@twin.org/trust-generators 0.0.3-next.13 → 0.0.3-next.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -52,18 +52,30 @@ export class JwtVerifiableCredentialGenerator {
52
52
  * Generate a trust payload.
53
53
  * @param identity The identity for which to generate the payload.
54
54
  * @param info Information to use in the generation.
55
- * @param info.subject The subject of the verifiable credential.
56
- * @returns The generated payload.
55
+ * @param info.subject The subject of the verifiable credential (JSON-LD).
56
+ * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT
57
+ * payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).
58
+ * @param organizationId Optional organization identifier. Embedded directly in
59
+ * the JWT payload as the `org` claim.
60
+ * @returns The generated JWT.
57
61
  */
58
- async generate(identity, info) {
62
+ async generate(identity, info, tenantIdHash, organizationId) {
59
63
  Guards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, "identity", identity);
60
64
  let expirationDate;
61
65
  if (Is.integer(this._tokenTtlInSeconds)) {
62
66
  const ttlMs = this._tokenTtlInSeconds * 1000;
63
67
  expirationDate = new Date(Date.now() + ttlMs);
64
68
  }
69
+ const jwtPayloadFields = {};
70
+ if (Is.stringValue(tenantIdHash)) {
71
+ jwtPayloadFields.tid = tenantIdHash;
72
+ }
73
+ if (Is.stringValue(organizationId)) {
74
+ jwtPayloadFields.org = organizationId;
75
+ }
65
76
  const credential = await this._identityComponent.verifiableCredentialCreate(DocumentHelper.joinId(identity, this._verificationMethodId), undefined, info?.subject ?? {}, {
66
- expirationDate
77
+ expirationDate,
78
+ jwtPayloadFields
67
79
  }, identity);
68
80
  return credential.jwt;
69
81
  }
@@ -1 +1 @@
1
- {"version":3,"file":"jwtVerifiableCredentialGenerator.js","sourceRoot":"","sources":["../../../src/generators/jwtVerifiableCredentialGenerator.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,cAAc,EAA2B,MAAM,2BAA2B,CAAC;AAMpF;;GAEG;AACH,MAAM,OAAO,gCAAgC;IAC5C;;OAEG;IACI,MAAM,CAAU,UAAU,sCAAsD;IAEvF;;;OAGG;IACH,8EAA8E;IAC7D,iBAAiB,CAAqB;IAEvD;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,qBAAqB,CAAS;IAE/C;;;OAGG;IACc,kBAAkB,CAAU;IAE7C;;;OAGG;IACH,YAAY,OAA4D;QACvE,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CACpD,OAAO,EAAE,oBAAoB,IAAI,SAAS,CAC1C,CAAC;QAEF,IAAI,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAAC,CAAC;QAE7F,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACjE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,gCAAgC,CAAC,UAAU,CAAC;IACpD,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,QAAQ,CACpB,QAAgB,EAChB,IAAsC;QAEtC,MAAM,CAAC,WAAW,CAAC,gCAAgC,CAAC,UAAU,cAAoB,QAAQ,CAAC,CAAC;QAE5F,IAAI,cAAc,CAAC;QAEnB,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;YAC7C,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAC1E,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAC3D,SAAS,EACT,IAAI,EAAE,OAAO,IAAI,EAAE,EACnB;YACC,cAAc;SACd,EACD,QAAQ,CACR,CAAC;QAEF,OAAO,UAAU,CAAC,GAAG,CAAC;IACvB,CAAC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { ComponentFactory, Guards, Is } from \"@twin.org/core\";\nimport type { IJsonLdNodeObject } from \"@twin.org/data-json-ld\";\nimport { DocumentHelper, type IIdentityComponent } from \"@twin.org/identity-models\";\nimport type { ILoggingComponent } from \"@twin.org/logging-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport type { ITrustGenerator } from \"@twin.org/trust-models\";\nimport type { IJwtVerifiableCredentialGeneratorConstructorOptions } from \"../models/IJwtVerifiableCredentialGeneratorConstructorOptions.js\";\n\n/**\n * Class to generate a JWT Verifiable Credential.\n */\nexport class JwtVerifiableCredentialGenerator implements ITrustGenerator {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<JwtVerifiableCredentialGenerator>();\n\n\t/**\n\t * The logging component.\n\t * @internal\n\t */\n\t// eslint-disable-next-line @typescript-eslint/no-unused-private-class-members\n\tprivate readonly _loggingComponent?: ILoggingComponent;\n\n\t/**\n\t * The identity component.\n\t * @internal\n\t */\n\tprivate readonly _identityComponent: IIdentityComponent;\n\n\t/**\n\t * The verification method ID for the connector to use.\n\t * @internal\n\t */\n\tprivate readonly _verificationMethodId: string;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds?: number;\n\n\t/**\n\t * Create a new instance of JwtVerifiableCredentialGenerator.\n\t * @param options The options for the service.\n\t */\n\tconstructor(options: IJwtVerifiableCredentialGeneratorConstructorOptions) {\n\t\tthis._loggingComponent = ComponentFactory.getIfExists(\n\t\t\toptions?.loggingComponentType ?? \"logging\"\n\t\t);\n\n\t\tthis._identityComponent = ComponentFactory.get(options?.identityComponentType ?? \"identity\");\n\n\t\tthis._verificationMethodId = options.config.verificationMethodId;\n\t\tthis._tokenTtlInSeconds = options.config.tokenTtlInSeconds;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn JwtVerifiableCredentialGenerator.CLASS_NAME;\n\t}\n\n\t/**\n\t * Generate a trust payload.\n\t * @param identity The identity for which to generate the payload.\n\t * @param info Information to use in the generation.\n\t * @param info.subject The subject of the verifiable credential.\n\t * @returns The generated payload.\n\t */\n\tpublic async generate(\n\t\tidentity: string,\n\t\tinfo?: { subject?: IJsonLdNodeObject }\n\t): Promise<unknown> {\n\t\tGuards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, nameof(identity), identity);\n\n\t\tlet expirationDate;\n\n\t\tif (Is.integer(this._tokenTtlInSeconds)) {\n\t\t\tconst ttlMs = this._tokenTtlInSeconds * 1000;\n\t\t\texpirationDate = new Date(Date.now() + ttlMs);\n\t\t}\n\n\t\tconst credential = await this._identityComponent.verifiableCredentialCreate(\n\t\t\tDocumentHelper.joinId(identity, this._verificationMethodId),\n\t\t\tundefined,\n\t\t\tinfo?.subject ?? {},\n\t\t\t{\n\t\t\t\texpirationDate\n\t\t\t},\n\t\t\tidentity\n\t\t);\n\n\t\treturn credential.jwt;\n\t}\n}\n"]}
1
