@twin.org/trust-generators 0.0.3-next.15 → 0.0.3-next.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -57,13 +57,19 @@ export class JwtVerifiableCredentialGenerator {
57
57
  * payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).
58
58
  * @param organizationId Optional organization identifier. Embedded directly in
59
59
  * the JWT payload as the `org` claim.
60
+ * @param options Per-call generation options.
61
+ * @param options.tokenTtlInSeconds TTL override in seconds for this token only. Takes precedence over the
62
+ * config-level `tokenTtlInSeconds` when provided.
60
63
  * @returns The generated JWT.
61
64
  */
62
- async generate(identity, info, tenantIdHash, organizationId) {
65
+ async generate(identity, info, tenantIdHash, organizationId, options) {
63
66
  Guards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, "identity", identity);
67
+ const ttlInSeconds = Is.integer(options?.tokenTtlInSeconds)
68
+ ? options.tokenTtlInSeconds
69
+ : this._tokenTtlInSeconds;
64
70
  let expirationDate;
65
- if (Is.integer(this._tokenTtlInSeconds)) {
66
- const ttlMs = this._tokenTtlInSeconds * 1000;
71
+ if (Is.integer(ttlInSeconds)) {
72
+ const ttlMs = ttlInSeconds * 1000;
67
73
  expirationDate = new Date(Date.now() + ttlMs);
68
74
  }
69
75
  const jwtPayloadFields = {};
@@ -1 +1 @@
1
- {"version":3,"file":"jwtVerifiableCredentialGenerator.js","sourceRoot":"","sources":["../../../src/generators/jwtVerifiableCredentialGenerator.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,cAAc,EAA2B,MAAM,2BAA2B,CAAC;AAMpF;;GAEG;AACH,MAAM,OAAO,gCAAgC;IAC5C;;OAEG;IACI,MAAM,CAAU,UAAU,sCAAsD;IAEvF;;;OAGG;IACH,8EAA8E;IAC7D,iBAAiB,CAAqB;IAEvD;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,qBAAqB,CAAS;IAE/C;;;OAGG;IACc,kBAAkB,CAAU;IAE7C;;;OAGG;IACH,YAAY,OAA4D;QACvE,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CACpD,OAAO,EAAE,oBAAoB,IAAI,SAAS,CAC1C,CAAC;QAEF,IAAI,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAAC,CAAC;QAE7F,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACjE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,gCAAgC,CAAC,UAAU,CAAC;IACpD,CAAC;IAED;;;;;;;;;;OAUG;IACI,KAAK,CAAC,QAAQ,CACpB,QAAgB,EAChB,IAAsC,EACtC,YAAqB,EACrB,cAAuB;QAEvB,MAAM,CAAC,WAAW,CAAC,gCAAgC,CAAC,UAAU,cAAoB,QAAQ,CAAC,CAAC;QAE5F,IAAI,cAAc,CAAC;QAEnB,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;YAC7C,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,gBAAgB,GAA8B,EAAE,CAAC;QACvD,IAAI,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,GAAG,GAAG,YAAY,CAAC;QACrC,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;YACpC,gBAAgB,CAAC,GAAG,GAAG,cAAc,CAAC;QACvC,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAC1E,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAC3D,SAAS,EACT,IAAI,EAAE,OAAO,IAAI,EAAE,EACnB;YACC,cAAc;YACd,gBAAgB;SAChB,EACD,QAAQ,CACR,CAAC;QAEF,OAAO,UAAU,CAAC,GAAG,CAAC;IACvB,CAAC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { ComponentFactory, Guards, Is } from \"@twin.org/core\";\nimport type { IJsonLdNodeObject } from \"@twin.org/data-json-ld\";\nimport { DocumentHelper, type IIdentityComponent } from \"@twin.org/identity-models\";\nimport type { ILoggingComponent } from \"@twin.org/logging-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport type { ITrustGenerator } from \"@twin.org/trust-models\";\nimport type { IJwtVerifiableCredentialGeneratorConstructorOptions } from \"../models/IJwtVerifiableCredentialGeneratorConstructorOptions.js\";\n\n/**\n * Class to generate a JWT Verifiable Credential.\n */\nexport class JwtVerifiableCredentialGenerator implements ITrustGenerator {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<JwtVerifiableCredentialGenerator>();\n\n\t/**\n\t * The logging component.\n\t * @internal\n\t */\n\t// eslint-disable-next-line @typescript-eslint/no-unused-private-class-members\n\tprivate readonly _loggingComponent?: ILoggingComponent;\n\n\t/**\n\t * The identity component.\n\t * @internal\n\t */\n\tprivate readonly _identityComponent: IIdentityComponent;\n\n\t/**\n\t * The verification method ID for the connector to use.\n\t * @internal\n\t */\n\tprivate readonly _verificationMethodId: string;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds?: number;\n\n\t/**\n\t * Create a new instance of JwtVerifiableCredentialGenerator.\n\t * @param options The options for the service.