@twin.org/api-auth-entity-storage-service 0.0.1-next.8 → 0.0.1

package/dist/cjs/index.cjs

@@ -71,13 +71,12 @@ class TokenHelper {
      * @returns The new token and its expiry date.
      */
     static async createToken(vaultConnector, signingKeyName, subject, ttlMinutes) {
-        // Verify was a success so we can now generate a new token.
         const nowSeconds = Math.trunc(Date.now() / 1000);
         const ttlSeconds = ttlMinutes * 60;
-        const jwt = await web.Jwt.encodeWithSigner({ alg: web.JwtAlgorithms.EdDSA }, {
+        const jwt = await web.Jwt.encodeWithSigner({ alg: "EdDSA" }, {
             sub: subject,
             exp: nowSeconds + ttlSeconds
-        }, async (alg, key, payload) => vaultConnector.sign(signingKeyName, payload));
+        }, async (header, payload) => vaultModels.VaultConnectorHelper.jwtSigner(vaultConnector, signingKeyName, header, payload));
         return {
             token: jwt,
             expiry: (nowSeconds + ttlSeconds) * 1000
@@ -95,14 +94,10 @@ class TokenHelper {
         if (!core.Is.stringValue(token)) {
             throw new core.UnauthorizedError(this._CLASS_NAME, "missing");
         }
-        const decoded = await web.Jwt.verifyWithVerifier(token, async (alg, key, payload, signature) => vaultConnector.verify(signingKeyName, payload, signature));
-        // If the signature validation failed or some of the header/payload data
-        // is not properly populated then it is unauthorized.
-        if (!decoded.verified ||
-            !core.Is.object(decoded.header) ||
-            !core.Is.object(decoded.payload) ||
-            !core.Is.stringValue(decoded.payload.sub)) {
-            throw new core.UnauthorizedError(this._CLASS_NAME, "invalidToken");
+        const decoded = await web.Jwt.verifyWithVerifier(token, async (t) => vaultModels.VaultConnectorHelper.jwtVerifier(vaultConnector, signingKeyName, t));
+        // If some of the header/payload data is not properly populated then it is unauthorized.
+        if (!core.Is.stringValue(decoded.payload.sub)) {
+            throw new core.UnauthorizedError(this._CLASS_NAME, "payloadMissingSubject");
         }
         else if (!core.Is.empty(decoded.payload?.exp) &&
             decoded.payload.exp < Math.trunc(Date.now() / 1000)) {
@@ -154,6 +149,10 @@ class TokenHelper {
  * Handle a JWT token in the authorization header or cookies and validate it to populate request context identity.
  */
 class AuthHeaderProcessor {
+    /**
+     * The namespace supported by the processor.
+     */
+    static NAMESPACE = "auth-header";
     /**
      * The default name for the access token as a cookie.
      * @internal
@@ -186,8 +185,6 @@ class AuthHeaderProcessor {
     /**
      * Create a new instance of AuthCookiePreProcessor.
      * @param options Options for the processor.
-     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
-     * @param options.config The configuration for the processor.
      */
     constructor(options) {
         this._vaultConnector = vaultModels.VaultConnectorFactory.get(options?.vaultConnectorType ?? "vault");
@@ -244,13 +241,13 @@ class AuthHeaderProcessor {
             if ((responseAuthOperation === "login" || responseAuthOperation === "refresh") &&
                 core.Is.stringValue(response.body?.token)) {
                 response.headers ??= {};
-                response.headers["Set-Cookie"] =
+                response.headers[web.HeaderTypes.SetCookie] =
                     `${this._cookieName}=${response.body.token}; Secure; HttpOnly; SameSite=None; Path=/`;
                 delete response.body.token;
             }
             else if (responseAuthOperation === "logout") {
                 response.headers ??= {};
-                response.headers["Set-Cookie"] =
+                response.headers[web.HeaderTypes.SetCookie] =
                     `${this._cookieName}=; Max-Age=0; Secure; HttpOnly; SameSite=None; Path=/`;
             }
         }
@@ -502,6 +499,10 @@ class PasswordHelper {
  * Implementation of the authentication component using entity storage.
  */
 class EntityStorageAuthenticationService {
+    /**
+     * The namespace supported by the authentication service.
+     */
+    static NAMESPACE = "authentication-entity-storage";
     /**
      * Default TTL in minutes.
      * @internal
@@ -539,9 +540,6 @@ class EntityStorageAuthenticationService {
     /**
      * Create a new instance of EntityStorageAuthentication.
      * @param options The dependencies for the identity connector.
-     * @param options.userEntityStorageType The entity storage for the users, defaults to "authentication-user".
-     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
-     * @param options.config The configuration for the authentication.
      */
     constructor(options) {
         this._userEntityStorage = entityStorageModels.EntityStorageConnectorFactory.get(options?.userEntityStorageType ?? "authentication-user");

package/dist/esm/index.mjs

@@ -1,8 +1,8 @@
 import { property, entity, EntitySchemaFactory, EntitySchemaHelper } from '@twin.org/entity';
 import { HttpErrorHelper } from '@twin.org/api-models';
 import { Is, UnauthorizedError, Guards, BaseError, ComponentFactory, Converter, GeneralError } from '@twin.org/core';
-import { VaultConnectorFactory } from '@twin.org/vault-models';
-import { Jwt, JwtAlgorithms, HeaderTypes, HttpStatusCode } from '@twin.org/web';
+import { VaultConnectorHelper, VaultConnectorFactory } from '@twin.org/vault-models';
+import { Jwt, HeaderTypes, HttpStatusCode } from '@twin.org/web';
 import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
 import { Blake2b } from '@twin.org/crypto';
 
