@berlingske-media/bm.node-module.gateway_jwt/lib/JwksClient.js

AuthGateway JWT verification library based on public JWKS endpoint

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.JwksClient = void 0;
const tslib_1 = require("tslib");
const utils_1 = require("./utils");
const wrappers_1 = require("./wrappers");
const errors_1 = require("./errors");
class JwksClient {
    constructor(options) {
        this.options = Object.assign({ rateLimit: false, cache: true, timeout: 30000, requestHeaders: {
                'Content-Type': 'application/json',
                'User-Agent': 'NodeJS',
            }, debug: false }, options);
        if (this.options.getKeysInterceptor) {
            this.getSigningKey = (0, wrappers_1.getKeysInterceptor)(this, options);
        }
        if (this.options.rateLimit) {
            this.getSigningKey = (0, wrappers_1.rateLimitWrapper)(this, options);
        }
        if (this.options.cache) {
            this.getSigningKey = (0, wrappers_1.cacheWrapper)(this, options);
        }
        this.getSigningKey = (0, wrappers_1.callbackSupport)(this, options);
    }
    getKeys() {
        return tslib_1.__awaiter(this, void 0, void 0, function* () {
            this.debug(`Fetching keys from '${this.options.jwksUri}'`);
            try {
                const res = yield (0, wrappers_1.request)({
                    uri: this.options.jwksUri,
                    headers: this.options.requestHeaders,
                    agent: this.options.requestAgent,
                    timeout: this.options.timeout,
                    fetcher: this.options.fetcher,
                });
                this.debug('Keys:', res.keys);
                return res.keys;
            }
            catch (err) {
                const { errorMsg } = err;
                console.error('Failure:', errorMsg || err);
                throw (errorMsg ? new errors_1.JwksError(errorMsg) : err);
            }
        });
    }
    getSigningKeys() {
        return tslib_1.__awaiter(this, void 0, void 0, function* () {
            const keys = yield this.getKeys();
            if (!keys || !keys.length) {
                throw new errors_1.JwksError('The JWKS endpoint did not contain any keys');
            }
            const signingKeys = yield (0, utils_1.retrieveSigningKeys)(keys);
            if (!signingKeys.length) {
                throw new errors_1.JwksError('The JWKS endpoint did not contain any signing keys');
            }
            this.debug('Signing Keys:', signingKeys);
            return signingKeys;
        });
    }
    getSigningKey() {
        return tslib_1.__awaiter(this, arguments, void 0, function* (kid = undefined) {
            this.debug(`Fetching signing key for '${kid}'`);
            const keys = yield this.getSigningKeys();
            const kidDefined = kid !== undefined && kid !== null;
            if (!kidDefined && keys.length > 1) {
                console.error('No KID specified and JWKS endpoint returned more than 1 key');
                throw new errors_1.SigningKeyNotFoundError('No KID specified and JWKS endpoint returned more than 1 key');
            }
            const key = keys.find(k => !kidDefined || k.kid === kid);
            if (key) {
                return key;
            }
            else {
                console.error(`Unable to find a signing key that matches '${kid}'`);
                throw new errors_1.SigningKeyNotFoundError(`Unable to find a signing key that matches '${kid}'`);
            }
        });
    }
    debug(...args) {
        if (this.options.debug) {
            console.debug(args);
        }
    }
}
exports.JwksClient = JwksClient;
//# sourceMappingURL=JwksClient.js.map