@asgardeo/auth-js
Version:
Asgardeo Auth JS SDK to be used in JavaScript and TypeScript applications.
109 lines • 3.83 kB
JavaScript
/**
* Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import { SUPPORTED_SIGNATURE_ALGORITHMS } from "../constants";
import { AsgardeoAuthException } from "../exception";
export class CryptoHelper {
constructor(cryptoUtils) {
this._cryptoUtils = cryptoUtils;
}
/**
* Generate code verifier.
*
* @returns code verifier.
*/
getCodeVerifier() {
return this._cryptoUtils.base64URLEncode(this._cryptoUtils.generateRandomBytes(32));
}
/**
* Derive code challenge from the code verifier.
*
* @param verifier - Code verifier.
*
* @returns - code challenge.
*/
getCodeChallenge(verifier) {
return this._cryptoUtils.base64URLEncode(this._cryptoUtils.hashSha256(verifier));
}
/**
* Get JWK used for the id_token
*
* @param jwtHeader - header of the id_token.
* @param keys - jwks response.
*
* @returns public key.
*
* @throws
*/
/* eslint-disable @typescript-eslint/no-explicit-any */
getJWKForTheIdToken(jwtHeader, keys) {
const headerJSON = JSON.parse(this._cryptoUtils.base64URLDecode(jwtHeader));
for (const key of keys) {
if (headerJSON.kid === key.kid) {
return key;
}
}
throw new AsgardeoAuthException("JS-CRYPTO_UTIL-GJFTIT-IV01", "kid not found.", "Failed to find the 'kid' specified in the id_token. 'kid' found in the header : " +
headerJSON.kid +
", Expected values: " +
keys.map((key) => key.kid).join(", "));
}
/**
* Verify id token.
*
* @param idToken - id_token received from the IdP.
* @param jwk - public key used for signing.
* @param clientID - app identification.
* @param issuer - id_token issuer.
* @param username - Username.
* @param clockTolerance - Allowed leeway for id_tokens (in seconds).
*
* @returns whether the id_token is valid.
*
* @throws
*/
isValidIdToken(idToken, jwk, clientID, issuer, username, clockTolerance, validateJwtIssuer) {
return this._cryptoUtils
.verifyJwt(idToken, jwk, SUPPORTED_SIGNATURE_ALGORITHMS, clientID, issuer, username, clockTolerance, validateJwtIssuer)
.then((response) => {
if (response) {
return Promise.resolve(true);
}
return Promise.reject(new AsgardeoAuthException("JS-CRYPTO_HELPER-IVIT-IV01", "Invalid ID token.", "ID token validation returned false"));
});
}
/**
* This function decodes the payload of an id token and returns it.
*
* @param idToken - The id token to be decoded.
*
* @returns - The decoded payload of the id token.
*
* @throws
*/
decodeIDToken(idToken) {
try {
const utf8String = this._cryptoUtils.base64URLDecode(idToken.split(".")[1]);
const payload = JSON.parse(utf8String);
return payload;
}
catch (error) {
throw new AsgardeoAuthException("JS-CRYPTO_UTIL-DIT-IV01", "Decoding ID token failed.", error);
}
}
}
//# sourceMappingURL=crypto-helper.js.map