@citrineos/util/dist/authorization/provider/OIDCAuthProvider.d.ts

The OCPP util module which supplies helpful utilities like cache and queue connectors, etc.

import type { FastifyRequest } from 'fastify';
import type { ILogObj } from 'tslog';
import { Logger } from 'tslog';
import type { IApiAuthProvider, UserInfo } from '@citrineos/base';
import { ApiAuthenticationResult, ApiAuthorizationResult } from '@citrineos/base';
export interface OIDCConfig {
    jwksUri: string;
    issuer: string;
    audience?: string;
    cacheTime?: number;
    rateLimit?: boolean;
}
/**
 * OIDC authentication provider implementation
 */
export declare class OIDCAuthProvider implements IApiAuthProvider {
    private readonly _config;
    private readonly _logger;
    private readonly _jkwsClient;
    private readonly _rulesLoader;
    private readonly _defaultTenantId;
    /**
     * Creates a new Keycloak authentication provider
     *
     * @param config OIDC configuration
     * @param logger Optional logger instance
     */
    constructor(config: OIDCConfig, logger?: Logger<ILogObj>);
    extractToken(request: FastifyRequest): Promise<string | null>;
    /**
     * Authenticates a JWT token from and OIDC provider
     *
     * @param token JWT token to authenticate
     * @returns Authentication result with user info if successful
     */
    authenticateToken(token: string): Promise<ApiAuthenticationResult>;
    /**
     * Authorizes a user for a specific request
     * This implementation checks if the user has the required permissions
     * for the requested URL and method
     *
     * @param user User information
     * @param request Fastify request
     * @returns Authorization result
     */
    authorizeUser(user: UserInfo, request: FastifyRequest): Promise<ApiAuthorizationResult>;
    /**
     * Fetches the public key from OIDC provider
     * @param {string} kid Key ID from the JWT header
     * @returns {Promise<string>} Public key as a string
     * @private
     */
    private fetchPublicKey;
    /**
     * Extracts roles from a decoded JWT token
     *
     * @param decoded The decoded JWT token
     * @returns Array of role strings
     * @private
     */
    private extractRoles;
    /**
     * Check if a user has any of the required roles for a specific tenant
     *
     * @param user User with roles
     * @param requiredRoles Array of role names (without tenant prefix)
     * @returns True if user has any of the required roles
     */
    private userHasRequiredRole;
}