npm - @twin.org/api-auth-entity-storage-service - Versions diffs - 0.0.3-next.17 → 0.0.3-next.19 - Mend

@twin.org/api-auth-entity-storage-service 0.0.3-next.17 → 0.0.3-next.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/dist/types/routes/entityStorageAuthenticationAdminRoutes.d.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import type { IAdminUserCreateRequest, IAdminUserGetByIdentityRequest, IAdminUserGetRequest, IAdminUserGetResponse, IAdminUserRemoveRequest, IAdminUserUpdatePasswordRequest, IAdminUserUpdateRequest } from "@twin.org/api-auth-entity-storage-models";
+import type { ICreatedResponse, IHttpRequestContext, INoContentResponse, IRestRoute, ITag } from "@twin.org/api-models";
+/**
+ * The tag to associate with the routes.
+ */
+export declare const tagsAuthenticationAdmin: ITag[];
+/**
+ * The REST routes for authentication admin.
+ * @param baseRouteName Prefix to prepend to the paths.
+ * @param componentName The name of the component to use in the routes stored in the ComponentFactory.
+ * @returns The generated routes.
+ */
+export declare function generateRestRoutesAuthenticationAdmin(baseRouteName: string, componentName: string): IRestRoute[];
+/**
+ * Create a new user.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationAdminCreateUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserCreateRequest): Promise<ICreatedResponse>;
+/**
+ * Update an existing user.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationAdminUpdateUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserUpdateRequest): Promise<INoContentResponse>;
+/**
+ * Update an existing user password.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationAdminUpdateUserPassword(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserUpdatePasswordRequest): Promise<INoContentResponse>;
+/**
+ * Get an existing user.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationAdminGetUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserGetRequest): Promise<IAdminUserGetResponse>;
+/**
+ * Get an existing user by identity.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationAdminGetUserByIdentity(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserGetByIdentityRequest): Promise<IAdminUserGetResponse>;
+/**
+ * Remove an existing user.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationAdminRemoveUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserRemoveRequest): Promise<INoContentResponse>;

package/dist/types/services/entityStorageAuthenticationAdminService.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { IAuthenticationAdminComponent } from "@twin.org/api-auth-entity-storage-models";
+import type { IAuthenticationAdminComponent, IAuthenticationUser } from "@twin.org/api-auth-entity-storage-models";
 import type { IEntityStorageAuthenticationAdminServiceConstructorOptions } from "../models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js";
 /**
  * Implementation of the authentication component using entity storage.
@@ -20,13 +20,28 @@ export declare class EntityStorageAuthenticationAdminService implements IAuthent
     className(): string;
     /**
      * Create a login for the user.
-     * @param email The email address for the user.
-     * @param password The password for the user.
-     * @param userIdentity The DID to associate with the account.
-     * @param organizationIdentity The organization of the user.
+     * @param user The user to create.
      * @returns Nothing.
      */
-    create(email: string, password: string, userIdentity: string, organizationIdentity: string): Promise<void>;
+    create(user: Omit<IAuthenticationUser, "salt">): Promise<void>;
+    /**
+     * Update a login for the user.
+     * @param user The user to update.
+     * @returns Nothing.
+     */
+    update(user: Partial<Omit<IAuthenticationUser, "password" | "salt">>): Promise<void>;
+    /**
+     * Get a user by email.
+     * @param email The email address of the user to get.
+     * @returns The user details.
+     */
+    get(email: string): Promise<Omit<IAuthenticationUser, "password" | "salt">>;
+    /**
+     * Get a user by identity.
+     * @param identity The identity of the user to get.
+     * @returns The user details.
+     */
+    getByIdentity(identity: string): Promise<Omit<IAuthenticationUser, "password" | "salt">>;
     /**
      * Remove the current user.
      * @param email The email address of the user to remove.

package/dist/types/services/entityStorageAuthenticationService.d.ts CHANGED Viewed

