tslocal 0.3.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/ts/src/client.ts CHANGED
@@ -12,9 +12,11 @@ import { Transport, type TransportOptions } from "./transport.js";
12
12
  import {
13
13
  ServeConfigSchema,
14
14
  StatusSchema,
15
+ TokenResponseSchema,
15
16
  WhoIsResponseSchema,
16
17
  type ServeConfig,
17
18
  type Status,
19
+ type TokenResponse,
18
20
  type WhoIsResponse,
19
21
  } from "./types.js";
20
22
 
@@ -171,6 +173,21 @@ export class Client {
171
173
  return config;
172
174
  }
173
175
 
176
+ // --- ID Token ---
177
+
178
+ /**
179
+ * Get an OIDC ID token for the given audience.
180
+ *
181
+ * The token can be presented to any resource provider which offers
182
+ * OIDC Federation.
183
+ */
184
+ async idToken(aud: string): Promise<TokenResponse> {
185
+ const data = await this.get200(
186
+ `/localapi/v0/id-token?aud=${encodeURIComponent(aud)}`,
187
+ );
188
+ return TokenResponseSchema.parse(parseJSON(data.toString("utf-8")));
189
+ }
190
+
174
191
  /**
175
192
  * Set the serve configuration.
176
193
  *
package/ts/src/index.ts CHANGED
@@ -15,6 +15,7 @@ export {
15
15
  ServeConfigSchema,
16
16
  StatusSchema,
17
17
  TailnetStatusSchema,
18
+ TokenResponseSchema,
18
19
  UserProfileSchema,
19
20
  WhoIsResponseSchema,
20
21
  type ClientVersion,
@@ -23,6 +24,16 @@ export {
23
24
  type ServeConfig,
24
25
  type Status,
25
26
  type TailnetStatus,
27
+ type TokenResponse,
26
28
  type UserProfile,
27
29
  type WhoIsResponse,
28
30
  } from "./types.js";
31
+
32
+ import type { Node as NodeType } from "./types.js";
33
+ export type Node = NodeType;
34
+ export const Node = {
35
+ /** Reports whether the node has any ACL tags. */
36
+ isTagged(node: NodeType): boolean {
37
+ return node.Tags.length > 0;
38
+ },
39
+ };
package/ts/src/types.ts CHANGED
@@ -843,6 +843,34 @@ export const NodeSchema = z.object({
843
843
  });
844
844
  export type Node = z.infer<typeof NodeSchema>;
845
845
 
846
+ /** TokenResponse is the response to a TokenRequest. */
847
+ export const TokenResponseSchema = z.object({
848
+ /**
849
+ * IDToken is a JWT encoding the following standard claims:
850
+ *
851
+ * `sub` | the MagicDNS name of the node
852
+ * `aud` | Audience from the request
853
+ * `exp` | Token expiry
854
+ * `iat` | Token issuance time
855
+ * `iss` | Issuer
856
+ * `jti` | Random token identifier
857
+ * `nbf` | Not before time
858
+ *
859
+ * It also encodes the following Tailscale specific claims:
860
+ *
861
+ * `key` | the node public key
862
+ * `addresses` | the Tailscale IPs of the node
863
+ * `nid` | the node ID
864
+ * `node` | the name of the node
865
+ * `domain` | the domain of the node, it has the same format as MapResponse.Domain.
866
+ * `tags` | an array of <domain:tag> on the node (like alice.github:tag:foo or example.com:tag:foo)
867
+ * `user` | user emailish (like alice.github:alice@github or example.com:bob@example.com), if not tagged
868
+ * `uid` | user ID, if not tagged
869
+ */
870
+ id_token: z.string().default(""),
871
+ });
872
+ export type TokenResponse = z.infer<typeof TokenResponseSchema>;
873
+
846
874
  /**
847
875
  * TCPPortHandler describes what to do when handling a TCP
848
876
  * connection.