@@ -69,13 +69,12 @@ class TokenHelper {
      * @returns The new token and its expiry date.
      */
     static async createToken(vaultConnector, signingKeyName, subject, ttlMinutes) {
-        // Verify was a success so we can now generate a new token.
         const nowSeconds = Math.trunc(Date.now() / 1000);
         const ttlSeconds = ttlMinutes * 60;
-        const jwt = await Jwt.encodeWithSigner({ alg: JwtAlgorithms.EdDSA }, {
+        const jwt = await Jwt.encodeWithSigner({ alg: "EdDSA" }, {
             sub: subject,
             exp: nowSeconds + ttlSeconds
-        }, async (alg, key, payload) => vaultConnector.sign(signingKeyName, payload));
+        }, async (header, payload) => VaultConnectorHelper.jwtSigner(vaultConnector, signingKeyName, header, payload));
         return {
             token: jwt,
             expiry: (nowSeconds + ttlSeconds) * 1000
@@ -93,14 +92,10 @@ class TokenHelper {
         if (!Is.stringValue(token)) {
             throw new UnauthorizedError(this._CLASS_NAME, "missing");
         }
-        const decoded = await Jwt.verifyWithVerifier(token, async (alg, key, payload, signature) => vaultConnector.verify(signingKeyName, payload, signature));
-        // If the signature validation failed or some of the header/payload data
-        // is not properly populated then it is unauthorized.
-        if (!decoded.verified ||
-            !Is.object(decoded.header) ||
-            !Is.object(decoded.payload) ||
-            !Is.stringValue(decoded.payload.sub)) {
-            throw new UnauthorizedError(this._CLASS_NAME, "invalidToken");
+        const decoded = await Jwt.verifyWithVerifier(token, async (t) => VaultConnectorHelper.jwtVerifier(vaultConnector, signingKeyName, t));
+        // If some of the header/payload data is not properly populated then it is unauthorized.
+        if (!Is.stringValue(decoded.payload.sub)) {
+            throw new UnauthorizedError(this._CLASS_NAME, "payloadMissingSubject");
         }
         else if (!Is.empty(decoded.payload?.exp) &&
             decoded.payload.exp < Math.trunc(Date.now() / 1000)) {
@@ -152,6 +147,10 @@ class TokenHelper {
  * Handle a JWT token in the authorization header or cookies and validate it to populate request context identity.
  */
 class AuthHeaderProcessor {
+    /**
+     * The namespace supported by the processor.
+     */
+    static NAMESPACE = "auth-header";
     /**
      * The default name for the access token as a cookie.
      * @internal
@@ -184,8 +183,6 @@ class AuthHeaderProcessor {
     /**
      * Create a new instance of AuthCookiePreProcessor.
      * @param options Options for the processor.
-     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
-     * @param options.config The configuration for the processor.
      */
     constructor(options) {
         this._vaultConnector = VaultConnectorFactory.get(options?.vaultConnectorType ?? "vault");
@@ -242,13 +239,13 @@ class AuthHeaderProcessor {
             if ((responseAuthOperation === "login" || responseAuthOperation === "refresh") &&
                 Is.stringValue(response.body?.token)) {
                 response.headers ??= {};
-                response.headers["Set-Cookie"] =
+                response.headers[HeaderTypes.SetCookie] =
                     `${this._cookieName}=${response.body.token}; Secure; HttpOnly; SameSite=None; Path=/`;
                 delete response.body.token;
             }
             else if (responseAuthOperation === "logout") {
                 response.headers ??= {};
-                response.headers["Set-Cookie"] =
+                response.headers[HeaderTypes.SetCookie] =
                     `${this._cookieName}=; Max-Age=0; Secure; HttpOnly; SameSite=None; Path=/`;
             }
         }
@@ -500,6 +497,10 @@ class PasswordHelper {
  * Implementation of the authentication component using entity storage.
  */
 class EntityStorageAuthenticationService {
+    /**
+     * The namespace supported by the authentication service.
+     */
+    static NAMESPACE = "authentication-entity-storage";
     /**
      * Default TTL in minutes.
      * @internal
@@ -537,9 +538,6 @@ class EntityStorageAuthenticationService {
     /**
      * Create a new instance of EntityStorageAuthentication.
      * @param options The dependencies for the identity connector.
-     * @param options.userEntityStorageType The entity storage for the users, defaults to "authentication-user".
-     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
-     * @param options.config The configuration for the authentication.
      */
     constructor(options) {
         this._userEntityStorage = EntityStorageConnectorFactory.get(options?.userEntityStorageType ?? "authentication-user");

