@villedemontreal/jwt-validator 5.8.0 → 5.9.0

package/README.md

@@ -155,6 +155,30 @@ let jwt: string = '...';
 let jwtPayload: IJWTPayload = await jwtValidator.verifyToken(jwt);
 ```
 
+### Token transformation middleware
+
+When working locally, you do not have all the infrastructure required to simulate the translation between an access token and a JWT (ex: Kong).
+
+Prior to usage of the `jwtValidationMiddleware`, you can use the `token transformation middleware` which do an API call to exchange your access token for an extended jwt and update the authorization header.
+
+```typescript
+export async function createApp(apiRoutes: IHandlerRoute[]): Promise<express.Express> {
+  // ...
+
+  if (configs.security.jwt.enable) {
+    if (configs.environment.isLocal) {
+      // Required prior to the jwtValidationMiddleware
+      app.use(tokenTransformationMiddleware(config));
+    }
+
+    // ...
+    app.use(jwtValidationMiddleware())
+  }
+
+  // ...
+}
+```
+
 ## Usage For Tests
 
 This library provides a mock tool to generate your own JWT with a signature which it will be correcly validated.

package/dist/src/config/tokenTransformationMiddlewareConfig.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Configuration for the token transformation
+ * middleware (UTTM).
+ */
+export interface ITokenTtransformationMiddlewareConfig {
+    service: ITokenTtransformationMiddlewareServiceConfig;
+    extensions: {
+        jwt: {
+            customDataProvider: ITokenTtransformationMiddlewareCustomDataProviderConfig;
+        };
+    };
+}
+/**
+ * Configuration specific for the token transformation service.
+ */
+export interface ITokenTtransformationMiddlewareServiceConfig {
+    uri: string;
+}
+/**
+ * Configuration specific for the custom data provider.
+ */
+export interface ITokenTtransformationMiddlewareCustomDataProviderConfig {
+    uri: string;
+    method: string;
+    options: any;
+}

package/dist/src/config/tokenTransformationMiddlewareConfig.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=tokenTransformationMiddlewareConfig.js.map

package/dist/src/config/tokenTransformationMiddlewareConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenTransformationMiddlewareConfig.js","sourceRoot":"","sources":["../../../src/config/tokenTransformationMiddlewareConfig.ts"],"names":[],"mappings":""}

package/dist/src/index.d.ts

@@ -2,6 +2,7 @@ export * from './config/constants';
 export * from './config/init';
 export * from './jwtValidator';
 export * from './middleware/jwtMiddleware';
+export * from './middleware/tokenTransformationMiddleware';
 export * from './models/expressRequest';
 export * from './models/gluuUserType';
 export * from './models/jwtPayload';

package/dist/src/index.js

@@ -23,6 +23,7 @@ __exportStar(require("./config/constants"), exports);
 __exportStar(require("./config/init"), exports);
 __exportStar(require("./jwtValidator"), exports);
 __exportStar(require("./middleware/jwtMiddleware"), exports);
+__exportStar(require("./middleware/tokenTransformationMiddleware"), exports);
 __exportStar(require("./models/expressRequest"), exports);
 __exportStar(require("./models/gluuUserType"), exports);
 __exportStar(require("./models/jwtPayload"), exports);

package/dist/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,6CAA6C;AAC7C,gDAAgD;AAChD,6CAA6C;AAC7C,qCAAqC;AACrC,6CAA6C;AAC7C,gDAA8B;AAC9B,iDAA+B;AAC/B,6DAA2C;AAC3C,0DAAwC;AACxC,wDAAsC;AACtC,sDAAoC;AACpC,qDAAmC;AACnC,kDAAgC;AAChC,kDAAgC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,6CAA6C;AAC7C,gDAAgD;AAChD,6CAA6C;AAC7C,qCAAqC;AACrC,6CAA6C;AAC7C,gDAA8B;AAC9B,iDAA+B;AAC/B,6DAA2C;AAC3C,6EAA2D;AAC3D,0DAAwC;AACxC,wDAAsC;AACtC,sDAAoC;AACpC,qDAAmC;AACnC,kDAAgC;AAChC,kDAAgC"}

package/dist/src/middleware/jwtMiddleware.d.ts

@@ -4,4 +4,4 @@ import * as express from 'express';
  *
  * @param {boolean} mandatoryValidation Defines if the JWT is mandatory. Defaults to true.
  */
-export declare const jwtValidationMiddleware: (mandatoryValidation?: boolean) => (req: express.Request, res: express.Response, next: express.NextFunction) => void;
+export declare const jwtValidationMiddleware: (mandatoryValidation?: boolean) => (req: express.Request, res: express.Response, next: express.NextFunction) => Promise<void>;

package/dist/src/middleware/jwtMiddleware.js

@@ -2,36 +2,33 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.jwtValidationMiddleware = void 0;
 const http_header_fields_typed_1 = require("http-header-fields-typed");
-const constants_1 = require("../config/constants");
 const jwtValidator_1 = require("../jwtValidator");
 /**
  * JWT validation Middleware
  *
  * @param {boolean} mandatoryValidation Defines if the JWT is mandatory. Defaults to true.
