@versini/auth-common 2.4.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +6 -1
  2. package/dist/index.js +49 -44
  3. package/package.json +2 -2
package/dist/index.d.ts CHANGED
@@ -12,9 +12,14 @@ declare const JWT: {
12
12
  ALG: string;
13
13
  USER_ID_KEY: string;
14
14
  TOKEN_ID_KEY: string;
15
+ NONCE_KEY: string;
15
16
  ISSUER: string;
16
17
  };
17
18
  declare const JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7\nw5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5\ni1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle\naMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+\nl0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE\nsjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81\nawIDAQAB\n-----END PUBLIC KEY-----";
19
+ declare const TOKEN_EXPIRATION: {
20
+ ACCESS: string;
21
+ ID: string;
22
+ };
18
23
  declare const verifyAndExtractToken: (token: string, audience: string) => Promise<jose.JWTVerifyResult<jose.JWTPayload> | undefined>;
19
24
 
20
- export { AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, verifyAndExtractToken };
25
+ export { AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, verifyAndExtractToken };
package/dist/index.js CHANGED
@@ -1,17 +1,17 @@
1
1
  /*!
2
- @versini/auth-common v2.4.0
2
+ @versini/auth-common v2.6.0
3
3
  © 2024 gizmette.com
4
4
  */
5
5
  try {
6
6
  window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
7
- version: "2.4.0",
8
- buildTime: "06/25/2024 03:57 PM EDT",
7
+ version: "2.6.0",
8
+ buildTime: "06/26/2024 08:40 AM EDT",
9
9
  homepage: "https://github.com/aversini/auth-client",
10
10
  license: "MIT"
11
11
  });
12
12
  } catch {
13
13
  }
14
- const P = crypto, D = (e) => e instanceof CryptoKey, b = new TextEncoder(), g = new TextDecoder();
14
+ const P = crypto, D = (e) => e instanceof CryptoKey, A = new TextEncoder(), g = new TextDecoder();
15
15
  function V(...e) {
16
16
  const t = e.reduce((o, { length: i }) => o + i, 0), n = new Uint8Array(t);
17
17
  let r = 0;
@@ -33,7 +33,7 @@ const F = (e) => {
33
33
  throw new TypeError("The input to be decoded is not correctly encoded.");
34
34
  }
35
35
  };
36
- class E extends Error {
36
+ class w extends Error {
37
37
  static get code() {
38
38
  return "ERR_JOSE_GENERIC";
39
39
  }
@@ -42,7 +42,7 @@ class E extends Error {
42
42
  super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
43
43
  }
44
44
  }
45
- class h extends E {
45
+ class h extends w {
46
46
  static get code() {
47
47
  return "ERR_JWT_CLAIM_VALIDATION_FAILED";
48
48
  }
@@ -50,7 +50,7 @@ class h extends E {
50
50
  super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = o, this.payload = n;
51
51
  }
52
52
  }
53
- class O extends E {
53
+ class O extends w {
54
54
  static get code() {
55
55
  return "ERR_JWT_EXPIRED";
56
56
  }
@@ -58,7 +58,7 @@ class O extends E {
58
58
  super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = o, this.payload = n;
59
59
  }
60
60
  }
61
- class G extends E {
61
+ class G extends w {
62
62
  constructor() {
63
63
  super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
64
64
  }
@@ -66,7 +66,7 @@ class G extends E {
66
66
  return "ERR_JOSE_ALG_NOT_ALLOWED";
67
67
  }
68
68
  }
69
- class _ extends E {
69
+ class _ extends w {
70
70
  constructor() {
71
71
  super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
72
72
  }
@@ -74,7 +74,7 @@ class _ extends E {
74
74
  return "ERR_JOSE_NOT_SUPPORTED";
75
75
  }
76
76
  }
77
- class d extends E {
77
+ class d extends w {
78
78
  constructor() {
79
79
  super(...arguments), this.code = "ERR_JWS_INVALID";
80
80
  }
@@ -82,7 +82,7 @@ class d extends E {
82
82
  return "ERR_JWS_INVALID";
83
83
  }
84
84
  }
85
- class k extends E {
85
+ class k extends w {
86
86
  constructor() {
87
87
  super(...arguments), this.code = "ERR_JWT_INVALID";
88
88
  }
@@ -90,7 +90,7 @@ class k extends E {
90
90
  return "ERR_JWT_INVALID";
91
91
  }
92
92
  }
93
- class q extends E {
93
+ class Y extends w {
94
94
  constructor() {
95
95
  super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
96
96
  }
@@ -101,13 +101,13 @@ class q extends E {
101
101
  function p(e, t = "algorithm.name") {
102
102
  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
103
103
  }
104
- function A(e, t) {
104
+ function b(e, t) {
105
105
  return e.name === t;
106
106
  }