package/dist/types/index.d.ts

@@ -1,6 +1,8 @@
 export * from "./entities/authenticationUser";
 export * from "./models/IAuthHeaderProcessorConfig";
+export * from "./models/IAuthHeaderProcessorConstructorOptions";
 export * from "./models/IEntityStorageAuthenticationServiceConfig";
+export * from "./models/IEntityStorageAuthenticationServiceConstructorOptions";
 export * from "./processors/authHeaderProcessor";
 export * from "./restEntryPoints";
 export * from "./routes/entityStorageAuthenticationRoutes";

package/dist/types/models/IAuthHeaderProcessorConstructorOptions.d.ts

@@ -0,0 +1,15 @@
+import type { IAuthHeaderProcessorConfig } from "./IAuthHeaderProcessorConfig";
+/**
+ * Options for the AuthHeaderProcessor constructor.
+ */
+export interface IAuthHeaderProcessorConstructorOptions {
+    /**
+     * The vault for the private keys.
+     * @default vault
+     */
+    vaultConnectorType?: string;
+    /**
+     * The configuration for the processor.
+     */
+    config?: IAuthHeaderProcessorConfig;
+}

package/dist/types/models/IEntityStorageAuthenticationServiceConstructorOptions.d.ts

@@ -0,0 +1,20 @@
+import type { IEntityStorageAuthenticationServiceConfig } from "./IEntityStorageAuthenticationServiceConfig";
+/**
+ * Options for the EntityStorageAuthenticationService constructor.
+ */
+export interface IEntityStorageAuthenticationServiceConstructorOptions {
+    /**
+     * The entity storage for the users.
+     * @default authentication-user
+     */
+    userEntityStorageType?: string;
+    /**
+     * The vault for the private keys.
+     * @default vault
+     */
+    vaultConnectorType?: string;
+    /**
+     * The configuration for the authentication.
+     */
+    config?: IEntityStorageAuthenticationServiceConfig;
+}

package/dist/types/processors/authHeaderProcessor.d.ts

@@ -1,9 +1,13 @@
-import { type IHttpRequestIdentity, type IHttpResponse, type IHttpRestRouteProcessor, type IHttpServerRequest, type IRestRoute } from "@twin.org/api-models";
-import type { IAuthHeaderProcessorConfig } from "../models/IAuthHeaderProcessorConfig";
+import { type IBaseRoute, type IBaseRouteProcessor, type IHttpRequestIdentity, type IHttpResponse, type IHttpServerRequest } from "@twin.org/api-models";
+import type { IAuthHeaderProcessorConstructorOptions } from "../models/IAuthHeaderProcessorConstructorOptions";
 /**
  * Handle a JWT token in the authorization header or cookies and validate it to populate request context identity.
  */
-export declare class AuthHeaderProcessor implements IHttpRestRouteProcessor {
+export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
+    /**
+     * The namespace supported by the processor.
+     */
+    static readonly NAMESPACE: string;
     /**
      * Runtime name for the class.
      */
@@ -11,13 +15,8 @@ export declare class AuthHeaderProcessor implements IHttpRestRouteProcessor {
     /**
      * Create a new instance of AuthCookiePreProcessor.
      * @param options Options for the processor.
-     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
-     * @param options.config The configuration for the processor.
      */
-    constructor(options?: {
-        vaultConnectorType?: string;
-        config?: IAuthHeaderProcessorConfig;
-    });
+    constructor(options?: IAuthHeaderProcessorConstructorOptions);
     /**
      * The service needs to be started when the application is initialized.
      * @param nodeIdentity The identity of the node.
@@ -33,7 +32,7 @@ export declare class AuthHeaderProcessor implements IHttpRestRouteProcessor {
      * @param requestIdentity The identity context for the request.
      * @param processorState The state handed through the processors.
      */
-    pre(request: IHttpServerRequest, response: IHttpResponse, route: IRestRoute | undefined, requestIdentity: IHttpRequestIdentity, processorState: {
+    pre(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, requestIdentity: IHttpRequestIdentity, processorState: {
         [id: string]: unknown;
     }): Promise<void>;
     /**
@@ -44,7 +43,7 @@ export declare class AuthHeaderProcessor implements IHttpRestRouteProcessor {
      * @param requestIdentity The identity context for the request.
      * @param processorState The state handed through the processors.
      */
-    post(request: IHttpServerRequest, response: IHttpResponse, route: IRestRoute | undefined, requestIdentity: IHttpRequestIdentity, processorState: {
+    post(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, requestIdentity: IHttpRequestIdentity, processorState: {
         [id: string]: unknown;
     }): Promise<void>;
 }