  */
-const jwtValidationMiddleware = (mandatoryValidation = true) => {
-    return (req, res, next) => {
-        try {
-            const authHeader = req.get(http_header_fields_typed_1.default.AUTHORIZATION);
-            if (mandatoryValidation || authHeader) {
-                jwtValidator_1.jwtValidator
-                    .verifyAuthorizationHeader(authHeader)
-                    .then((jwt) => {
-                    req[constants_1.constants.requestExtraVariables.JWT] = jwt;
-                    next();
-                })
-                    .catch((err) => {
-                    next(err);
-                });
-            }
-            else {
+const jwtValidationMiddleware = (mandatoryValidation = true) => async (req, res, next) => {
+    try {
+        const authHeader = req.get(http_header_fields_typed_1.default.AUTHORIZATION);
+        if (mandatoryValidation || authHeader) {
+            return jwtValidator_1.jwtValidator
+                .verifyAuthorizationHeader(authHeader)
+                .then((jwt) => {
+                req.jwt = jwt;
                 next();
-            }
+            })
+                .catch((err) => {
+                next(err);
+            });
         }
-        catch (err) {
-            next(err);
+        else {
+            next();
         }
-    };
+    }
+    catch (err) {
+        next(err);
+    }
 };
 exports.jwtValidationMiddleware = jwtValidationMiddleware;
 //# sourceMappingURL=jwtMiddleware.js.map

package/dist/src/middleware/jwtMiddleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwtMiddleware.js","sourceRoot":"","sources":["../../../src/middleware/jwtMiddleware.ts"],"names":[],"mappings":";;;AACA,uEAA6D;AAC7D,mDAAgD;AAChD,kDAA+C;AAE/C;;;;GAIG;AACI,MAAM,uBAAuB,GAEqD,CACvF,mBAAmB,GAAG,IAAI,EAC1B,EAAE;IACF,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,IAA0B,EAAQ,EAAE;QACvF,IAAI;YACF,MAAM,UAAU,GAAW,GAAG,CAAC,GAAG,CAAC,kCAAqB,CAAC,aAAa,CAAC,CAAC;YACxE,IAAI,mBAAmB,IAAI,UAAU,EAAE;gBACrC,2BAAY;qBACT,yBAAyB,CAAC,UAAU,CAAC;qBACrC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;oBACX,GAAW,CAAC,qBAAS,CAAC,qBAAqB,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;oBACxD,IAAI,EAAE,CAAC;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,IAAI,CAAC,GAAG,CAAC,CAAC;gBACZ,CAAC,CAAC,CAAC;aACN;iBAAM;gBACL,IAAI,EAAE,CAAC;aACR;SACF;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,GAAG,CAAC,CAAC;SACX;IACH,CAAC,CAAC;AACJ,CAAC,CAAC;AAzBW,QAAA,uBAAuB,2BAyBlC"}
+{"version":3,"file":"jwtMiddleware.js","sourceRoot":"","sources":["../../../src/middleware/jwtMiddleware.ts"],"names":[],"mappings":";;;AACA,uEAA6D;AAC7D,kDAA+C;AAG/C;;;;GAIG;AACI,MAAM,uBAAuB,GAClC,CAAC,mBAAmB,GAAG,IAAI,EAAE,EAAE,CAC/B,KAAK,EACH,GAAoB,EACpB,GAAqB,EACrB,IAA0B,EACX,EAAE;IACjB,IAAI;QACF,MAAM,UAAU,GAAW,GAAG,CAAC,GAAG,CAAC,kCAAqB,CAAC,aAAa,CAAC,CAAC;QACxE,IAAI,mBAAmB,IAAI,UAAU,EAAE;YACrC,OAAO,2BAAY;iBAChB,yBAAyB,CAAC,UAAU,CAAC;iBACrC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;gBACX,GAAuB,CAAC,GAAG,GAAG,GAAG,CAAC;gBACnC,IAAI,EAAE,CAAC;YACT,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC,CAAC,CAAC;SACN;aAAM;YACL,IAAI,EAAE,CAAC;SACR;KACF;IAAC,OAAO,GAAG,EAAE;QACZ,IAAI,CAAC,GAAG,CAAC,CAAC;KACX;AACH,CAAC,CAAC;AAzBS,QAAA,uBAAuB,2BAyBhC"}

package/dist/src/middleware/jwtMiddleware.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/middleware/jwtMiddleware.test.js

@@ -0,0 +1,112 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const chai = require("chai");
+const chai_1 = require("chai");
+const chaiAsPromised = require("chai-as-promised");
+const node_mocks_http_1 = require("node-mocks-http");
+const sinon_1 = require("sinon");
+const jwtValidator_1 = require("../jwtValidator");
+const jwtMiddleware_1 = require("./jwtMiddleware");
+chai.use(chaiAsPromised);
+describe('#jwtValidationMiddleware', () => {
+    let middleware;
+    let nextFunction = (0, sinon_1.spy)();
+    let verifyMethod;
+    let jwt;
+    let authorizationHeader;
+    let request;
+    let response;
+    before(() => {
+        nextFunction = (0, sinon_1.spy)();
+        jwt = {
+            sub: '1234567890',
+            name: 'Peter Neighbor',
+            iat: 1694264949,
+        };