+ {"version":3,"file":"jwtVerifiableCredentialGenerator.js","sourceRoot":"","sources":["../../../src/generators/jwtVerifiableCredentialGenerator.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,cAAc,EAA2B,MAAM,2BAA2B,CAAC;AAMpF;;GAEG;AACH,MAAM,OAAO,gCAAgC;IAC5C;;OAEG;IACI,MAAM,CAAU,UAAU,sCAAsD;IAEvF;;;OAGG;IACH,8EAA8E;IAC7D,iBAAiB,CAAqB;IAEvD;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,qBAAqB,CAAS;IAE/C;;;OAGG;IACc,kBAAkB,CAAU;IAE7C;;;OAGG;IACH,YAAY,OAA4D;QACvE,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CACpD,OAAO,EAAE,oBAAoB,IAAI,SAAS,CAC1C,CAAC;QAEF,IAAI,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAAC,CAAC;QAE7F,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACjE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,gCAAgC,CAAC,UAAU,CAAC;IACpD,CAAC;IAED;;;;;;;;;;OAUG;IACI,KAAK,CAAC,QAAQ,CACpB,QAAgB,EAChB,IAAsC,EACtC,YAAqB,EACrB,cAAuB;QAEvB,MAAM,CAAC,WAAW,CAAC,gCAAgC,CAAC,UAAU,cAAoB,QAAQ,CAAC,CAAC;QAE5F,IAAI,cAAc,CAAC;QAEnB,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;YAC7C,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,gBAAgB,GAA8B,EAAE,CAAC;QACvD,IAAI,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,GAAG,GAAG,YAAY,CAAC;QACrC,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;YACpC,gBAAgB,CAAC,GAAG,GAAG,cAAc,CAAC;QACvC,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAC1E,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAC3D,SAAS,EACT,IAAI,EAAE,OAAO,IAAI,EAAE,EACnB;YACC,cAAc;YACd,gBAAgB;SAChB,EACD,QAAQ,CACR,CAAC;QAEF,OAAO,UAAU,CAAC,GAAG,CAAC;IACvB,CAAC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { ComponentFactory, Guards, Is } from \"@twin.org/core\";\nimport type { IJsonLdNodeObject } from \"@twin.org/data-json-ld\";\nimport { DocumentHelper, type IIdentityComponent } from \"@twin.org/identity-models\";\nimport type { ILoggingComponent } from \"@twin.org/logging-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport type { ITrustGenerator } from \"@twin.org/trust-models\";\nimport type { IJwtVerifiableCredentialGeneratorConstructorOptions } from \"../models/IJwtVerifiableCredentialGeneratorConstructorOptions.js\";\n\n/**\n * Class to generate a JWT Verifiable Credential.\n */\nexport class JwtVerifiableCredentialGenerator implements ITrustGenerator {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<JwtVerifiableCredentialGenerator>();\n\n\t/**\n\t * The logging component.\n\t * @internal\n\t */\n\t// eslint-disable-next-line @typescript-eslint/no-unused-private-class-members\n\tprivate readonly _loggingComponent?: ILoggingComponent;\n\n\t/**\n\t * The identity component.\n\t * @internal\n\t */\n\tprivate readonly _identityComponent: IIdentityComponent;\n\n\t/**\n\t * The verification method ID for the connector to use.\n\t * @internal\n\t */\n\tprivate readonly _verificationMethodId: string;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds?: number;\n\n\t/**\n\t * Create a new instance of JwtVerifiableCredentialGenerator.\n\t * @param options The options for the service.\n\t */\n\tconstructor(options: IJwtVerifiableCredentialGeneratorConstructorOptions) {\n\t\tthis._loggingComponent = ComponentFactory.getIfExists(\n\t\t\toptions?.loggingComponentType ?? \"logging\"\n\t\t);\n\n\t\tthis._identityComponent = ComponentFactory.get(options?.identityComponentType ?? \"identity\");\n\n\t\tthis._verificationMethodId = options.config.verificationMethodId;\n\t\tthis._tokenTtlInSeconds = options.config.tokenTtlInSeconds;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn JwtVerifiableCredentialGenerator.CLASS_NAME;\n\t}\n\n\t/**\n\t * Generate a trust payload.\n\t * @param identity The identity for which to generate the payload.\n\t * @param info Information to use in the generation.\n\t * @param info.subject The subject of the verifiable credential (JSON-LD).\n\t * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT\n\t * payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).\n\t * @param organizationId Optional organization identifier. Embedded directly in\n\t * the JWT payload as the `org` claim.\n\t * @returns The generated JWT.\n\t */\n\tpublic async generate(\n\t\tidentity: string,\n\t\tinfo?: { subject?: IJsonLdNodeObject },\n\t\ttenantIdHash?: string,\n\t\torganizationId?: string\n\t): Promise<unknown> {\n\t\tGuards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, nameof(identity), identity);\n\n\t\tlet expirationDate;\n\n\t\tif (Is.integer(this._tokenTtlInSeconds)) {\n\t\t\tconst ttlMs = this._tokenTtlInSeconds * 1000;\n\t\t\texpirationDate = new Date(Date.now() + ttlMs);\n\t\t}\n\n\t\tconst jwtPayloadFields: { [key: string]: string } = {};\n\t\tif (Is.stringValue(tenantIdHash)) {\n\t\t\tjwtPayloadFields.tid = tenantIdHash;\n\t\t}\n\t\tif (Is.stringValue(organizationId)) {\n\t\t\tjwtPayloadFields.org = organizationId;\n\t\t}\n\n\t\tconst credential = await this._identityComponent.verifiableCredentialCreate(\n\t\t\tDocumentHelper.joinId(identity, this._verificationMethodId),\n\t\t\tundefined,\n\t\t\tinfo?.subject ?? {},\n\t\t\t{\n\t\t\t\texpirationDate,\n\t\t\t\tjwtPayloadFields\n\t\t\t},\n\t\t\tidentity\n\t\t);\n\n\t\treturn credential.jwt;\n\t}\n}\n"]}
@@ -23,10 +23,14 @@ export declare class JwtVerifiableCredentialGenerator implements ITrustGenerator
23
23
  * Generate a trust payload.
24
24
  * @param identity The identity for which to generate the payload.
25
25
  * @param info Information to use in the generation.
26
- * @param info.subject The subject of the verifiable credential.
27
- * @returns The generated payload.
26
+ * @param info.subject The subject of the verifiable credential (JSON-LD).
27
+ * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT
28
+ * payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).
29
+ * @param organizationId Optional organization identifier. Embedded directly in
30
+ * the JWT payload as the `org` claim.
31
+ * @returns The generated JWT.
28
32
  */
29
33
  generate(identity: string, info?: {
30
34
  subject?: IJsonLdNodeObject;
31
- }): Promise<unknown>;
35
+ }, tenantIdHash?: string, organizationId?: string): Promise<unknown>;
32
36
  }
package/docs/changelog.md CHANGED
@@ -1,5 +1,33 @@
1
1
  # Changelog
2
2
 