package/dist/types/services/entityStorageAuthenticationService.d.ts

@@ -1,9 +1,13 @@
 import type { IAuthenticationComponent } from "@twin.org/api-auth-entity-storage-models";
-import type { IEntityStorageAuthenticationServiceConfig } from "../models/IEntityStorageAuthenticationServiceConfig";
+import type { IEntityStorageAuthenticationServiceConstructorOptions } from "../models/IEntityStorageAuthenticationServiceConstructorOptions";
 /**
  * Implementation of the authentication component using entity storage.
  */
 export declare class EntityStorageAuthenticationService implements IAuthenticationComponent {
+    /**
+     * The namespace supported by the authentication service.
+     */
+    static readonly NAMESPACE: string;
     /**
      * Runtime name for the class.
      */
@@ -11,15 +15,8 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
     /**
      * Create a new instance of EntityStorageAuthentication.
      * @param options The dependencies for the identity connector.
-     * @param options.userEntityStorageType The entity storage for the users, defaults to "authentication-user".
-     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
-     * @param options.config The configuration for the authentication.
      */
-    constructor(options?: {
-        userEntityStorageType?: string;
-        vaultConnectorType?: string;
-        config?: IEntityStorageAuthenticationServiceConfig;
-    });
+    constructor(options?: IEntityStorageAuthenticationServiceConstructorOptions);
     /**
      * The service needs to be started when the application is initialized.
      * @param nodeIdentity The identity of the node.

package/dist/types/utils/tokenHelper.d.ts

@@ -1,4 +1,4 @@
-import type { IVaultConnector } from "@twin.org/vault-models";
+import { type IVaultConnector } from "@twin.org/vault-models";
 import { type IHttpHeaders, type IJwtHeader, type IJwtPayload } from "@twin.org/web";
 /**
  * Helper class for token operations.

package/docs/changelog.md

@@ -1,5 +1,101 @@
 # @twin.org/api-auth-entity-storage-service - Changelog
 
-## v0.0.1-next.8
+## 0.0.1 (2025-07-03)
+
+
+### Features
+
+* release to production ([70ee2d5](https://github.com/twinfoundation/api/commit/70ee2d56a1dc9537d7c9c154d4cb78a235678a3a))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from ^0.0.0 to ^0.0.1
+    * @twin.org/api-core bumped from ^0.0.0 to ^0.0.1
+    * @twin.org/api-models bumped from ^0.0.0 to ^0.0.1
+
+## [0.0.1-next.36](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.1-next.35...api-auth-entity-storage-service-v0.0.1-next.36) (2025-06-17)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-service:** Synchronize repo versions
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.1-next.35 to 0.0.1-next.36
+    * @twin.org/api-core bumped from 0.0.1-next.35 to 0.0.1-next.36
+    * @twin.org/api-models bumped from 0.0.1-next.35 to 0.0.1-next.36
+
+## [0.0.1-next.35](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.1-next.34...api-auth-entity-storage-service-v0.0.1-next.35) (2025-06-11)
+
+
+### Features
+
+* update dependencies ([1171dc4](https://github.com/twinfoundation/api/commit/1171dc416a9481737f6a640e3cf30145768f37e9))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.1-next.34 to 0.0.1-next.35
+    * @twin.org/api-core bumped from 0.0.1-next.34 to 0.0.1-next.35
+    * @twin.org/api-models bumped from 0.0.1-next.34 to 0.0.1-next.35
+
+## [0.0.1-next.34](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.1-next.33...api-auth-entity-storage-service-v0.0.1-next.34) (2025-05-27)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-service:** Synchronize repo versions
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.1-next.33 to 0.0.1-next.34
+    * @twin.org/api-core bumped from 0.0.1-next.33 to 0.0.1-next.34
+    * @twin.org/api-models bumped from 0.0.1-next.33 to 0.0.1-next.34
+
+## [0.0.1-next.33](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.1-next.32...api-auth-entity-storage-service-v0.0.1-next.33) (2025-04-17)
+
+
+### Features
+
+* use shared store mechanism ([#19](https://github.com/twinfoundation/api/issues/19)) ([32116df](https://github.com/twinfoundation/api/commit/32116df3b4380a30137f5056f242a5c99afa2df9))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.1-next.32 to 0.0.1-next.33
+    * @twin.org/api-core bumped from 0.0.1-next.32 to 0.0.1-next.33
+    * @twin.org/api-models bumped from 0.0.1-next.32 to 0.0.1-next.33
+
+## [0.0.1-next.32](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.1-next.31...api-auth-entity-storage-service-v0.0.1-next.32) (2025-03-28)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-service:** Synchronize repo versions
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.1-next.31 to 0.0.1-next.32
+    * @twin.org/api-core bumped from 0.0.1-next.31 to 0.0.1-next.32
+    * @twin.org/api-models bumped from 0.0.1-next.31 to 0.0.1-next.32
+
+## v0.0.1-next.31
 
 - Initial Release

package/docs/reference/classes/AuthHeaderProcessor.md

@@ -4,35 +4,37 @@ Handle a JWT token in the authorization header or cookies and validate it to pop
 
 ## Implements
 
-- `IHttpRestRouteProcessor`
+- `IBaseRouteProcessor`
 
 ## Constructors
 
-### new AuthHeaderProcessor()
+### Constructor
 
-> **new AuthHeaderProcessor**(`options`?): [`AuthHeaderProcessor`](AuthHeaderProcessor.md)
+> **new AuthHeaderProcessor**(`options?`): `AuthHeaderProcessor`
 
 Create a new instance of AuthCookiePreProcessor.
 