\n\t */\n\tconstructor(options: IJwtVerifiableCredentialGeneratorConstructorOptions) {\n\t\tthis._loggingComponent = ComponentFactory.getIfExists(\n\t\t\toptions?.loggingComponentType ?? \"logging\"\n\t\t);\n\n\t\tthis._identityComponent = ComponentFactory.get(options?.identityComponentType ?? \"identity\");\n\n\t\tthis._verificationMethodId = options.config.verificationMethodId;\n\t\tthis._tokenTtlInSeconds = options.config.tokenTtlInSeconds;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn JwtVerifiableCredentialGenerator.CLASS_NAME;\n\t}\n\n\t/**\n\t * Generate a trust payload.\n\t * @param identity The identity for which to generate the payload.\n\t * @param info Information to use in the generation.\n\t * @param info.subject The subject of the verifiable credential (JSON-LD).\n\t * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT\n\t * payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).\n\t * @param organizationId Optional organization identifier. Embedded directly in\n\t * the JWT payload as the `org` claim.\n\t * @returns The generated JWT.\n\t */\n\tpublic async generate(\n\t\tidentity: string,\n\t\tinfo?: { subject?: IJsonLdNodeObject },\n\t\ttenantIdHash?: string,\n\t\torganizationId?: string\n\t): Promise<unknown> {\n\t\tGuards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, nameof(identity), identity);\n\n\t\tlet expirationDate;\n\n\t\tif (Is.integer(this._tokenTtlInSeconds)) {\n\t\t\tconst ttlMs = this._tokenTtlInSeconds * 1000;\n\t\t\texpirationDate = new Date(Date.now() + ttlMs);\n\t\t}\n\n\t\tconst jwtPayloadFields: { [key: string]: string } = {};\n\t\tif (Is.stringValue(tenantIdHash)) {\n\t\t\tjwtPayloadFields.tid = tenantIdHash;\n\t\t}\n\t\tif (Is.stringValue(organizationId)) {\n\t\t\tjwtPayloadFields.org = organizationId;\n\t\t}\n\n\t\tconst credential = await this._identityComponent.verifiableCredentialCreate(\n\t\t\tDocumentHelper.joinId(identity, this._verificationMethodId),\n\t\t\tundefined,\n\t\t\tinfo?.subject ?? {},\n\t\t\t{\n\t\t\t\texpirationDate,\n\t\t\t\tjwtPayloadFields\n\t\t\t},\n\t\t\tidentity\n\t\t);\n\n\t\treturn credential.jwt;\n\t}\n}\n"]}
1
+ {"version":3,"file":"jwtVerifiableCredentialGenerator.js","sourceRoot":"","sources":["../../../src/generators/jwtVerifiableCredentialGenerator.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,cAAc,EAA2B,MAAM,2BAA2B,CAAC;AAMpF;;GAEG;AACH,MAAM,OAAO,gCAAgC;IAC5C;;OAEG;IACI,MAAM,CAAU,UAAU,sCAAsD;IAEvF;;;OAGG;IACH,8EAA8E;IAC7D,iBAAiB,CAAqB;IAEvD;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACc,qBAAqB,CAAS;IAE/C;;;OAGG;IACc,kBAAkB,CAAU;IAE7C;;;OAGG;IACH,YAAY,OAA4D;QACvE,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CACpD,OAAO,EAAE,oBAAoB,IAAI,SAAS,CAC1C,CAAC;QAEF,IAAI,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAAC,CAAC;QAE7F,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACjE,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,gCAAgC,CAAC,UAAU,CAAC;IACpD,CAAC;IAED;;;;;;;;;;;;;OAaG;IACI,KAAK,CAAC,QAAQ,CACpB,QAAgB,EAChB,IAAsC,EACtC,YAAqB,EACrB,cAAuB,EACvB,OAAuC;QAEvC,MAAM,CAAC,WAAW,CAAC,gCAAgC,CAAC,UAAU,cAAoB,QAAQ,CAAC,CAAC;QAE5F,MAAM,YAAY,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,CAAC;YAC1D,CAAC,CAAC,OAAO,CAAC,iBAAiB;YAC3B,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;QAE3B,IAAI,cAAc,CAAC;QAEnB,IAAI,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,YAAY,GAAG,IAAI,CAAC;YAClC,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,gBAAgB,GAA8B,EAAE,CAAC;QACvD,IAAI,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,GAAG,GAAG,YAAY,CAAC;QACrC,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;YACpC,gBAAgB,CAAC,GAAG,GAAG,cAAc,CAAC;QACvC,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAC1E,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAC3D,SAAS,EACT,IAAI,EAAE,OAAO,IAAI,EAAE,EACnB;YACC,cAAc;YACd,gBAAgB;SAChB,EACD,QAAQ,CACR,CAAC;QAEF,OAAO,UAAU,CAAC,GAAG,CAAC;IACvB,CAAC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { ComponentFactory, Guards, Is } from \"@twin.org/core\";\nimport type { IJsonLdNodeObject } from \"@twin.org/data-json-ld\";\nimport { DocumentHelper, type IIdentityComponent } from \"@twin.org/identity-models\";\nimport type { ILoggingComponent } from \"@twin.org/logging-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport type { ITrustGenerator } from \"@twin.org/trust-models\";\nimport type { IJwtVerifiableCredentialGeneratorConstructorOptions } from \"../models/IJwtVerifiableCredentialGeneratorConstructorOptions.js\";\n\n/**\n * Class to generate a JWT Verifiable Credential.