+        authorizationHeader = `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlBldGVyIE5laWdoYm9yIiwiaWF0IjoxNjk0MjY0OTQ5fQ.ncai230HG-KbDL2ximBZz29Smt-yOFBgZYrJTmQreqA`;
+    });
+    beforeEach(() => {
+        nextFunction.resetHistory();
+        request = (0, node_mocks_http_1.createRequest)({
+            method: 'GET',
+            url: '/',
+            headers: { Authorization: authorizationHeader },
+        });
+        response = {};
+    });
+    afterEach(() => {
+        verifyMethod?.restore();
+    });
+    const DELAY = 50;
+    it('should invoke #verifyAuthorizationHeader with authorization header', async function () {
+        // Cf. https://mochajs.org/api/mocha#slow
+        this.slow(2 * DELAY + 10 /* budgeted test duration */);
+        // GIVEN
+        middleware = (0, jwtMiddleware_1.jwtValidationMiddleware)();
+        request = (0, node_mocks_http_1.createRequest)({
+            method: 'GET',
+            url: '/',
+            headers: { Authorization: authorizationHeader },
+        });
+        verifyMethod = (0, sinon_1.stub)(jwtValidator_1.jwtValidator, 'verifyAuthorizationHeader').returns(delay(DELAY).then(() => jwt));
+        // WHEN
+        await middleware(request, response, nextFunction);
+        // THEN
+        (0, chai_1.expect)(verifyMethod.callCount).to.equal(1);
+        (0, chai_1.expect)(verifyMethod.args[0]).to.deep.equal([authorizationHeader]);
+        (0, chai_1.expect)(nextFunction.callCount).to.equal(1);
+        (0, chai_1.expect)(nextFunction.args[0]).to.deep.equal([]);
+        (0, chai_1.expect)(request.jwt).to.equal(jwt);
+    });
+    it('should *NOT* invoke #verifyAuthorizationHeader *WITHOUT* authorization header and "mandatory" trigger being *OFF*', async () => {
+        // GIVEN
+        middleware = (0, jwtMiddleware_1.jwtValidationMiddleware)(false);
+        request.headers = {}; // ∅
+        verifyMethod = (0, sinon_1.stub)(jwtValidator_1.jwtValidator, 'verifyAuthorizationHeader').returns(delay(50).then(() => jwt));
+        // WHEN
+        await middleware(request, response, nextFunction);
+        // THEN
+        (0, chai_1.expect)(verifyMethod.callCount).to.equal(0);
+        (0, chai_1.expect)(nextFunction.callCount).to.equal(1);
+        (0, chai_1.expect)(nextFunction.args[0]).to.deep.equal([]);
+        (0, chai_1.expect)(request.jwt).to.be.undefined;
+    });
+    it('should fail synchronously if #verifyAuthorizationHeader does so', async () => {
+        // GIVEN
+        middleware = (0, jwtMiddleware_1.jwtValidationMiddleware)();
+        const error = new Error('💣');
+        verifyMethod = (0, sinon_1.stub)(jwtValidator_1.jwtValidator, 'verifyAuthorizationHeader').throws(error);
+        // WHEN
+        const operation = () => middleware(request, response, nextFunction);
+        // THEN
+        (0, chai_1.expect)(operation).not.to.throw();
+        (0, chai_1.expect)(verifyMethod.callCount).to.equal(1);
+        (0, chai_1.expect)(verifyMethod.args[0]).to.deep.equal([authorizationHeader]);
+        (0, chai_1.expect)(nextFunction.callCount).to.equal(1);
+        (0, chai_1.expect)(nextFunction.args[0]).to.deep.equal([error]);
+        (0, chai_1.expect)(request.jwt).to.be.undefined;
+    });
+    it('should fail *ASYNCHRONOUSLY* if #verifyAuthorizationHeader does so', async () => {
+        // GIVEN
+        middleware = (0, jwtMiddleware_1.jwtValidationMiddleware)();
+        const error = new Error('💣');
+        verifyMethod = (0, sinon_1.stub)(jwtValidator_1.jwtValidator, 'verifyAuthorizationHeader').returns(delay(50).then(() => {
+            throw error;
+        }));
+        // WHEN
+        const promise = middleware(request, response, nextFunction);
+        // THEN
+        await (0, chai_1.expect)(promise).not.to.be.eventually.rejected;
+        (0, chai_1.expect)(verifyMethod.callCount).to.equal(1);
+        (0, chai_1.expect)(verifyMethod.args[0]).to.deep.equal([authorizationHeader]);
+        (0, chai_1.expect)(nextFunction.callCount).to.equal(1);
+        (0, chai_1.expect)(nextFunction.args[0]).to.deep.equal([error]);
+        (0, chai_1.expect)(request.jwt).to.be.undefined;
+    });
+});
+async function delay(duration) {
+    return new Promise((resolve, reject) => {