@@ -51,10 +51,9 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
     }>;
     /**
      * Update the user's password.
-     * @param email The email address of the user to update.
      * @param currentPassword The current password for the user.
      * @param newPassword The new password for the user.
      * @returns Nothing.
      */
-    updatePassword(email: string, currentPassword: string, newPassword: string): Promise<void>;
+    updatePassword(currentPassword: string, newPassword: string): Promise<void>;
 }

package/dist/types/utils/tokenHelper.d.ts CHANGED Viewed

@@ -16,9 +16,10 @@ export declare class TokenHelper {
      * @param organizationIdentity The organization for the token.
      * @param tenantId The tenant id for the token.
      * @param ttlMinutes The time to live for the token in minutes.
+     * @param scope The scopes for the token.
      * @returns The new token and its expiry date.
      */
-    static createToken(vaultConnector: IVaultConnector, signingKeyName: string, userIdentity: string, organizationIdentity: string | undefined, tenantId: string | undefined, ttlMinutes: number): Promise<{
+    static createToken(vaultConnector: IVaultConnector, signingKeyName: string, userIdentity: string, organizationIdentity: string | undefined, tenantId: string | undefined, ttlMinutes: number, scope?: string): Promise<{
         token: string;
         expiry: number;
     }>;
@@ -27,10 +28,11 @@ export declare class TokenHelper {
      * @param vaultConnector The vault connector.
      * @param signingKeyName The signing key name.
      * @param token The token to verify.
+     * @param requiredScopes The required scopes.
      * @returns The verified details.
      * @throws UnauthorizedError if the token is missing, invalid or expired.
      */
-    static verify(vaultConnector: IVaultConnector, signingKeyName: string, token: string | undefined): Promise<{
+    static verify(vaultConnector: IVaultConnector, signingKeyName: string, token: string | undefined, requiredScopes?: string[]): Promise<{
         header: IJwtHeader;
         payload: IJwtPayload;
     }>;

package/docs/changelog.md CHANGED Viewed

@@ -1,5 +1,37 @@
 # @twin.org/api-auth-entity-storage-service - Changelog
+## [0.0.3-next.19](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.3-next.18...api-auth-entity-storage-service-v0.0.3-next.19) (2026-02-06)
+### Features
+* user admin service ([#77](https://github.com/twinfoundation/api/issues/77)) ([c8491df](https://github.com/twinfoundation/api/commit/c8491df7b07c1f45560c8a78c6adc806d0ececbb))
+### Dependencies
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.3-next.18 to 0.0.3-next.19
+    * @twin.org/api-core bumped from 0.0.3-next.18 to 0.0.3-next.19
+    * @twin.org/api-models bumped from 0.0.3-next.18 to 0.0.3-next.19
+## [0.0.3-next.18](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.3-next.17...api-auth-entity-storage-service-v0.0.3-next.18) (2026-02-04)
+### Features
+* tenant api and scopes ([#75](https://github.com/twinfoundation/api/issues/75)) ([c663141](https://github.com/twinfoundation/api/commit/c663141091e8974d769f8f9904ecdab009ebd083))
+### Dependencies
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.3-next.17 to 0.0.3-next.18
+    * @twin.org/api-core bumped from 0.0.3-next.17 to 0.0.3-next.18
+    * @twin.org/api-models bumped from 0.0.3-next.17 to 0.0.3-next.18
 ## [0.0.3-next.17](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.3-next.16...api-auth-entity-storage-service-v0.0.3-next.17) (2026-01-26)

package/docs/reference/classes/AuthenticationUser.md CHANGED Viewed

@@ -51,3 +51,11 @@ The user identity.
 > **organization**: `string`
 The users organization.
+***
+### scope
+> **scope**: `string`
+The scope assigned to the user, comma separated.

package/docs/reference/classes/EntityStorageAuthenticationAdminService.md CHANGED Viewed