107
107
  function T(e) {
108
108
  return parseInt(e.name.slice(4), 10);
109
109
  }
110
- function Y(e) {
110
+ function q(e) {
111
111
  switch (e) {
112
112
  case "ES256":
113
113
  return "P-256";
@@ -135,7 +135,7 @@ function Q(e, t, ...n) {
135
135
  case "HS256":
136
136
  case "HS384":
137
137
  case "HS512": {
138
- if (!A(e.algorithm, "HMAC"))
138
+ if (!b(e.algorithm, "HMAC"))
139
139
  throw p("HMAC");
140
140
  const r = parseInt(t.slice(2), 10);
141
141
  if (T(e.algorithm.hash) !== r)
@@ -145,7 +145,7 @@ function Q(e, t, ...n) {
145
145
  case "RS256":
146
146
  case "RS384":
147
147
  case "RS512": {
148
- if (!A(e.algorithm, "RSASSA-PKCS1-v1_5"))
148
+ if (!b(e.algorithm, "RSASSA-PKCS1-v1_5"))
149
149
  throw p("RSASSA-PKCS1-v1_5");
150
150
  const r = parseInt(t.slice(2), 10);
151
151
  if (T(e.algorithm.hash) !== r)
@@ -155,7 +155,7 @@ function Q(e, t, ...n) {
155
155
  case "PS256":
156
156
  case "PS384":
157
157
  case "PS512": {
158
- if (!A(e.algorithm, "RSA-PSS"))
158
+ if (!b(e.algorithm, "RSA-PSS"))
159
159
  throw p("RSA-PSS");
160
160
  const r = parseInt(t.slice(2), 10);
161
161
  if (T(e.algorithm.hash) !== r)
@@ -170,9 +170,9 @@ function Q(e, t, ...n) {
170
170
  case "ES256":
171
171
  case "ES384":
172
172
  case "ES512": {
173
- if (!A(e.algorithm, "ECDSA"))
173
+ if (!b(e.algorithm, "ECDSA"))
174
174
  throw p("ECDSA");
175
- const r = Y(t);
175
+ const r = q(t);
176
176
  if (e.algorithm.namedCurve !== r)
177
177
  throw p(r, "algorithm.namedCurve");
178
178
  break;
@@ -444,15 +444,15 @@ async function fe(e, t, n) {
444
444
  throw new d("JWS Payload must be a string or an Uint8Array instance");
445
445
  let l = !1;
446
446
  typeof t == "function" && (t = await t(r, e), l = !0), ae(c, t, "verify");
447
- const w = V(b.encode(e.protected ?? ""), b.encode("."), typeof e.payload == "string" ? b.encode(e.payload) : e.payload);
447
+ const E = V(A.encode(e.protected ?? ""), A.encode("."), typeof e.payload == "string" ? A.encode(e.payload) : e.payload);
448
448
  let f;
449
449
  try {
450
450
  f = C(e.signature);
451
451
  } catch {
452
452
  throw new d("Failed to base64url decode the signature");
453
453
  }
454
- if (!await ue(c, t, f, w))
455
- throw new q();
454
+ if (!await ue(c, t, f, E))
455
+ throw new Y();
456
456
  let m;
457
457
  if (a)
458
458
  try {
@@ -461,7 +461,7 @@ async function fe(e, t, n) {
461
461
  throw new d("Failed to base64url decode the payload");
462
462
  }
463
463
  else
464
- typeof e.payload == "string" ? m = b.encode(e.payload) : m = e.payload;
464
+ typeof e.payload == "string" ? m = A.encode(e.payload) : m = e.payload;
465
465
  const u = { payload: m };
466
466
  return e.protected !== void 0 && (u.protectedHeader = r), e.header !== void 0 && (u.unprotectedHeader = e.header), l ? { ...u, key: t } : u;
467
467
  }
@@ -474,7 +474,7 @@ async function he(e, t, n) {
474
474
  const c = await fe({ payload: o, protected: r, signature: i }, t, n), s = { payload: c.payload, protectedHeader: c.protectedHeader };
475
475
  return typeof t == "function" ? { ...s, key: c.key } : s;
476
476
  }
477
- const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24, pe = v * 7, me = v * 365.25, ye = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, W = (e) => {
477
+ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24, pe = v * 7, me = v * 365.25, ye = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, N = (e) => {
478
478
  const t = ye.exec(e);
479
479
  if (!t || t[4] && t[1])
480
480
  throw new TypeError("Invalid time period format");
@@ -517,7 +517,7 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
517
517
  break;
518
518
  }
519
519
  return t[1] === "-" || t[4] === "ago" ? -o : o;
520
- }, H = (e) => e.toLowerCase().replace(/^application\//, ""), Se = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, we = (e, t, n = {}) => {
520
+ }, W = (e) => e.toLowerCase().replace(/^application\//, ""), Se = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ee = (e, t, n = {}) => {
521
521
  let r;
522
522
  try {
523
523
  r = JSON.parse(g.decode(t));
@@ -526,11 +526,11 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
526
526
  if (!R(r))
527
527
  throw new k("JWT Claims Set must be a top-level JSON object");
528
528
  const { typ: o } = n;
529
- if (o && (typeof e.typ != "string" || H(e.typ) !== H(o)))