+        setTimeout(resolve, duration);
+    });
+}
+//# sourceMappingURL=jwtMiddleware.test.js.map

package/dist/src/middleware/jwtMiddleware.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwtMiddleware.test.js","sourceRoot":"","sources":["../../../src/middleware/jwtMiddleware.test.ts"],"names":[],"mappings":";;AAAA,6BAA6B;AAC7B,+BAA8B;AAC9B,mDAAmD;AAEnD,qDAAqE;AACrE,iCAAuD;AACvD,kDAA+C;AAG/C,mDAA0D;AAE1D,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AAEzB,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,IAAI,UAAsD,CAAC;IAC3D,IAAI,YAAY,GAAa,IAAA,WAAG,GAAE,CAAC;IACnC,IAAI,YAAuB,CAAC;IAC5B,IAAI,GAAgB,CAAC;IACrB,IAAI,mBAA2B,CAAC;IAChC,IAAI,OAAgB,CAAC;IACrB,IAAI,QAAkB,CAAC;IAEvB,MAAM,CAAC,GAAG,EAAE;QACV,YAAY,GAAG,IAAA,WAAG,GAAE,CAAC;QACrB,GAAG,GAAG;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,gBAAgB;YACtB,GAAG,EAAE,UAAU;SACD,CAAC;QACjB,mBAAmB,GAAG,4KAA4K,CAAC;IACrM,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,GAAG,EAAE;QACd,YAAY,CAAC,YAAY,EAAE,CAAC;QAC5B,OAAO,GAAG,IAAA,+BAAiB,EAAC;YAC1B,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,GAAG;YACR,OAAO,EAAE,EAAE,aAAa,EAAE,mBAAmB,EAAE;SAChD,CAAC,CAAC;QACH,QAAQ,GAAG,EAAc,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,YAAY,EAAE,OAAO,EAAE,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,EAAE,CAAC;IAEjB,EAAE,CAAC,oEAAoE,EAAE,KAAK;QAC5E,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC,4BAA4B,CAAC,CAAC;QAEvD,QAAQ;QACR,UAAU,GAAG,IAAA,uCAAuB,GAAE,CAAC;QACvC,OAAO,GAAG,IAAA,+BAAiB,EAAC;YAC1B,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,GAAG;YACR,OAAO,EAAE,EAAE,aAAa,EAAE,mBAAmB,EAAE;SAChD,CAAC,CAAC;QACH,YAAY,GAAG,IAAA,YAAI,EAAC,2BAAY,EAAE,2BAA2B,CAAC,CAAC,OAAO,CACpE,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAC7B,CAAC;QAEF,OAAO;QACP,MAAM,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAElD,OAAO;QACP,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAClE,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC/C,IAAA,aAAM,EAAE,OAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mHAAmH,EAAE,KAAK,IAAI,EAAE;QACjI,QAAQ;QACR,UAAU,GAAG,IAAA,uCAAuB,EAAC,KAAK,CAAC,CAAC;QAC5C,OAAO,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,IAAI;QAC1B,YAAY,GAAG,IAAA,YAAI,EAAC,2BAAY,EAAE,2BAA2B,CAAC,CAAC,OAAO,CACpE,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAC1B,CAAC;QAEF,OAAO;QACP,MAAM,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAElD,OAAO;QACP,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC/C,IAAA,aAAM,EAAE,OAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,QAAQ;QACR,UAAU,GAAG,IAAA,uCAAuB,GAAE,CAAC;QACvC,MAAM,KAAK,GAAU,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,YAAY,GAAG,IAAA,YAAI,EAAC,2BAAY,EAAE,2BAA2B,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE7E,OAAO;QACP,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEpE,OAAO;QACP,IAAA,aAAM,EAAC,SAAS,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAClE,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,IAAA,aAAM,EAAE,OAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,QAAQ;QACR,UAAU,GAAG,IAAA,uCAAuB,GAAE,CAAC;QACvC,MAAM,KAAK,GAAU,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,YAAY,GAAG,IAAA,YAAI,EAAC,2BAAY,EAAE,2BAA2B,CAAC,CAAC,OAAO,CACpE,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;YAClB,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CACH,CAAC;QAEF,OAAO;QACP,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAE5D,OAAO;QACP,MAAM,IAAA,aAAM,EAAC,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QACpD,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAClE,IAAA,aAAM,EAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,aAAM,EAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,IAAA,aAAM,EAAE,OAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC;IAC3D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,KAAK,CAAC,QAAgB;IACnC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/src/middleware/tokenTransformationMiddleware.d.ts

@@ -0,0 +1,9 @@
+import * as express from 'express';
+import { ITokenTtransformationMiddlewareConfig } from '../config/tokenTransformationMiddlewareConfig';
+/**
+ * Token transformation Middleware. It will generate extended jwt
+ * in exchange for an access token.
