Injectable } from '@travetto/di';
 import { AsyncContext, AsyncContextValue } from '@travetto/context';
 
-import { AuthToken } from './types/token';
-import { Principal } from './types/principal';
-import { AuthenticatorState } from './types/authenticator';
-
-type AuthContextShape = {
-  principal?: Principal;
-  authToken?: AuthToken;
-  authenticatorState?: AuthenticatorState;
-};
+import { AuthToken } from './types/token.ts';
+import { Principal } from './types/principal.ts';
+import { AuthenticatorState } from './types/authenticator.ts';
 
+/**
+ * Provides the primary context for the authenticated state
+ *
+ * Will silently fail on reads, but will error on writes if the context is not established.
+ */
 @Injectable()
 export class AuthContext {
 
-  #value = new AsyncContextValue<AuthContextShape>(this);
+  #principal = new AsyncContextValue<Principal>(this, { failIfUnbound: { write: true } });
+  #authToken = new AsyncContextValue<AuthToken>(this, { failIfUnbound: { write: true } });
+  #authState = new AsyncContextValue<AuthenticatorState>(this, { failIfUnbound: { write: true } });
 
   @Inject()
   context: AsyncContext;
 
-  /**
-   * Initialize context
-   * @private
-   */
-  init(): void {
-    this.#value.set({});
-  }
-
   /**
    * Get the principal, if set
    */
   get principal(): Principal | undefined {
-    return this.#value.get()?.principal;
+    return this.#principal.get();
   }
 
   /**
    * Set principal
    */
   set principal(p: Principal | undefined) {
-    this.#value.get()!.principal = p;
+    this.#principal.set(p);
   }
 
   /**
    * Get the authentication token, if it exists
    */
   get authToken(): AuthToken | undefined {
-    return this.#value.get()?.authToken;
+    return this.#authToken.get();
   }
 
   /**
    * Set/overwrite the user's authentication token
    */
   set authToken(token: AuthToken | undefined) {
-    this.#value.get()!.authToken = token;
+    this.#authToken.set(token);
   }
 
   /**
    * Get the authenticator state, if it exists
    */
   get authenticatorState(): AuthenticatorState | undefined {
-    return this.#value.get()?.authenticatorState;
+    return this.#authState.get();
   }
 
   /**
    * Set/overwrite the authenticator state
    */
   set authenticatorState(state: AuthenticatorState | undefined) {
-    this.#value.get()!.authenticatorState = state;
+    this.#authState.set(state);
   }
 
   /**
@@ -75,6 +67,8 @@ export class AuthContext {
    * @private
    */
   async clear(): Promise<void> {
-    this.#value.set(undefined);
+    this.#principal.set(undefined);
+    this.#authToken.set(undefined);
+    this.#authState.set(undefined);
   }
 }

package/src/service.ts

@@ -1,14 +1,13 @@
 
 import { DependencyRegistry, Inject, Injectable } from '@travetto/di';
-import { TimeUtil } from '@travetto/runtime';
+import { toConcrete, TimeUtil } from '@travetto/runtime';
 
-import { AuthenticatorTarget } from './internal/types';
-import { Principal } from './types/principal';
-import { Authenticator } from './types/authenticator';
-import { Authorizer } from './types/authorizer';
-import { AuthenticationError } from './types/error';
-import { AuthContext } from './context';
-import { AuthConfig } from './config';
+import { Principal } from './types/principal.ts';
+import { Authenticator } from './types/authenticator.ts';
+import { Authorizer } from './types/authorizer.ts';
+import { AuthenticationError } from './types/error.ts';
+import { AuthContext } from './context.ts';
+import { AuthConfig } from './config.ts';
 
 @Injectable()
 export class AuthService {
@@ -26,8 +25,9 @@ export class AuthService {
 
   async postConstruct(): Promise<void> {
     // Find all authenticators
+    const AuthenticatorTarget = toConcrete<Authenticator>();
     for (const source of DependencyRegistry.getCandidateTypes(AuthenticatorTarget)) {
-      const dep = DependencyRegistry.getInstance<Authenticator>(AuthenticatorTarget, source.qualifier);
+      const dep = DependencyRegistry.getInstance(AuthenticatorTarget, source.qualifier);
       this.#authenticators.set(source.qualifier, dep);
     }
   }

package/src/types/authenticator.ts

@@ -1,15 +1,17 @@
 import { AnyMap } from '@travetto/runtime';
-import { Principal } from './principal';
+import { Principal } from './principal.ts';
 
 /**
  * Represents the general shape of additional login context, usually across multiple calls
+ *
+ * @concrete
  */
 export interface AuthenticatorState extends AnyMap { }
 
 /**
  * Supports validation payload of type T into an authenticated principal
  *
- * @concrete ../internal/types#AuthenticatorTarget
+ * @concrete
  */
 export interface Authenticator<T = unknown, C = unknown, P extends Principal = Principal> {
   /**

package/src/types/authorizer.ts

@@ -1,9 +1,9 @@
-import { Principal } from './principal';
+import { Principal } from './principal.ts';
 
 /**
  * Definition of an authorization source, which validates a principal into an authorized principal
  *
- * @concrete ../internal/types#AuthorizerTarget
+ * @concrete
  */
 export interface Authorizer<P extends Principal = Principal> {
   /**

package/src/types/principal.ts

@@ -2,8 +2,7 @@ import { AnyMap } from '@travetto/runtime';
 
 /**
  * A user principal, including permissions and details
- * @augments `@travetto/rest:Context`
- * @concrete ../internal/types#PrincipalTarget
+ * @concrete
  */
 export interface Principal<D = AnyMap> {
   /**

package/src/types/token.ts

@@ -1 +1,8 @@
-export type AuthToken = { value: string, type: string };
+/**
+ * Represents the authenticated token used, allows for reuse on subsequent calls
+ * @concrete
+ */
+export interface AuthToken {
+  value: string;
+  type: string;
+};

package/src/internal/types.ts

@@ -1,11 +0,0 @@
-export class PrincipalTarget {
-  id: string;
-  expiresAt?: Date;
-  issuedAt?: Date;
-  maxAge?: number;
-  issuer?: string;
-  details?: unknown;
-  permissions?: string[];
-}
-export class AuthorizerTarget { }
-export class AuthenticatorTarget { }