\n */\nexport class JwtVerifiableCredentialGenerator implements ITrustGenerator {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<JwtVerifiableCredentialGenerator>();\n\n\t/**\n\t * The logging component.\n\t * @internal\n\t */\n\t// eslint-disable-next-line @typescript-eslint/no-unused-private-class-members\n\tprivate readonly _loggingComponent?: ILoggingComponent;\n\n\t/**\n\t * The identity component.\n\t * @internal\n\t */\n\tprivate readonly _identityComponent: IIdentityComponent;\n\n\t/**\n\t * The verification method ID for the connector to use.\n\t * @internal\n\t */\n\tprivate readonly _verificationMethodId: string;\n\n\t/**\n\t * The time-to-live (TTL) for token in seconds.\n\t * @internal\n\t */\n\tprivate readonly _tokenTtlInSeconds?: number;\n\n\t/**\n\t * Create a new instance of JwtVerifiableCredentialGenerator.\n\t * @param options The options for the service.\n\t */\n\tconstructor(options: IJwtVerifiableCredentialGeneratorConstructorOptions) {\n\t\tthis._loggingComponent = ComponentFactory.getIfExists(\n\t\t\toptions?.loggingComponentType ?? \"logging\"\n\t\t);\n\n\t\tthis._identityComponent = ComponentFactory.get(options?.identityComponentType ?? \"identity\");\n\n\t\tthis._verificationMethodId = options.config.verificationMethodId;\n\t\tthis._tokenTtlInSeconds = options.config.tokenTtlInSeconds;\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn JwtVerifiableCredentialGenerator.CLASS_NAME;\n\t}\n\n\t/**\n\t * Generate a trust payload.\n\t * @param identity The identity for which to generate the payload.\n\t * @param info Information to use in the generation.\n\t * @param info.subject The subject of the verifiable credential (JSON-LD).\n\t * @param tenantIdHash Optional tenant identifier, should be an opaque hashed version. Embedded directly in the JWT\n\t * payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).\n\t * @param organizationId Optional organization identifier. Embedded directly in\n\t * the JWT payload as the `org` claim.\n\t * @param options Per-call generation options.\n\t * @param options.tokenTtlInSeconds TTL override in seconds for this token only. Takes precedence over the\n\t * config-level `tokenTtlInSeconds` when provided.\n\t * @returns The generated JWT.\n\t */\n\tpublic async generate(\n\t\tidentity: string,\n\t\tinfo?: { subject?: IJsonLdNodeObject },\n\t\ttenantIdHash?: string,\n\t\torganizationId?: string,\n\t\toptions?: { tokenTtlInSeconds: number }\n\t): Promise<unknown> {\n\t\tGuards.stringValue(JwtVerifiableCredentialGenerator.CLASS_NAME, nameof(identity), identity);\n\n\t\tconst ttlInSeconds = Is.integer(options?.tokenTtlInSeconds)\n\t\t\t? options.tokenTtlInSeconds\n\t\t\t: this._tokenTtlInSeconds;\n\n\t\tlet expirationDate;\n\n\t\tif (Is.integer(ttlInSeconds)) {\n\t\t\tconst ttlMs = ttlInSeconds * 1000;\n\t\t\texpirationDate = new Date(Date.now() + ttlMs);\n\t\t}\n\n\t\tconst jwtPayloadFields: { [key: string]: string } = {};\n\t\tif (Is.stringValue(tenantIdHash)) {\n\t\t\tjwtPayloadFields.tid = tenantIdHash;\n\t\t}\n\t\tif (Is.stringValue(organizationId)) {\n\t\t\tjwtPayloadFields.org = organizationId;\n\t\t}\n\n\t\tconst credential = await this._identityComponent.verifiableCredentialCreate(\n\t\t\tDocumentHelper.joinId(identity, this._verificationMethodId),\n\t\t\tundefined,\n\t\t\tinfo?.subject ?? {},\n\t\t\t{\n\t\t\t\texpirationDate,\n\t\t\t\tjwtPayloadFields\n\t\t\t},\n\t\t\tidentity\n\t\t);\n\n\t\treturn credential.jwt;\n\t}\n}\n"]}
@@ -28,9 +28,14 @@ export declare class JwtVerifiableCredentialGenerator implements ITrustGenerator
28
28
  * payload as the `tid` claim (mirroring the existing auth-service session-JWT shape).
29
29
  * @param organizationId Optional organization identifier. Embedded directly in
30
30
  * the JWT payload as the `org` claim.
31
+ * @param options Per-call generation options.
32
+ * @param options.tokenTtlInSeconds TTL override in seconds for this token only. Takes precedence over the
33
+ * config-level `tokenTtlInSeconds` when provided.
31
34
  * @returns The generated JWT.
32
35
  */
33
36
  generate(identity: string, info?: {
34
37
  subject?: IJsonLdNodeObject;
35
- }, tenantIdHash?: string, organizationId?: string): Promise<unknown>;
38
+ }, tenantIdHash?: string, organizationId?: string, options?: {
39
+ tokenTtlInSeconds: number;
40
+ }): Promise<unknown>;
36
41
  }
package/docs/changelog.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # Changelog
2
2
 