+ *
+ * @param {boolean} config Configuration of the middleware.
+ */
+export declare const tokenTransformationMiddleware: (config?: ITokenTtransformationMiddlewareConfig) => (req: express.Request, res: express.Response, next: express.NextFunction) => void;

package/dist/src/middleware/tokenTransformationMiddleware.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tokenTransformationMiddleware = void 0;
+const general_utils_1 = require("@villedemontreal/general-utils");
+const http_header_fields_typed_1 = require("http-header-fields-typed");
+const constants_1 = require("../config/constants");
+const customError_1 = require("../models/customError");
+const logger_1 = require("../utils/logger");
+const superagent = require("superagent");
+const _regexAccessToken = /([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})/;
+const logger = (0, logger_1.createLogger)('Token transformation middleware');
+/**
+ * Token transformation Middleware. It will generate extended jwt
+ * in exchange for an access token.
+ *
+ * @param {boolean} config Configuration of the middleware.
+ */
+const tokenTransformationMiddleware = (config) => {
+    return (req, res, next) => {
+        try {
+            // Validate the authorization header
+            const authHeader = req.get(http_header_fields_typed_1.default.AUTHORIZATION);
+            if (general_utils_1.utils.isBlank(authHeader)) {
+                throw (0, customError_1.createInvalidAuthHeaderError)({
+                    code: constants_1.constants.errors.codes.INVALID_VALUE,
+                    target: 'authorization_header',
+                    message: 'authorization header is empty',
+                });
+            }
+            // Extract the access token value from the authorization header
+            const accessTokenRegExpArray = _regexAccessToken.exec(authHeader);
+            if (accessTokenRegExpArray.length <= 1) {
+                throw (0, customError_1.createInvalidAuthHeaderError)({
+                    code: constants_1.constants.errors.codes.INVALID_VALUE,
+                    target: 'access_token',
+                    message: 'could not find a valid access token from the authorization header',
+                });
+            }
+            const accessToken = accessTokenRegExpArray[1];
+            // Call the service endpoint to exchange the access token for a extended jwt
+            superagent
+                .post(config.service.uri)
+                .send({ accessToken, extensions: config.extensions })
+                .then((response) => {
+                const extendedJwt = response.body.jwts?.extended;
+                logger.debug(extendedJwt, 'Extended jwt content.');
+                const basicJwt = response.body.jwts?.basic;
+                logger.debug(basicJwt, 'Basic jwt content.');
+                // Get the extended jwt. If not available, fallback to basic jwt.
+                const jwt = extendedJwt ?? basicJwt;
+                if (jwt) {
+                    // Warning: Headers are all in lowercase. To be sure to replace
+                    // the authorization header instead of duplicate it, must use lower case property name.
+                    req.headers[http_header_fields_typed_1.default.AUTHORIZATION.toLowerCase()] = `Bearer ${jwt}`;
+                    logger.debug(req.headers, 'Request headers');
+                    next();
+                }
+                else {
+                    const err = (0, customError_1.createInvalidJwtError)({
+                        code: constants_1.constants.errors.codes.NULL_VALUE,
+                        target: 'jwt',
+                        message: 'could not get a valid jwt from token translation service',
+                    });
+                    next(err);
+                }
+            })
+                .catch((err) => next(err));
+        }
+        catch (err) {
+            next(err);
+        }
+    };
+};
+exports.tokenTransformationMiddleware = tokenTransformationMiddleware;
+//# sourceMappingURL=tokenTransformationMiddleware.js.map

