@zuplo/runtime 6.68.28 → 6.68.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/out/esm/index.js +40 -40
- package/out/esm/index.js.map +1 -1
- package/out/types/index.d.ts +40 -0
- package/package.json +1 -1
package/out/types/index.d.ts
CHANGED
|
@@ -5128,6 +5128,30 @@ export declare interface JWTScopeValidationInboundPolicyOptions {
|
|
|
5128
5128
|
scopes: string[];
|
|
5129
5129
|
}
|
|
5130
5130
|
|
|
5131
|
+
/**
|
|
5132
|
+
* Asymmetric JWT signing algorithms supported by {@link JwtServicePlugin}.
|
|
5133
|
+
*
|
|
5134
|
+
* Symmetric algorithms (e.g. `HS256`) are intentionally not supported because
|
|
5135
|
+
* this plugin publishes a JWKS endpoint — symmetric keys cannot be safely
|
|
5136
|
+
* exposed as public keys.
|
|
5137
|
+
*
|
|
5138
|
+
* - `EdDSA` — Edwards-curve (Ed25519). Modern, fast, small keys and signatures.
|
|
5139
|
+
* - `RS256` / `RS384` / `RS512` — RSASSA-PKCS1-v1_5 with SHA-2. Broadly interoperable.
|
|
5140
|
+
* - `PS256` / `PS384` / `PS512` — RSASSA-PSS with SHA-2. Recommended over `RS*` for new keys.
|
|
5141
|
+
* - `ES256` / `ES384` / `ES512` — ECDSA on P-256 / P-384 / P-521.
|
|
5142
|
+
*/
|
|
5143
|
+
export declare type JwtServiceAlgorithm =
|
|
5144
|
+
| "EdDSA"
|
|
5145
|
+
| "RS256"
|
|
5146
|
+
| "RS384"
|
|
5147
|
+
| "RS512"
|
|
5148
|
+
| "PS256"
|
|
5149
|
+
| "PS384"
|
|
5150
|
+
| "PS512"
|
|
5151
|
+
| "ES256"
|
|
5152
|
+
| "ES384"
|
|
5153
|
+
| "ES512";
|
|
5154
|
+
|
|
5131
5155
|
export declare class JwtServicePlugin extends SystemRuntimePlugin {
|
|
5132
5156
|
#private;
|
|
5133
5157
|
static signJwt({
|
|
@@ -5152,6 +5176,22 @@ export declare interface JwtServicePluginOptions {
|
|
|
5152
5176
|
* The default value is "/__zuplo/issuer".
|
|
5153
5177
|
*/
|
|
5154
5178
|
basePath?: string;
|
|
5179
|
+
/**
|
|
5180
|
+
* The asymmetric signing algorithm used for issued JWTs. Must match the
|
|
5181
|
+
* configured key pair — e.g. an RSA key requires an `RS*` or `PS*` value,
|
|
5182
|
+
* a P-256 EC key requires `ES256`, and an Ed25519 key requires `EdDSA`.
|
|
5183
|
+
*
|
|
5184
|
+
* The selected value is advertised via `id_token_signing_alg_values_supported`
|
|
5185
|
+
* in the published OpenID configuration.
|
|
5186
|
+
*
|
|
5187
|
+
* @default "EdDSA"
|
|
5188
|
+
*
|
|
5189
|
+
* @example
|
|
5190
|
+
* ```ts
|
|
5191
|
+
* new JwtServicePlugin({ algorithm: "RS256" });
|
|
5192
|
+
* ```
|
|
5193
|
+
*/
|
|
5194
|
+
algorithm?: JwtServiceAlgorithm;
|
|
5155
5195
|
/**
|
|
5156
5196
|
* Sets the default time for the "exp" (Expiration Time) Claim in the JWT.
|
|
5157
5197
|
* This value can be overridden when signing a JWT.
|