3
+ ## [0.0.3-next.16](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.15...trust-generators-v0.0.3-next.16) (2026-05-27)
4
+
5
+
6
+ ### Features
7
+
8
+ * ttl-token per generation ([#26](https://github.com/iotaledger/twin-trust/issues/26)) ([a35e925](https://github.com/iotaledger/twin-trust/commit/a35e925560d05f30dd8c02eb4184c0c503ca075a))
9
+
10
+
11
+ ### Dependencies
12
+
13
+ * The following workspace dependencies were updated
14
+ * dependencies
15
+ * @twin.org/trust-models bumped from 0.0.3-next.15 to 0.0.3-next.16
16
+
3
17
  ## [0.0.3-next.15](https://github.com/iotaledger/twin-trust/compare/trust-generators-v0.0.3-next.14...trust-generators-v0.0.3-next.15) (2026-05-26)
4
18
 
5
19
 
@@ -56,7 +56,7 @@ The class name of the component.
56
56
 
57
57
  ### generate() {#generate}
58
58
 
59
- > **generate**(`identity`, `info?`, `tenantIdHash?`, `organizationId?`): `Promise`\<`unknown`\>
59
+ > **generate**(`identity`, `info?`, `tenantIdHash?`, `organizationId?`, `options?`): `Promise`\<`unknown`\>
60
60
 
61
61
  Generate a trust payload.
62
62
 
@@ -92,6 +92,17 @@ payload as the `tid` claim (mirroring the existing auth-service session-JWT shap
92
92
  Optional organization identifier. Embedded directly in
93
93
  the JWT payload as the `org` claim.
94
94
 
95
+ ##### options?
96
+
97
+ Per-call generation options.
98
+
99
+ ###### tokenTtlInSeconds
100
+
101
+ `number`
102
+
103
+ TTL override in seconds for this token only. Takes precedence over the
104
+ config-level `tokenTtlInSeconds` when provided.
105
+
95
106
  #### Returns
96
107
 
97
108
  `Promise`\<`unknown`\>
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@twin.org/trust-generators",
3
- "version": "0.0.3-next.15",
3
+ "version": "0.0.3-next.16",
4
4
  "description": "Implements trust credential generators that produce signed verifiable credential artefacts",
5
5
  "repository": {
6
6
  "type": "git",
@@ -19,7 +19,7 @@
19
19
  "@twin.org/identity-models": "next",
20
20
  "@twin.org/logging-models": "next",
21
21
  "@twin.org/nameof": "next",
22
- "@twin.org/trust-models": "0.0.3-next.15",
22
+ "@twin.org/trust-models": "0.0.3-next.16",
23
23
  "@twin.org/web": "next"
24
24
  },
25
25
  "main": "./dist/es/index.js",