@@ -56,45 +56,105 @@ The class name of the component.
 ### create()
-> **create**(`email`, `password`, `userIdentity`, `organizationIdentity`): `Promise`\<`void`\>
+> **create**(`user`): `Promise`\<`void`\>
 Create a login for the user.
 #### Parameters
+##### user
+`Omit`\<`IAuthenticationUser`, `"salt"`\>
+The user to create.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationAdminComponent.create`
+***
+### update()
+> **update**(`user`): `Promise`\<`void`\>
+Update a login for the user.
+#### Parameters
+##### user
+`Partial`\<`Omit`\<`IAuthenticationUser`, `"password"` \| `"salt"`\>\>
+The user to update.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationAdminComponent.update`
+***
+### get()
+> **get**(`email`): `Promise`\<`Omit`\<`IAuthenticationUser`, `"salt"` \| `"password"`\>\>
+Get a user by email.
+#### Parameters
 ##### email
 `string`
-The email address for the user.
+The email address of the user to get.
-##### password
+#### Returns
-`string`
+`Promise`\<`Omit`\<`IAuthenticationUser`, `"salt"` \| `"password"`\>\>
-The password for the user.
+The user details.
-##### userIdentity
+#### Implementation of
-`string`
+`IAuthenticationAdminComponent.get`
+***
+### getByIdentity()
-The DID to associate with the account.
+> **getByIdentity**(`identity`): `Promise`\<`Omit`\<`IAuthenticationUser`, `"salt"` \| `"password"`\>\>
-##### organizationIdentity
+Get a user by identity.
+#### Parameters
+##### identity
 `string`
-The organization of the user.
+The identity of the user to get.
 #### Returns
-`Promise`\<`void`\>
+`Promise`\<`Omit`\<`IAuthenticationUser`, `"salt"` \| `"password"`\>\>
-Nothing.
+The user details.
 #### Implementation of
-`IAuthenticationAdminComponent.create`
+`IAuthenticationAdminComponent.getByIdentity`
 ***

package/docs/reference/classes/EntityStorageAuthenticationService.md CHANGED Viewed

@@ -166,18 +166,12 @@ The refreshed token, if it uses a mechanism with public access.
 ### updatePassword()
-> **updatePassword**(`email`, `currentPassword`, `newPassword`): `Promise`\<`void`\>
+> **updatePassword**(`currentPassword`, `newPassword`): `Promise`\<`void`\>
 Update the user's password.
 #### Parameters
-##### email
-`string`
-The email address of the user to update.
 ##### currentPassword
 `string`

package/docs/reference/classes/TokenHelper.md CHANGED Viewed

@@ -24,7 +24,7 @@ Runtime name for the class.
 ### createToken()
-> `static` **createToken**(`vaultConnector`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `tenantId`, `ttlMinutes`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
+> `static` **createToken**(`vaultConnector`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `tenantId`, `ttlMinutes`, `scope?`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
 Create a new token.
@@ -66,6 +66,12 @@ The tenant id for the token.
 The time to live for the token in minutes.
+##### scope?
+`string`
+The scopes for the token.
 #### Returns
 `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
@@ -76,7 +82,7 @@ The new token and its expiry date.
 ### verify()
-> `static` **verify**(`vaultConnector`, `signingKeyName`, `token`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
+> `static` **verify**(`vaultConnector`, `signingKeyName`, `token`, `requiredScopes?`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
 Verify the token.
@@ -100,6 +106,12 @@ The token to verify.
 `string` | `undefined`
+##### requiredScopes?
+`string`[]
+The required scopes.
 #### Returns
 `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>

package/docs/reference/functions/authenticationAdminCreateUser.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Function: authenticationAdminCreateUser()
+> **authenticationAdminCreateUser**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`ICreatedResponse`\>
+Create a new user.
+## Parameters
+### httpRequestContext
+`IHttpRequestContext`
+The request context for the API.
+### componentName
+`string`
+The name of the component to use in the routes.
+### request
+`IAdminUserCreateRequest`
+The request.
+## Returns
+`Promise`\<`ICreatedResponse`\>
+The response object with additional http response properties.