3
+ ## [0.0.3-next.15](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.14...trust-generators-v0.0.3-next.15) (2026-05-26)
4
+
5
+
6
+ ### Features
7
+
8
+ * add TrustHelper hashTenantId ([#22](https://github.com/iotaledger/twin-trust/issues/22)) ([1efa9dc](https://github.com/iotaledger/twin-trust/commit/1efa9dc7ef0534dbb1a789fac300409190452273))
9
+
10
+
11
+ ### Dependencies
12
+
13
+ * The following workspace dependencies were updated
14
+ * dependencies
15
+ * @twin.org/trust-models bumped from 0.0.3-next.14 to 0.0.3-next.15
16
+
17
+ ## [0.0.3-next.14](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.13...trust-generators-v0.0.3-next.14) (2026-05-22)
18
+
19
+
20
+ ### Features
21
+
22
+ * add optional tenantId + organizationId to trust VC payload ([#19](https://github.com/iotaledger/twin-trust/issues/19)) ([1e93f6b](https://github.com/iotaledger/twin-trust/commit/1e93f6b0eacbfa725f3c3515d4255b39dd122ce7))
23
+
24
+
25
+ ### Dependencies
26
+
27
+ * The following workspace dependencies were updated
28
+ * dependencies
29
+ * @twin.org/trust-models bumped from 0.0.3-next.13 to 0.0.3-next.14
30
+
3
31
  ## [0.0.3-next.13](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.12...trust-generators-v0.0.3-next.13) (2026-05-20)
4
32
 
