UNPKG

@eqxjs/azure-manage-identity

Version:

For get Azure keyvault secret

36 lines (35 loc) 2.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
import { VerifyResult } from '@azure/keyvault-keys'; /** * Verifies a JWT token using an Azure Key Vault key via cryptographic verification. * The token's signature is verified using the SHA-256 digest of the header and payload. * * @param keyURL - The URL of the Azure Key Vault instance * @param keyName - The name of the key to use for verification * @param algorithm - The signing algorithm identifier (e.g. `'ES256'`) * @param jwtToken - The JWT token string in `header.payload.signature` format * @returns A promise resolving to a {@link VerifyResult} indicating success or failure * @throws {Error} When the JWT token is not in a valid 3-part format */ export declare function verifyJWTToken(keyURL: string, keyName: string, algorithm: string, jwtToken: string): Promise<VerifyResult>; /** * Verifies a JWT token against a JWK set stored as a secret in Azure Key Vault. * Iterates over all keys in the JWK set; returns `true` if any key validates the token. * * @param keyURL - The URL of the Azure Key Vault instance * @param secretName - The name of the secret containing the JWK set as a JSON string * @param jwtToken - The JWT token string to verify * @returns A promise resolving to a {@link VerifyResult} with `result: true` on success * @throws {Error} When all keys fail verification, or the secret is not a valid JWK set */ export declare function verifyJWTTokenBySecret(keyURL: string, secretName: string, jwtToken: string): Promise<VerifyResult>; /** * Signs a payload using an Azure Key Vault key and returns a base64url-encoded signature. * The payload is hashed with SHA-256 before signing. * * @param keyURL - The URL of the Azure Key Vault instance * @param keyName - The name of the key to use for signing * @param algorithm - The signing algorithm identifier (e.g. `'ES256'`) * @param payload - The string payload to sign * @returns A promise resolving to the base64url-encoded signature string */ export declare function signJWTToken(keyURL: string, keyName: string, algorithm: string, payload: string): Promise<string>;