 #### Parameters
 
-• **options?**
+##### options?
+
+[`IAuthHeaderProcessorConstructorOptions`](../interfaces/IAuthHeaderProcessorConstructorOptions.md)
 
 Options for the processor.
 
-• **options.vaultConnectorType?**: `string`
+#### Returns
 
-The vault for the private keys, defaults to "vault".
+`AuthHeaderProcessor`
 
-• **options.config?**: [`IAuthHeaderProcessorConfig`](../interfaces/IAuthHeaderProcessorConfig.md)
+## Properties
 
-The configuration for the processor.
+### NAMESPACE
 
-#### Returns
+> `readonly` `static` **NAMESPACE**: `string` = `"auth-header"`
 
-[`AuthHeaderProcessor`](AuthHeaderProcessor.md)
+The namespace supported by the processor.
 
-## Properties
+***
 
 ### CLASS\_NAME
 
@@ -42,23 +44,27 @@ Runtime name for the class.
 
 #### Implementation of
 
-`IHttpRestRouteProcessor.CLASS_NAME`
+`IBaseRouteProcessor.CLASS_NAME`
 
 ## Methods
 
 ### start()
 
-> **start**(`nodeIdentity`, `nodeLoggingConnectorType`?): `Promise`\<`void`\>
+> **start**(`nodeIdentity`, `nodeLoggingConnectorType?`): `Promise`\<`void`\>
 
 The service needs to be started when the application is initialized.
 
 #### Parameters
 
-• **nodeIdentity**: `string`
+##### nodeIdentity
+
+`string`
 
 The identity of the node.
 
-• **nodeLoggingConnectorType?**: `string`
+##### nodeLoggingConnectorType?
+
+`string`
 
 The node logging connector type, defaults to "node-logging".
 
@@ -70,7 +76,7 @@ Nothing.
 
 #### Implementation of
 
-`IHttpRestRouteProcessor.start`
+`IBaseRouteProcessor.start`
 
 ***
 
@@ -82,23 +88,31 @@ Pre process the REST request for the specified route.
 
 #### Parameters
 
-• **request**: `IHttpServerRequest`\<`any`\>
+##### request
+
+`IHttpServerRequest`
 
 The incoming request.
 
-• **response**: `IHttpResponse`\<`any`\>
+##### response
+
+`IHttpResponse`
 
 The outgoing response.
 
-• **route**: `undefined` \| `IRestRoute`\<`any`, `any`\>
+##### route
 
 The route to process.
 
-• **requestIdentity**: `IHttpRequestIdentity`
+`undefined` | `IBaseRoute`
+
+##### requestIdentity
+
+`IHttpRequestIdentity`
 
 The identity context for the request.
 
-• **processorState**
+##### processorState
 
 The state handed through the processors.
 
@@ -108,7 +122,7 @@ The state handed through the processors.
 
 #### Implementation of
 
-`IHttpRestRouteProcessor.pre`
+`IBaseRouteProcessor.pre`
 
 ***
 
@@ -120,23 +134,31 @@ Post process the REST request for the specified route.
 
 #### Parameters
 
-• **request**: `IHttpServerRequest`\<`any`\>
+##### request
+
+`IHttpServerRequest`
 
 The incoming request.
 
-• **response**: `IHttpResponse`\<`any`\>
+##### response
+
+`IHttpResponse`
 
 The outgoing response.
 
-• **route**: `undefined` \| `IRestRoute`\<`any`, `any`\>
+##### route
 
 The route to process.
 
-• **requestIdentity**: `IHttpRequestIdentity`
+`undefined` | `IBaseRoute`
+
+##### requestIdentity
+
+`IHttpRequestIdentity`
 
 The identity context for the request.
 
-• **processorState**
+##### processorState
 
 The state handed through the processors.
 
@@ -146,4 +168,4 @@ The state handed through the processors.
 
 #### Implementation of
 
-`IHttpRestRouteProcessor.post`
+`IBaseRouteProcessor.post`

package/docs/reference/classes/AuthenticationUser.md

@@ -4,13 +4,13 @@ Class defining the storage for user login credentials.
 
 ## Constructors
 
-### new AuthenticationUser()
+### Constructor
 
-> **new AuthenticationUser**(): [`AuthenticationUser`](AuthenticationUser.md)
+> **new AuthenticationUser**(): `AuthenticationUser`
 
 #### Returns
 
-[`AuthenticationUser`](AuthenticationUser.md)
+`AuthenticationUser`
 
 ## Properties
 

package/docs/reference/classes/EntityStorageAuthenticationService.md

@@ -8,35 +8,33 @@ Implementation of the authentication component using entity storage.
 