529
+ if (o && (typeof e.typ != "string" || W(e.typ) !== W(o)))
530
530
  throw new h('unexpected "typ" JWT header value', r, "typ", "check_failed");
531
- const { requiredClaims: i = [], issuer: a, subject: c, audience: s, maxTokenAge: l } = n, w = [...i];
532
- l !== void 0 && w.push("iat"), s !== void 0 && w.push("aud"), c !== void 0 && w.push("sub"), a !== void 0 && w.push("iss");
533
- for (const u of new Set(w.reverse()))
531
+ const { requiredClaims: i = [], issuer: a, subject: c, audience: s, maxTokenAge: l } = n, E = [...i];
532
+ l !== void 0 && E.push("iat"), s !== void 0 && E.push("aud"), c !== void 0 && E.push("sub"), a !== void 0 && E.push("iss");
533
+ for (const u of new Set(E.reverse()))
534
534
  if (!(u in r))
535
535
  throw new h(`missing required "${u}" claim`, r, u, "missing");
536
536
  if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
@@ -542,7 +542,7 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
542
542
  let f;
543
543
  switch (typeof n.clockTolerance) {
544
544
  case "string":
545
- f = W(n.clockTolerance);
545
+ f = N(n.clockTolerance);
546
546
  break;
547
547
  case "number":
548
548
  f = n.clockTolerance;
@@ -569,7 +569,7 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
569
569
  throw new O('"exp" claim timestamp check failed', r, "exp", "check_failed");
570
570
  }
571
571
  if (l) {
572
- const u = m - r.iat, I = typeof l == "number" ? l : W(l);
572
+ const u = m - r.iat, I = typeof l == "number" ? l : N(l);
573
573
  if (u - f > I)
574
574
  throw new O('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
575
575
  if (u < 0 - f)
@@ -577,26 +577,27 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
577
577
  }
578
578
  return r;
579
579
  };
580
- async function Ee(e, t, n) {
580
+ async function we(e, t, n) {
581
581
  var a;
582
582
  const r = await he(e, t, n);
583
583
  if ((a = r.protectedHeader.crit) != null && a.includes("b64") && r.protectedHeader.b64 === !1)
584
584
  throw new k("JWTs MUST NOT use unencoded payload");
585
- const i = { payload: we(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
585
+ const i = { payload: Ee(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
586
586
  return typeof t == "function" ? { ...i, key: r.key } : i;
587
587
  }
588
- const Ae = {
588
+ const be = {
589
589
  ID_TOKEN: "id_token",
590
590
  ACCESS_TOKEN: "token",
591
591
  ID_AND_ACCESS_TOKEN: "id_token token"
592
592
  }, ge = {
593
593
  CLIENT_ID: "X-Auth-ClientId"
594
- }, N = {
594
+ }, H = {
595
595
  ALG: "RS256",
596
596
  USER_ID_KEY: "_id",
597
597
  TOKEN_ID_KEY: "__raw",
598
+ NONCE_KEY: "_nonce",
598
599
  ISSUER: "gizmette.com"
599
- }, be = `-----BEGIN PUBLIC KEY-----
600
+ }, Ae = `-----BEGIN PUBLIC KEY-----
600
601
  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
601
602
  w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
602
603
  i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -604,11 +605,14 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
604
605
  l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
605
606
  sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
606
607
  awIDAQAB
607
- -----END PUBLIC KEY-----`, _e = async (e, t) => {
608
+ -----END PUBLIC KEY-----`, _e = {
609
+ ACCESS: "5m",
610
+ ID: "90d"
611
+ }, Ie = async (e, t) => {
608
612
  try {
609
- const n = N.ALG, o = await re(be, n);
610
- return await Ee(e, o, {
611
- issuer: N.ISSUER,
613
+ const n = H.ALG, o = await re(Ae, n);
614
+ return await we(e, o, {
615
+ issuer: H.ISSUER,
612
616
  audience: t
613
617
  });
614
618
  } catch {
@@ -616,9 +620,10 @@ awIDAQAB
616
620
  }
617
621
  };
618
622
  export {
619
- Ae as AUTH_TYPES,
623
+ be as AUTH_TYPES,
620
624
  ge as HEADERS,
621
- N as JWT,
622
- be as JWT_PUBLIC_KEY,
623
- _e as verifyAndExtractToken
625
+ H as JWT,
626
+ Ae as JWT_PUBLIC_KEY,
627
+ _e as TOKEN_EXPIRATION,
628
+ Ie as verifyAndExtractToken
624
629
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@versini/auth-common",
3
- "version": "2.4.0",
3
+ "version": "2.6.0",
4
4
  "license": "MIT",
5
5
  "author": "Arno Versini",
6
6
  "publishConfig": {
@@ -32,5 +32,5 @@
32
32
  "dependencies": {
33
33
  "jose": "5.4.1"
34
34
  },
35
- "gitHead": "86fb8a035b0df8272887b158f678c408f7be3940"
35
+ "gitHead": "c88e96be92c0d2dcf576d1c71a4971025178ac79"
36
36
  }