package/dist/src/middleware/tokenTransformationMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenTransformationMiddleware.js","sourceRoot":"","sources":["../../../src/middleware/tokenTransformationMiddleware.ts"],"names":[],"mappings":";;;AAAA,kEAAuD;AAEvD,uEAA6D;AAC7D,mDAAgD;AAEhD,uDAA4F;AAC5F,4CAA+C;AAC/C,yCAA0C;AAE1C,MAAM,iBAAiB,GAAG,gEAAgE,CAAC;AAE3F,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,iCAAiC,CAAC,CAAC;AAE/D;;;;;GAKG;AACI,MAAM,6BAA6B,GAE+C,CACvF,MAAM,EACN,EAAE;IACF,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,IAA0B,EAAQ,EAAE;QACvF,IAAI;YACF,oCAAoC;YACpC,MAAM,UAAU,GAAW,GAAG,CAAC,GAAG,CAAC,kCAAqB,CAAC,aAAa,CAAC,CAAC;YACxE,IAAI,qBAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;gBAC7B,MAAM,IAAA,0CAA4B,EAAC;oBACjC,IAAI,EAAE,qBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa;oBAC1C,MAAM,EAAE,sBAAsB;oBAC9B,OAAO,EAAE,+BAA+B;iBACzC,CAAC,CAAC;aACJ;YAED,+DAA+D;YAC/D,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClE,IAAI,sBAAsB,CAAC,MAAM,IAAI,CAAC,EAAE;gBACtC,MAAM,IAAA,0CAA4B,EAAC;oBACjC,IAAI,EAAE,qBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa;oBAC1C,MAAM,EAAE,cAAc;oBACtB,OAAO,EAAE,mEAAmE;iBAC7E,CAAC,CAAC;aACJ;YACD,MAAM,WAAW,GAAG,sBAAsB,CAAC,CAAC,CAAC,CAAC;YAE9C,4EAA4E;YAC5E,UAAU;iBACP,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC;iBACxB,IAAI,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;iBACpD,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;gBACjB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;gBACjD,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,uBAAuB,CAAC,CAAC;gBAEnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;gBAC3C,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;gBAE7C,iEAAiE;gBACjE,MAAM,GAAG,GAAG,WAAW,IAAI,QAAQ,CAAC;gBAEpC,IAAI,GAAG,EAAE;oBACP,+DAA+D;oBAC/D,uFAAuF;oBACvF,GAAG,CAAC,OAAO,CAAC,kCAAqB,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,GAAG,UAAU,GAAG,EAAE,CAAC;oBACjF,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;oBAC7C,IAAI,EAAE,CAAC;iBACR;qBAAM;oBACL,MAAM,GAAG,GAAG,IAAA,mCAAqB,EAAC;wBAChC,IAAI,EAAE,qBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU;wBACvC,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE,0DAA0D;qBACpE,CAAC,CAAC;oBACH,IAAI,CAAC,GAAG,CAAC,CAAC;iBACX;YACH,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;SAC9B;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,GAAG,CAAC,CAAC;SACX;IACH,CAAC,CAAC;AACJ,CAAC,CAAC;AA9DW,QAAA,6BAA6B,iCA8DxC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@villedemontreal/jwt-validator",
-  "version": "5.8.0",
+  "version": "5.9.0",
   "description": "Module to validate JWT (JSON Web Tokens)",
   "main": "dist/src/index.js",
   "typings": "dist/src",
@@ -47,23 +47,25 @@
   },
   "devDependencies": {
     "@types/app-root-path": "1.2.4",
+    "@types/chai": "4.3.4",
+    "@types/chai-as-promised": "^7.1.6",
     "@types/express": "4.17.17",
+    "@types/fs-extra": "11.0.1",
     "@types/http-status-codes": "1.2.0",
     "@types/jsonwebtoken": "9.0.1",
     "@types/lodash": "4.14.192",
+    "@types/mocha": "10.0.1",
     "@types/node": "18.15.11",
     "@types/request": "2.48.8",
     "@types/request-promise-native": "1.0.18",
-    "@types/superagent": "4.1.16",
-    "@types/chai": "4.3.4",
-    "@types/fs-extra": "11.0.1",
-    "@types/mocha": "10.0.1",
     "@types/sinon": "10.0.13",
+    "@types/superagent": "4.1.16",
     "@types/validator": "13.7.14",
     "@typescript-eslint/eslint-plugin": "5.57.1",
     "@typescript-eslint/parser": "5.57.1",
     "@villedemontreal/scripting": "2.1.6",
     "chai": "4.3.7",
+    "chai-as-promised": "^7.1.1",
     "eslint": "8.38.0",
     "eslint-config-prettier": "8.8.0",
     "eslint-plugin-prettier": "4.2.1",
@@ -75,7 +77,6 @@
     "node-notifier": "10.0.1",
     "nyc": "15.1.0",
     "sinon": "15.0.3",
-    "superagent-mocker": "0.5.2",
     "typescript": "5.0.4",
     "validator": "13.9.0"
   }

package/src/config/tokenTransformationMiddlewareConfig.ts

@@ -0,0 +1,28 @@
+/**
+ * Configuration for the token transformation
+ * middleware (UTTM).
+ */
+export interface ITokenTtransformationMiddlewareConfig {
+  service: ITokenTtransformationMiddlewareServiceConfig;
+  extensions: {
+    jwt: {
+      customDataProvider: ITokenTtransformationMiddlewareCustomDataProviderConfig;
+    };
+  };
+}
+
+/**
+ * Configuration specific for the token transformation service.
+ */
+export interface ITokenTtransformationMiddlewareServiceConfig {
+  uri: string;
+}
+
+/**
+ * Configuration specific for the custom data provider.