 ## Constructors
 
-### new EntityStorageAuthenticationService()
+### Constructor
 
-> **new EntityStorageAuthenticationService**(`options`?): [`EntityStorageAuthenticationService`](EntityStorageAuthenticationService.md)
+> **new EntityStorageAuthenticationService**(`options?`): `EntityStorageAuthenticationService`
 
 Create a new instance of EntityStorageAuthentication.
 
 #### Parameters
 
-• **options?**
+##### options?
 
-The dependencies for the identity connector.
-
-• **options.userEntityStorageType?**: `string`
+[`IEntityStorageAuthenticationServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md)
 
-The entity storage for the users, defaults to "authentication-user".
+The dependencies for the identity connector.
 
-• **options.vaultConnectorType?**: `string`
+#### Returns
 
-The vault for the private keys, defaults to "vault".
+`EntityStorageAuthenticationService`
 
-• **options.config?**: [`IEntityStorageAuthenticationServiceConfig`](../interfaces/IEntityStorageAuthenticationServiceConfig.md)
+## Properties
 
-The configuration for the authentication.
+### NAMESPACE
 
-#### Returns
+> `readonly` `static` **NAMESPACE**: `string` = `"authentication-entity-storage"`
 
-[`EntityStorageAuthenticationService`](EntityStorageAuthenticationService.md)
+The namespace supported by the authentication service.
 
-## Properties
+***
 
 ### CLASS\_NAME
 
@@ -52,17 +50,21 @@ Runtime name for the class.
 
 ### start()
 
-> **start**(`nodeIdentity`, `nodeLoggingConnectorType`?): `Promise`\<`void`\>
+> **start**(`nodeIdentity`, `nodeLoggingConnectorType?`): `Promise`\<`void`\>
 
 The service needs to be started when the application is initialized.
 
 #### Parameters
 
-• **nodeIdentity**: `string`
+##### nodeIdentity
+
+`string`
 
 The identity of the node.
 
-• **nodeLoggingConnectorType?**: `string`
+##### nodeLoggingConnectorType?
+
+`string`
 
 The node logging connector type, defaults to "node-logging".
 
@@ -80,34 +82,30 @@ Nothing.
 
 ### login()
 
-> **login**(`email`, `password`): `Promise`\<`object`\>
+> **login**(`email`, `password`): `Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
 
 Perform a login for the user.
 
 #### Parameters
 
-• **email**: `string`
+##### email
+
+`string`
 
 The email address for the user.
 
-• **password**: `string`
+##### password
+
+`string`
 
 The password for the user.
 
 #### Returns
 
-`Promise`\<`object`\>
+`Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
 
 The authentication token for the user, if it uses a mechanism with public access.
 
-##### token?
-
-> `optional` **token**: `string`
-
-##### expiry
-
-> **expiry**: `number`
-
 #### Implementation of
 
 `IAuthenticationComponent.login`
@@ -116,13 +114,15 @@ The authentication token for the user, if it uses a mechanism with public access
 
 ### logout()
 
-> **logout**(`token`?): `Promise`\<`void`\>
+> **logout**(`token?`): `Promise`\<`void`\>
 
 Logout the current user.
 
 #### Parameters
 
-• **token?**: `string`
+##### token?
+
+`string`
 
 The token to logout, if it uses a mechanism with public access.
 
@@ -140,30 +140,24 @@ Nothing.
 
 ### refresh()
 
-> **refresh**(`token`?): `Promise`\<`object`\>
+> **refresh**(`token?`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
 
 Refresh the token.
 
 #### Parameters
 
-• **token?**: `string`
+##### token?
+
+`string`
 
 The token to refresh, if it uses a mechanism with public access.
 
 #### Returns
 
-`Promise`\<`object`\>
+`Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
 
 The refreshed token, if it uses a mechanism with public access.
 
-##### token
-
-> **token**: `string`
-
-##### expiry
-
-> **expiry**: `number`
-
 #### Implementation of
 
 `IAuthenticationComponent.refresh`

package/docs/reference/classes/PasswordHelper.md

@@ -4,13 +4,13 @@ Helper class for password operations.
 
 ## Constructors
 
-### new PasswordHelper()
+### Constructor
 
-> **new PasswordHelper**(): [`PasswordHelper`](PasswordHelper.md)
+> **new PasswordHelper**(): `PasswordHelper`
 
 #### Returns
 
-[`PasswordHelper`](PasswordHelper.md)
+`PasswordHelper`
 
 ## Methods
 
@@ -22,11 +22,15 @@ Hash the password for the user.
 
 #### Parameters
 
-• **passwordBytes**: `Uint8Array`
+##### passwordBytes
+
+`Uint8Array`
 
 The password bytes.
 
-• **saltBytes**: `Uint8Array`
+##### saltBytes
+
+`Uint8Array`
 
 The salt bytes.
 

package/docs/reference/classes/TokenHelper.md

@@ -4,90 +4,88 @@ Helper class for token operations.
 
