@twin.org/api-auth-entity-storage-service 0.0.1-next.28 → 0.0.1-next.29

package/dist/cjs/index.cjs

@@ -76,11 +76,7 @@ class TokenHelper {
         const jwt = await web.Jwt.encodeWithSigner({ alg: "EdDSA" }, {
             sub: subject,
             exp: nowSeconds + ttlSeconds
-        }, async (header, payload) => {
-            const signingBytes = web.Jwt.toSigningBytes(header, payload);
-            const signatureBytes = await vaultConnector.sign(signingKeyName, signingBytes);
-            return web.Jwt.tokenFromBytes(signingBytes, signatureBytes);
-        });
+        }, async (header, payload) => vaultModels.VaultConnectorHelper.jwtSigner(vaultConnector, signingKeyName, header, payload));
         return {
             token: jwt,
             expiry: (nowSeconds + ttlSeconds) * 1000
@@ -98,16 +94,8 @@ class TokenHelper {
         if (!core.Is.stringValue(token)) {
             throw new core.UnauthorizedError(this._CLASS_NAME, "missing");
         }
-        const decoded = await web.Jwt.verifyWithVerifier(token, async (t) => {
-            const { signingBytes, signature } = web.Jwt.tokenToBytes(t);
-            const verified = await vaultConnector.verify(signingKeyName, signingBytes, signature);
-            if (!verified) {
-                throw new core.UnauthorizedError(this._CLASS_NAME, "invalidSignature");
-            }
-            return web.Jwt.fromSigningBytes(signingBytes);
-        });
-        // If the signature validation failed or some of the header/payload data
-        // is not properly populated then it is unauthorized.
+        const decoded = await web.Jwt.verifyWithVerifier(token, async (t) => vaultModels.VaultConnectorHelper.jwtVerifier(vaultConnector, signingKeyName, t));
+        // If some of the header/payload data is not properly populated then it is unauthorized.
         if (!core.Is.stringValue(decoded.payload.sub)) {
             throw new core.UnauthorizedError(this._CLASS_NAME, "payloadMissingSubject");
         }

package/dist/esm/index.mjs

@@ -1,7 +1,7 @@
 import { property, entity, EntitySchemaFactory, EntitySchemaHelper } from '@twin.org/entity';
 import { HttpErrorHelper } from '@twin.org/api-models';
 import { Is, UnauthorizedError, Guards, BaseError, ComponentFactory, Converter, GeneralError } from '@twin.org/core';
-import { VaultConnectorFactory } from '@twin.org/vault-models';
+import { VaultConnectorHelper, VaultConnectorFactory } from '@twin.org/vault-models';
 import { Jwt, HeaderTypes, HttpStatusCode } from '@twin.org/web';
 import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
 import { Blake2b } from '@twin.org/crypto';
@@ -74,11 +74,7 @@ class TokenHelper {
         const jwt = await Jwt.encodeWithSigner({ alg: "EdDSA" }, {
             sub: subject,
             exp: nowSeconds + ttlSeconds
-        }, async (header, payload) => {
-            const signingBytes = Jwt.toSigningBytes(header, payload);
-            const signatureBytes = await vaultConnector.sign(signingKeyName, signingBytes);
-            return Jwt.tokenFromBytes(signingBytes, signatureBytes);
-        });
+        }, async (header, payload) => VaultConnectorHelper.jwtSigner(vaultConnector, signingKeyName, header, payload));
         return {
             token: jwt,
             expiry: (nowSeconds + ttlSeconds) * 1000
@@ -96,16 +92,8 @@ class TokenHelper {
         if (!Is.stringValue(token)) {
             throw new UnauthorizedError(this._CLASS_NAME, "missing");
         }
-        const decoded = await Jwt.verifyWithVerifier(token, async (t) => {
-            const { signingBytes, signature } = Jwt.tokenToBytes(t);
-            const verified = await vaultConnector.verify(signingKeyName, signingBytes, signature);
-            if (!verified) {
-                throw new UnauthorizedError(this._CLASS_NAME, "invalidSignature");
-            }
-            return Jwt.fromSigningBytes(signingBytes);
-        });
-        // If the signature validation failed or some of the header/payload data
-        // is not properly populated then it is unauthorized.
+        const decoded = await Jwt.verifyWithVerifier(token, async (t) => VaultConnectorHelper.jwtVerifier(vaultConnector, signingKeyName, t));
+        // If some of the header/payload data is not properly populated then it is unauthorized.
         if (!Is.stringValue(decoded.payload.sub)) {
             throw new UnauthorizedError(this._CLASS_NAME, "payloadMissingSubject");
         }

package/dist/types/utils/tokenHelper.d.ts

@@ -1,4 +1,4 @@
-import type { IVaultConnector } from "@twin.org/vault-models";
+import { type IVaultConnector } from "@twin.org/vault-models";
 import { type IHttpHeaders, type IJwtHeader, type IJwtPayload } from "@twin.org/web";
 /**
  * Helper class for token operations.

package/docs/changelog.md

@@ -1,5 +1,5 @@
 # @twin.org/api-auth-entity-storage-service - Changelog
 
-## v0.0.1-next.28
+## v0.0.1-next.29
 
 - Initial Release

package/locales/en.json

@@ -11,7 +11,6 @@
 		},
 		"tokenHelper": {
 			"missing": "The JSON Web token could not be found in the authorization header",
-			"invalidSignature": "The JSON Web token signature could not be validated",
 			"payloadMissingSubject": "The JSON Web token payload does not contain a subject",
 			"expired": "The JSON Web token has expired"
 		}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/api-auth-entity-storage-service",
-	"version": "0.0.1-next.28",
+	"version": "0.0.1-next.29",
 	"description": "Auth Entity Storage contract implementation and REST endpoint definitions",
 	"repository": {
 		"type": "git",
@@ -14,9 +14,9 @@
 		"node": ">=20.0.0"
 	},
 	"dependencies": {
-		"@twin.org/api-auth-entity-storage-models": "0.0.1-next.28",
-		"@twin.org/api-core": "0.0.1-next.28",
-		"@twin.org/api-models": "0.0.1-next.28",
+		"@twin.org/api-auth-entity-storage-models": "0.0.1-next.29",
+		"@twin.org/api-core": "0.0.1-next.29",
+		"@twin.org/api-models": "0.0.1-next.29",
 		"@twin.org/core": "next",
 		"@twin.org/crypto": "next",
 		"@twin.org/entity": "next",