package/docs/reference/functions/authenticationAdminGetUser.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Function: authenticationAdminGetUser()
+> **authenticationAdminGetUser**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`IAdminUserGetResponse`\>
+Get an existing user.
+## Parameters
+### httpRequestContext
+`IHttpRequestContext`
+The request context for the API.
+### componentName
+`string`
+The name of the component to use in the routes.
+### request
+`IAdminUserGetRequest`
+The request.
+## Returns
+`Promise`\<`IAdminUserGetResponse`\>
+The response object with additional http response properties.

package/docs/reference/functions/authenticationAdminGetUserByIdentity.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Function: authenticationAdminGetUserByIdentity()
+> **authenticationAdminGetUserByIdentity**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`IAdminUserGetResponse`\>
+Get an existing user by identity.
+## Parameters
+### httpRequestContext
+`IHttpRequestContext`
+The request context for the API.
+### componentName
+`string`
+The name of the component to use in the routes.
+### request
+`IAdminUserGetByIdentityRequest`
+The request.
+## Returns
+`Promise`\<`IAdminUserGetResponse`\>
+The response object with additional http response properties.

package/docs/reference/functions/authenticationAdminRemoveUser.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Function: authenticationAdminRemoveUser()
+> **authenticationAdminRemoveUser**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`INoContentResponse`\>
+Remove an existing user.
+## Parameters
+### httpRequestContext
+`IHttpRequestContext`
+The request context for the API.
+### componentName
+`string`
+The name of the component to use in the routes.
+### request
+`IAdminUserRemoveRequest`
+The request.
+## Returns
+`Promise`\<`INoContentResponse`\>
+The response object with additional http response properties.

package/docs/reference/functions/authenticationAdminUpdateUser.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Function: authenticationAdminUpdateUser()
+> **authenticationAdminUpdateUser**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`INoContentResponse`\>
+Update an existing user.
+## Parameters
+### httpRequestContext
+`IHttpRequestContext`
+The request context for the API.
+### componentName
+`string`
+The name of the component to use in the routes.
+### request
+`IAdminUserUpdateRequest`
+The request.
+## Returns
+`Promise`\<`INoContentResponse`\>
+The response object with additional http response properties.

package/docs/reference/functions/authenticationAdminUpdateUserPassword.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Function: authenticationAdminUpdateUserPassword()
+> **authenticationAdminUpdateUserPassword**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`INoContentResponse`\>
+Update an existing user password.
+## Parameters
+### httpRequestContext
+`IHttpRequestContext`
+The request context for the API.
+### componentName
+`string`
+The name of the component to use in the routes.
+### request
+`IAdminUserUpdatePasswordRequest`
+The request.
+## Returns
+`Promise`\<`INoContentResponse`\>
+The response object with additional http response properties.

package/docs/reference/functions/generateRestRoutesAuthenticationAdmin.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Function: generateRestRoutesAuthenticationAdmin()
+> **generateRestRoutesAuthenticationAdmin**(`baseRouteName`, `componentName`): `IRestRoute`\<`any`, `any`\>[]
+The REST routes for authentication admin.
+## Parameters
+### baseRouteName
+`string`
+Prefix to prepend to the paths.
+### componentName
+`string`
+The name of the component to use in the routes stored in the ComponentFactory.
+## Returns
+`IRestRoute`\<`any`, `any`\>[]
+The generated routes.