+ */
+export interface ITokenTtransformationMiddlewareCustomDataProviderConfig {
+  uri: string;
+  method: string;
+  options: any;
+}

package/src/index.ts

@@ -7,6 +7,7 @@ export * from './config/constants';
 export * from './config/init';
 export * from './jwtValidator';
 export * from './middleware/jwtMiddleware';
+export * from './middleware/tokenTransformationMiddleware';
 export * from './models/expressRequest';
 export * from './models/gluuUserType';
 export * from './models/jwtPayload';

package/src/middleware/jwtMiddleware.test.ts

@@ -0,0 +1,138 @@
+import * as chai from 'chai';
+import { expect } from 'chai';
+import * as chaiAsPromised from 'chai-as-promised';
+import { Request, Response } from 'express';
+import { createRequest as createRequestMock } from 'node-mocks-http';
+import { SinonSpy, SinonStub, spy, stub } from 'sinon';
+import { jwtValidator } from '../jwtValidator';
+import { IRequestWithJwt } from '../models/expressRequest';
+import { IJWTPayload } from '../models/jwtPayload';
+import { jwtValidationMiddleware } from './jwtMiddleware';
+
+chai.use(chaiAsPromised);
+
+describe('#jwtValidationMiddleware', () => {
+  let middleware: ReturnType<typeof jwtValidationMiddleware>;
+  let nextFunction: SinonSpy = spy();
+  let verifyMethod: SinonStub;
+  let jwt: IJWTPayload;
+  let authorizationHeader: string;
+  let request: Request;
+  let response: Response;
+
+  before(() => {
+    nextFunction = spy();
+    jwt = {
+      sub: '1234567890',
+      name: 'Peter Neighbor',
+      iat: 1694264949,
+    } as IJWTPayload;
+    authorizationHeader = `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlBldGVyIE5laWdoYm9yIiwiaWF0IjoxNjk0MjY0OTQ5fQ.ncai230HG-KbDL2ximBZz29Smt-yOFBgZYrJTmQreqA`;
+  });
+
+  beforeEach(() => {
+    nextFunction.resetHistory();
+    request = createRequestMock({
+      method: 'GET',
+      url: '/',
+      headers: { Authorization: authorizationHeader },
+    });
+    response = {} as Response;
+  });
+
+  afterEach(() => {
+    verifyMethod?.restore();
+  });
+
+  const DELAY = 50;
+
+  it('should invoke #verifyAuthorizationHeader with authorization header', async function () {
+    // Cf. https://mochajs.org/api/mocha#slow
+    this.slow(2 * DELAY + 10 /* budgeted test duration */);
+
+    // GIVEN
+    middleware = jwtValidationMiddleware();
+    request = createRequestMock({
+      method: 'GET',
+      url: '/',
+      headers: { Authorization: authorizationHeader },
+    });
+    verifyMethod = stub(jwtValidator, 'verifyAuthorizationHeader').returns(
+      delay(DELAY).then(() => jwt)
+    );
+
+    // WHEN
+    await middleware(request, response, nextFunction);
+
+    // THEN
+    expect(verifyMethod.callCount).to.equal(1);
+    expect(verifyMethod.args[0]).to.deep.equal([authorizationHeader]);
+    expect(nextFunction.callCount).to.equal(1);
+    expect(nextFunction.args[0]).to.deep.equal([]);
+    expect((request as IRequestWithJwt).jwt).to.equal(jwt);
+  });
+
+  it('should *NOT* invoke #verifyAuthorizationHeader *WITHOUT* authorization header and "mandatory" trigger being *OFF*', async () => {
+    // GIVEN
+    middleware = jwtValidationMiddleware(false);
+    request.headers = {}; // ∅
+    verifyMethod = stub(jwtValidator, 'verifyAuthorizationHeader').returns(
+      delay(50).then(() => jwt)
+    );
+
+    // WHEN
+    await middleware(request, response, nextFunction);
+
+    // THEN
+    expect(verifyMethod.callCount).to.equal(0);
+    expect(nextFunction.callCount).to.equal(1);
+    expect(nextFunction.args[0]).to.deep.equal([]);
+    expect((request as IRequestWithJwt).jwt).to.be.undefined;
+  });
+
+  it('should fail synchronously if #verifyAuthorizationHeader does so', async () => {
+    // GIVEN
+    middleware = jwtValidationMiddleware();
+    const error: Error = new Error('💣');
+    verifyMethod = stub(jwtValidator, 'verifyAuthorizationHeader').throws(error);
+
+    // WHEN
+    const operation = () => middleware(request, response, nextFunction);
+
+    // THEN
+    expect(operation).not.to.throw();
+    expect(verifyMethod.callCount).to.equal(1);
+    expect(verifyMethod.args[0]).to.deep.equal([authorizationHeader]);
+    expect(nextFunction.callCount).to.equal(1);
+    expect(nextFunction.args[0]).to.deep.equal([error]);
+    expect((request as IRequestWithJwt).jwt).to.be.undefined;
+  });
+
+  it('should fail *ASYNCHRONOUSLY* if #verifyAuthorizationHeader does so', async () => {
+    // GIVEN
+    middleware = jwtValidationMiddleware();
+    const error: Error = new Error('💣');
+    verifyMethod = stub(jwtValidator, 'verifyAuthorizationHeader').returns(
+      delay(50).then(() => {
+        throw error;
+      })
+    );
+
+    // WHEN
+    const promise = middleware(request, response, nextFunction);
+
+    // THEN
+    await expect(promise).not.to.be.eventually.rejected;
+    expect(verifyMethod.callCount).to.equal(1);
+    expect(verifyMethod.args[0]).to.deep.equal([authorizationHeader]);
+    expect(nextFunction.callCount).to.equal(1);
+    expect(nextFunction.args[0]).to.deep.equal([error]);
+    expect((request as IRequestWithJwt).jwt).to.be.undefined;
+  });
+});
+
+async function delay(duration: number): Promise<void> {
+  return new Promise((resolve, reject) => {
+    setTimeout(resolve, duration);
+  });
+}

package/src/middleware/jwtMiddleware.ts

@@ -1,26 +1,27 @@
 import * as express from 'express';
 import httpHeaderFieldsTyped from 'http-header-fields-typed';
-import { constants } from '../config/constants';
 import { jwtValidator } from '../jwtValidator';
+import { IRequestWithJwt } from '../models/expressRequest';
 
 /**
  * JWT validation Middleware
  *
  * @param {boolean} mandatoryValidation Defines if the JWT is mandatory. Defaults to true.