5
33
 
@@ -56,7 +56,7 @@ The class name of the component.
56
56
 
57
57
  ### generate() {#generate}
58
58
 
59
- > **generate**(`identity`, `info?`): `Promise`\<`unknown`\>
59
+ > **generate**(`identity`, `info?`, `tenantIdHash?`, `organizationId?`): `Promise`\<`unknown`\>
60
60
 
61
61
  Generate a trust payload.
62
62
 
@@ -76,13 +76,27 @@ Information to use in the generation.
76
76
 
77
77
  `IJsonLdNodeObject`
78
78
 
79
- The subject of the verifiable credential.
79
+ The subject of the verifiable credential (JSON-LD).
80
+
81
+ ##### tenantIdHash?
82
+
83
+ `string`
84
+
85
+ Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT
86
+ payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).
87
+
88
+ ##### organizationId?
89
+
90
+ `string`
91
+
92
+ Optional organization identifier. Embedded directly in
93
+ the JWT payload as the `org` claim.
80
94
 
81
95
  #### Returns
82
96
 
83
97
  `Promise`\<`unknown`\>
84
98
 
85
- The generated payload.
99
+ The generated JWT.
86
100
 
87
101
  #### Implementation of
88
102
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@twin.org/trust-generators",
3
- "version": "0.0.3-next.13",
3
+ "version": "0.0.3-next.15",
4
4
  "description": "Implements trust credential generators that produce signed verifiable credential artefacts",
5
5
  "repository": {
6
6
  "type": "git",
@@ -19,7 +19,7 @@
19
19
  "@twin.org/identity-models": "next",
20
20
  "@twin.org/logging-models": "next",
21
21
  "@twin.org/nameof": "next",
22
- "@twin.org/trust-models": "0.0.3-next.13",
22
+ "@twin.org/trust-models": "0.0.3-next.15",
23
23
  "@twin.org/web": "next"
24
24
  },
25
25
  "main": "./dist/es/index.js",