package/docs/reference/index.md CHANGED Viewed

@@ -6,7 +6,6 @@
 - [AuthHeaderProcessor](classes/AuthHeaderProcessor.md)
 - [EntityStorageAuthenticationAdminService](classes/EntityStorageAuthenticationAdminService.md)
 - [EntityStorageAuthenticationService](classes/EntityStorageAuthenticationService.md)
-- [PasswordHelper](classes/PasswordHelper.md)
 - [TokenHelper](classes/TokenHelper.md)
 ## Interfaces
@@ -21,10 +20,18 @@
 ## Variables
 - [restEntryPoints](variables/restEntryPoints.md)
+- [tagsAuthenticationAdmin](variables/tagsAuthenticationAdmin.md)
 - [tagsAuthentication](variables/tagsAuthentication.md)
 ## Functions
+- [generateRestRoutesAuthenticationAdmin](functions/generateRestRoutesAuthenticationAdmin.md)
+- [authenticationAdminCreateUser](functions/authenticationAdminCreateUser.md)
+- [authenticationAdminUpdateUser](functions/authenticationAdminUpdateUser.md)
+- [authenticationAdminUpdateUserPassword](functions/authenticationAdminUpdateUserPassword.md)
+- [authenticationAdminGetUser](functions/authenticationAdminGetUser.md)
+- [authenticationAdminGetUserByIdentity](functions/authenticationAdminGetUserByIdentity.md)
+- [authenticationAdminRemoveUser](functions/authenticationAdminRemoveUser.md)
 - [generateRestRoutesAuthentication](functions/generateRestRoutesAuthentication.md)
 - [authenticationLogin](functions/authenticationLogin.md)
 - [authenticationLogout](functions/authenticationLogout.md)

package/docs/reference/variables/tagsAuthenticationAdmin.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Variable: tagsAuthenticationAdmin
+> `const` **tagsAuthenticationAdmin**: `ITag`[]
+The tag to associate with the routes.

package/locales/en.json CHANGED Viewed

@@ -8,9 +8,10 @@
 		"entityStorageAuthenticationAdminService": {
 			"userExists": "The user with the specified e-mail already exists",
 			"createUserFailed": "Creating the user failed",
+			"getUserFailed": "Getting the user failed",
+			"updateUserFailed": "Updating the user failed",
 			"removeUserFailed": "Removing the user failed",
 			"updatePasswordFailed": "Updating the user's password failed",
-			"passwordTooShort": "The password is too short, it must be at least {minLength} characters long",
 			"userNotFound": "The user with the specified e-mail could not be found \"{notFoundId}\"",
 			"currentPasswordMismatch": "The current password is incorrect"
 		},
@@ -18,7 +19,8 @@
 			"missing": "The JSON Web token could not be found in the authorization header",
 			"payloadMissingSubject": "The JSON Web token payload does not contain a subject",
 			"payloadMissingOrganization": "The JSON Web token payload does not contain an organization",
-			"expired": "The JSON Web token has expired"
+			"expired": "The JSON Web token has expired",
+			"insufficientScopes": "The JSON Web token does not have the required scopes to access this resource"
 		},
 		"authHeaderProcessor": {
 			"tenantIdMismatch": "The tenant ID in the token does not match the tenant ID in the context"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/api-auth-entity-storage-service",
-	"version": "0.0.3-next.17",
+	"version": "0.0.3-next.19",
 	"description": "Auth Entity Storage contract implementation and REST endpoint definitions",
 	"repository": {
 		"type": "git",
@@ -14,9 +14,9 @@
 		"node": ">=20.0.0"
 	},
 	"dependencies": {
-		"@twin.org/api-auth-entity-storage-models": "0.0.3-next.17",
-		"@twin.org/api-core": "0.0.3-next.17",
-		"@twin.org/api-models": "0.0.3-next.17",
+		"@twin.org/api-auth-entity-storage-models": "0.0.3-next.19",
+		"@twin.org/api-core": "0.0.3-next.19",
+		"@twin.org/api-models": "0.0.3-next.19",
 		"@twin.org/context": "next",
 		"@twin.org/core": "next",
 		"@twin.org/crypto": "next",