  */
-export const jwtValidationMiddleware: (
-  mandatoryValidation?: boolean
-) => (req: express.Request, res: express.Response, next: express.NextFunction) => void = (
-  mandatoryValidation = true
-) => {
-  return (req: express.Request, res: express.Response, next: express.NextFunction): void => {
+export const jwtValidationMiddleware =
+  (mandatoryValidation = true) =>
+  async (
+    req: express.Request,
+    res: express.Response,
+    next: express.NextFunction
+  ): Promise<void> => {
     try {
       const authHeader: string = req.get(httpHeaderFieldsTyped.AUTHORIZATION);
       if (mandatoryValidation || authHeader) {
-        jwtValidator
+        return jwtValidator
           .verifyAuthorizationHeader(authHeader)
           .then((jwt) => {
-            (req as any)[constants.requestExtraVariables.JWT] = jwt;
+            (req as IRequestWithJwt).jwt = jwt;
             next();
           })
           .catch((err) => {
@@ -33,4 +34,3 @@ export const jwtValidationMiddleware: (
       next(err);
     }
   };
-};

package/src/middleware/tokenTransformationMiddleware.ts

@@ -0,0 +1,82 @@
+import { utils } from '@villedemontreal/general-utils';
+import * as express from 'express';
+import httpHeaderFieldsTyped from 'http-header-fields-typed';
+import { constants } from '../config/constants';
+import { ITokenTtransformationMiddlewareConfig } from '../config/tokenTransformationMiddlewareConfig';
+import { createInvalidAuthHeaderError, createInvalidJwtError } from '../models/customError';
+import { createLogger } from '../utils/logger';
+import superagent = require('superagent');
+
+const _regexAccessToken = /([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})/;
+
+const logger = createLogger('Token transformation middleware');
+
+/**
+ * Token transformation Middleware. It will generate extended jwt
+ * in exchange for an access token.
+ *
+ * @param {boolean} config Configuration of the middleware.
+ */
+export const tokenTransformationMiddleware: (
+  config?: ITokenTtransformationMiddlewareConfig
+) => (req: express.Request, res: express.Response, next: express.NextFunction) => void = (
+  config
+) => {
+  return (req: express.Request, res: express.Response, next: express.NextFunction): void => {
+    try {
+      // Validate the authorization header
+      const authHeader: string = req.get(httpHeaderFieldsTyped.AUTHORIZATION);
+      if (utils.isBlank(authHeader)) {
+        throw createInvalidAuthHeaderError({
+          code: constants.errors.codes.INVALID_VALUE,
+          target: 'authorization_header',
+          message: 'authorization header is empty',
+        });
+      }
+
+      // Extract the access token value from the authorization header
+      const accessTokenRegExpArray = _regexAccessToken.exec(authHeader);
+      if (accessTokenRegExpArray.length <= 1) {
+        throw createInvalidAuthHeaderError({
+          code: constants.errors.codes.INVALID_VALUE,
+          target: 'access_token',
+          message: 'could not find a valid access token from the authorization header',
+        });
+      }
+      const accessToken = accessTokenRegExpArray[1];
+
+      // Call the service endpoint to exchange the access token for a extended jwt
+      superagent
+        .post(config.service.uri)
+        .send({ accessToken, extensions: config.extensions })
+        .then((response) => {
+          const extendedJwt = response.body.jwts?.extended;
+          logger.debug(extendedJwt, 'Extended jwt content.');
+
+          const basicJwt = response.body.jwts?.basic;
+          logger.debug(basicJwt, 'Basic jwt content.');
+
+          // Get the extended jwt. If not available, fallback to basic jwt.
+          const jwt = extendedJwt ?? basicJwt;
+
+          if (jwt) {
+            // Warning: Headers are all in lowercase. To be sure to replace
+            // the authorization header instead of duplicate it, must use lower case property name.
+            req.headers[httpHeaderFieldsTyped.AUTHORIZATION.toLowerCase()] = `Bearer ${jwt}`;
+            logger.debug(req.headers, 'Request headers');
+            next();
+          } else {
+            const err = createInvalidJwtError({
+              code: constants.errors.codes.NULL_VALUE,
+              target: 'jwt',
+              message: 'could not get a valid jwt from token translation service',
+            });
+            next(err);
+          }
+        })
+        .catch((err) => next(err));
+    } catch (err) {
+      next(err);
+    }
+  };
+};