 ## Constructors
 
-### new TokenHelper()
+### Constructor
 
-> **new TokenHelper**(): [`TokenHelper`](TokenHelper.md)
+> **new TokenHelper**(): `TokenHelper`
 
 #### Returns
 
-[`TokenHelper`](TokenHelper.md)
+`TokenHelper`
 
 ## Methods
 
 ### createToken()
 
-> `static` **createToken**(`vaultConnector`, `signingKeyName`, `subject`, `ttlMinutes`): `Promise`\<`object`\>
+> `static` **createToken**(`vaultConnector`, `signingKeyName`, `subject`, `ttlMinutes`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
 
 Create a new token.
 
 #### Parameters
 
-• **vaultConnector**: `IVaultConnector`
+##### vaultConnector
+
+`IVaultConnector`
 
 The vault connector.
 
-• **signingKeyName**: `string`
+##### signingKeyName
+
+`string`
 
 The signing key name.
 
-• **subject**: `string`
+##### subject
+
+`string`
 
 The subject for the token.
 
-• **ttlMinutes**: `number`
+##### ttlMinutes
+
+`number`
 
 The time to live for the token in minutes.
 
 #### Returns
 
-`Promise`\<`object`\>
+`Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
 
 The new token and its expiry date.
 
-##### token
-
-> **token**: `string`
-
-##### expiry
-
-> **expiry**: `number`
-
 ***
 
 ### verify()
 
-> `static` **verify**(`vaultConnector`, `signingKeyName`, `token`): `Promise`\<`object`\>
+> `static` **verify**(`vaultConnector`, `signingKeyName`, `token`): `Promise`\<\{ `header`: `IJwtHeader`; `payload`: `IJwtPayload`; \}\>
 
 Verify the token.
 
 #### Parameters
 
-• **vaultConnector**: `IVaultConnector`
+##### vaultConnector
+
+`IVaultConnector`
 
 The vault connector.
 
-• **signingKeyName**: `string`
+##### signingKeyName
+
+`string`
 
 The signing key name.
 
-• **token**: `undefined` \| `string`
+##### token
 
 The token to verify.
 
+`undefined` | `string`
+
 #### Returns
 
-`Promise`\<`object`\>
+`Promise`\<\{ `header`: `IJwtHeader`; `payload`: `IJwtPayload`; \}\>
 
 The verified details.
 
-##### header
-
-> **header**: `IJwtHeader`
-
-##### payload
-
-> **payload**: `IJwtPayload`
-
 #### Throws
 
 UnauthorizedError if the token is missing, invalid or expired.
@@ -96,22 +94,26 @@ UnauthorizedError if the token is missing, invalid or expired.
 
 ### extractTokenFromHeaders()
 
-> `static` **extractTokenFromHeaders**(`headers`?, `cookieName`?): `undefined` \| `object`
+> `static` **extractTokenFromHeaders**(`headers?`, `cookieName?`): `undefined` \| \{ `token`: `string`; `location`: `"authorization"` \| `"cookie"`; \}
 
 Extract the auth token from the headers, either from the authorization header or the cookie header.
 
 #### Parameters
 
-• **headers?**: `IHttpHeaders`
+##### headers?
+
+`IHttpHeaders`
 
 The headers to extract the token from.
 
-• **cookieName?**: `string`
+##### cookieName?
+
+`string`
 
 The name of the cookie to extract the token from.
 
 #### Returns
 
-`undefined` \| `object`
+`undefined` \| \{ `token`: `string`; `location`: `"authorization"` \| `"cookie"`; \}
 
 The token if found.

package/docs/reference/functions/authenticationLogin.md

@@ -6,15 +6,21 @@ Login to the server.
 
 ## Parameters
 
-• **httpRequestContext**: `IHttpRequestContext`
+### httpRequestContext
+
+`IHttpRequestContext`
 
 The request context for the API.
 
-• **componentName**: `string`
+### componentName
+
+`string`
 
 The name of the component to use in the routes.
 
-• **request**: `ILoginRequest`
+### request
+
+`ILoginRequest`
 
 The request.
 

package/docs/reference/functions/authenticationLogout.md

@@ -6,15 +6,21 @@ Logout from the server.
 
 ## Parameters
 
-• **httpRequestContext**: `IHttpRequestContext`
+### httpRequestContext
+
+`IHttpRequestContext`
 
 The request context for the API.
 
-• **componentName**: `string`
+### componentName
+
+`string`
 
 The name of the component to use in the routes.
 
-• **request**: `ILogoutRequest`
+### request
+
+`ILogoutRequest`
 
 The request.
 

package/docs/reference/functions/authenticationRefreshToken.md

@@ -6,15 +6,21 @@ Refresh the login token.
 
 ## Parameters
 
-• **httpRequestContext**: `IHttpRequestContext`
+### httpRequestContext
+
+`IHttpRequestContext`
 
 The request context for the API.
 
-• **componentName**: `string`
+### componentName
+
+`string`
 
 The name of the component to use in the routes.
 
-• **request**: `IRefreshTokenRequest`
+### request
+
+`IRefreshTokenRequest`
 
 The request.
 

package/docs/reference/functions/generateRestRoutesAuthentication.md

@@ -1,21 +1,25 @@
 # Function: generateRestRoutesAuthentication()
 
-> **generateRestRoutesAuthentication**(`baseRouteName`, `componentName`): `IRestRoute`[]
+> **generateRestRoutesAuthentication**(`baseRouteName`, `componentName`): `IRestRoute`\<`any`, `any`\>[]
 
 The REST routes for authentication.
 
