UNPKG

@backstage/backend-defaults

Version:

Backend defaults used by Backstage backend apps

backstage.io

backstage/backstage

64 lines (60 loc) 1.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
'use strict'; var jose = require('jose'); var helpers = require('./helpers.cjs.js'); class JWKSHandler { #entries = []; add(config) { if (!config.getString("options.url").match(/^\S+$/)) { throw new Error( "Illegal JWKS URL, must be a set of non-space characters" ); } const algorithms = helpers.readStringOrStringArrayFromConfig( config, "options.algorithm" ); const issuers = helpers.readStringOrStringArrayFromConfig(config, "options.issuer"); const audiences = helpers.readStringOrStringArrayFromConfig( config, "options.audience" ); const subjectPrefix = config.getOptionalString("options.subjectPrefix"); const url = new URL(config.getString("options.url")); const jwks = jose.createRemoteJWKSet(url); const allAccessRestrictions = helpers.readAccessRestrictionsFromConfig(config); this.#entries.push({ algorithms, audiences, issuers, jwks, subjectPrefix, url, allAccessRestrictions }); } async verifyToken(token) { for (const entry of this.#entries) { try { const { payload: { sub } } = await jose.jwtVerify(token, entry.jwks, { algorithms: entry.algorithms, issuer: entry.issuers, audience: entry.audiences }); if (sub) { const prefix = entry.subjectPrefix ? `external:${entry.subjectPrefix}:` : "external:"; return { subject: `${prefix}${sub}`, allAccessRestrictions: entry.allAccessRestrictions }; } } catch { continue; } } return void 0; } } exports.JWKSHandler = JWKSHandler; //# sourceMappingURL=jwks.cjs.js.map