 ## Parameters
 
-• **baseRouteName**: `string`
+### baseRouteName
+
+`string`
 
 Prefix to prepend to the paths.
 
-• **componentName**: `string`
+### componentName
+
+`string`
 
 The name of the component to use in the routes stored in the ComponentFactory.
 
 ## Returns
 
-`IRestRoute`[]
+`IRestRoute`\<`any`, `any`\>[]
 
 The generated routes.

package/docs/reference/index.md

@@ -11,7 +11,9 @@
 ## Interfaces
 
 - [IAuthHeaderProcessorConfig](interfaces/IAuthHeaderProcessorConfig.md)
+- [IAuthHeaderProcessorConstructorOptions](interfaces/IAuthHeaderProcessorConstructorOptions.md)
 - [IEntityStorageAuthenticationServiceConfig](interfaces/IEntityStorageAuthenticationServiceConfig.md)
+- [IEntityStorageAuthenticationServiceConstructorOptions](interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md)
 
 ## Variables
 

package/docs/reference/interfaces/IAuthHeaderProcessorConstructorOptions.md

@@ -0,0 +1,25 @@
+# Interface: IAuthHeaderProcessorConstructorOptions
+
+Options for the AuthHeaderProcessor constructor.
+
+## Properties
+
+### vaultConnectorType?
+
+> `optional` **vaultConnectorType**: `string`
+
+The vault for the private keys.
+
+#### Default
+
+```ts
+vault
+```
+
+***
+
+### config?
+
+> `optional` **config**: [`IAuthHeaderProcessorConfig`](IAuthHeaderProcessorConfig.md)
+
+The configuration for the processor.

package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md

@@ -0,0 +1,39 @@
+# Interface: IEntityStorageAuthenticationServiceConstructorOptions
+
+Options for the EntityStorageAuthenticationService constructor.
+
+## Properties
+
+### userEntityStorageType?
+
+> `optional` **userEntityStorageType**: `string`
+
+The entity storage for the users.
+
+#### Default
+
+```ts
+authentication-user
+```
+
+***
+
+### vaultConnectorType?
+
+> `optional` **vaultConnectorType**: `string`
+
+The vault for the private keys.
+
+#### Default
+
+```ts
+vault
+```
+
+***
+
+### config?
+
+> `optional` **config**: [`IEntityStorageAuthenticationServiceConfig`](IEntityStorageAuthenticationServiceConfig.md)
+
+The configuration for the authentication.

package/locales/en.json

@@ -11,7 +11,7 @@
 		},
 		"tokenHelper": {
 			"missing": "The JSON Web token could not be found in the authorization header",
-			"invalid": "The JSON Web token signature could not be validated",
+			"payloadMissingSubject": "The JSON Web token payload does not contain a subject",
 			"expired": "The JSON Web token has expired"
 		}
 	}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/api-auth-entity-storage-service",
-	"version": "0.0.1-next.8",
+	"version": "0.0.1",
 	"description": "Auth Entity Storage contract implementation and REST endpoint definitions",
 	"repository": {
 		"type": "git",
@@ -14,26 +14,26 @@
 		"node": ">=20.0.0"
 	},
 	"dependencies": {
-		"@twin.org/api-auth-entity-storage-models": "0.0.1-next.8",
-		"@twin.org/api-core": "0.0.1-next.8",
-		"@twin.org/api-models": "0.0.1-next.8",
-		"@twin.org/core": "next",
-		"@twin.org/crypto": "next",
-		"@twin.org/entity": "next",
-		"@twin.org/entity-storage-models": "next",
-		"@twin.org/logging-models": "next",
-		"@twin.org/nameof": "next",
-		"@twin.org/vault-models": "next",
-		"@twin.org/web": "next"
+		"@twin.org/api-auth-entity-storage-models": "^0.0.1",
+		"@twin.org/api-core": "^0.0.1",
+		"@twin.org/api-models": "^0.0.1",
+		"@twin.org/core": "^0.0.1",
+		"@twin.org/crypto": "^0.0.1",
+		"@twin.org/entity": "^0.0.1",
+		"@twin.org/entity-storage-models": "^0.0.1-next.2",
+		"@twin.org/logging-models": "^0.0.1-next.2",
+		"@twin.org/nameof": "^0.0.1",
+		"@twin.org/vault-models": "^0.0.1-next.2",
+		"@twin.org/web": "^0.0.1"
 	},
 	"main": "./dist/cjs/index.cjs",
 	"module": "./dist/esm/index.mjs",
 	"types": "./dist/types/index.d.ts",
 	"exports": {
 		".": {
+			"types": "./dist/types/index.d.ts",
 			"require": "./dist/cjs/index.cjs",
-			"import": "./dist/esm/index.mjs",
-			"types": "./dist/types/index.d.ts"
+			"import": "./dist/esm/index.mjs"
 		}
 	},
 	"files": [