@gftdcojp/auth
Version:
✅ Enterprise-grade Auth0 integration for GFTD platform - 90% Complete, High Quality Implementation
274 lines • 7.77 kB
TypeScript
/**
* Auth0統合管理
*
* ⚡ 機能:
* - JWT Token検証とクレーム解析
* - Management API(組織、ユーザー、ロール管理)
* - Authorization Extension API(グループ、権限)
* - Standard Auth0 Authentication Flow
* - セキュリティログとAudit Trail
* - 🆕 Auth0 Organizations(orgid)完全対応
*
* 🔐 統一認証: auth.gftd.ai ドメインをデフォルトに設定
*/
import { UserPayload, OrganizationInvitationStatus, OrganizationMemberRole, OrganizationSettings } from './types';
/**
* Auth0設定
*/
export interface Auth0Config {
domain: string;
audience: string;
clientId?: string;
jwksUri?: string;
authorizationExtension?: {
url: string;
clientId: string;
clientSecret: string;
audience: string;
region: 'us-west' | 'europe' | 'australia';
};
}
/**
* Auth0組織情報
*/
export interface Auth0Organization {
id: string;
name: string;
display_name: string;
branding?: {
logo_url?: string;
colors?: {
primary?: string;
page_background?: string;
};
};
metadata?: Record<string, any>;
connections?: {
name: string;
strategy: string;
enabled_clients?: string[];
}[];
/** 🆕 組織設定 */
settings?: OrganizationSettings;
/** 🆕 作成・更新情報 */
created_at?: string;
updated_at?: string;
}
/**
* Auth0組織メンバー
*/
export interface Auth0OrganizationMember {
user_id: string;
email?: string;
name?: string;
picture?: string;
roles?: OrganizationMemberRole[];
/** 🆕 メンバーシップ情報 */
organization_id: string;
added_at?: string;
added_by?: string;
}
/**
* Auth0組織招待
*/
export interface Auth0OrganizationInvitation {
id: string;
organization_id: string;
inviter: {
name: string;
email?: string;
};
invitee: {
email: string;
};
client_id: string;
connection_id?: string;
app_metadata?: Record<string, any>;
user_metadata?: Record<string, any>;
roles?: string[];
send_invitation_email?: boolean;
ttl_sec?: number;
created_at?: string;
/** 🆕 招待ステータス */
status?: OrganizationInvitationStatus;
expires_at?: string;
}
/**
* Auth0ユーザークレーム
*/
interface Auth0Claims {
sub: string;
email?: string;
email_verified?: boolean;
name?: string;
picture?: string;
nickname?: string;
'https://your-app.com/roles'?: string[];
'https://your-app.com/permissions'?: string[];
'https://your-app.com/tenant_id'?: string;
/** 🆕 組織クレーム */
org_id?: string;
org_name?: string;
'https://your-app.com/org_roles'?: string[];
'https://your-app.com/org_permissions'?: string[];
'https://your-app.com/organizations'?: string[];
[key: string]: any;
}
/**
* Auth0ユーザー情報
*/
export interface Auth0User {
user_id: string;
connection: string;
email?: string;
email_verified?: boolean;
username?: string;
phone_number?: string;
phone_verified?: boolean;
created_at: string;
updated_at: string;
identities: Array<{
connection: string;
user_id: string;
provider: string;
isSocial: boolean;
}>;
app_metadata?: Record<string, any>;
user_metadata?: Record<string, any>;
picture?: string;
name?: string;
nickname?: string;
multifactor?: string[];
last_ip?: string;
last_login?: string;
logins_count?: number;
blocked?: boolean;
given_name?: string;
family_name?: string;
}
/**
* Auth0管理API用レスポンス
*/
export interface Auth0ManagementResponse<T = any> {
data?: T;
error?: {
message: string;
statusCode: number;
error: string;
errorCode?: string;
};
}
/**
* Auth0統合マネージャー
*/
export declare class Auth0Integration {
private static instance;
private config;
private jwksClient;
private extensionAccessToken;
private extensionTokenExpiry;
/** 🆕 Management APIトークンキャッシュ */
private managementAccessToken;
private managementTokenExpiry;
private constructor();
/**
* シングルトンインスタンスを取得
*/
static getInstance(customConfig?: Partial<Auth0Config>): Auth0Integration;
/**
* Authorization Extension URLを構築
*/
private buildExtensionUrl;
/**
* Extension APIのアクセストークンを取得
*/
private getExtensionAccessToken;
/**
* Management APIのアクセストークンを取得
*/
getManagementAccessToken(): Promise<string | null>;
/**
* Auth0 JWTトークンを検証
*/
verifyAuth0Token(token: string): Promise<Auth0Claims | null>;
/**
* Auth0クレームをGFTD ORMユーザーペイロードに変換(🆕 組織対応)
*/
mapAuth0ToUserPayload(auth0Claims: Auth0Claims): UserPayload;
/**
* Auth0トークンからGFTD ORMユーザーを認証
*/
authenticateWithAuth0(token: string): Promise<{
success: boolean;
user?: UserPayload;
error?: string;
}>;
/**
* 組織を取得
*/
getOrganization(organizationId: string): Promise<Auth0Organization | null>;
/**
* ユーザーの組織一覧を取得
*/
getUserOrganizations(userId: string): Promise<Auth0Organization[]>;
/**
* 組織メンバー一覧を取得
*/
getOrganizationMembers(organizationId: string): Promise<Auth0OrganizationMember[]>;
/**
* 組織にメンバーを追加
*/
addOrganizationMember(organizationId: string, userId: string, roles?: string[]): Promise<boolean>;
/**
* 組織からメンバーを削除
*/
removeOrganizationMember(organizationId: string, userId: string): Promise<boolean>;
/**
* 組織招待を送信
*/
createOrganizationInvitation(organizationId: string, email: string, options?: {
roles?: string[];
sendEmail?: boolean;
ttlSec?: number;
metadata?: Record<string, any>;
}): Promise<Auth0OrganizationInvitation | null>;
/**
* 組織招待一覧を取得
*/
getOrganizationInvitations(organizationId: string): Promise<Auth0OrganizationInvitation[]>;
}
/**
* Auth0統合のヘルパー関数
*/
export declare const auth0: {
/**
* 統合マネージャーのインスタンスを取得
*/
manager: () => Auth0Integration;
/**
* Auth0トークンで認証
*/
authenticate: (token: string, customConfig?: Partial<Auth0Config>) => Promise<{
success: boolean;
user?: UserPayload;
error?: string;
}>;
/**
* トークン検証
*/
verifyToken: (token: string) => Promise<Auth0Claims | null>;
/**
* 🆕 組織管理のヘルパー関数
*/
organizations: {
get: (organizationId: string) => Promise<Auth0Organization | null>;
getUserOrganizations: (userId: string) => Promise<Auth0Organization[]>;
getMembers: (organizationId: string) => Promise<Auth0OrganizationMember[]>;
addMember: (organizationId: string, userId: string, roles?: string[]) => Promise<boolean>;
removeMember: (organizationId: string, userId: string) => Promise<boolean>;
createInvitation: (organizationId: string, email: string, options?: any) => Promise<Auth0OrganizationInvitation | null>;
getInvitations: (organizationId: string) => Promise<Auth0OrganizationInvitation[]>;
};
};
export {};
//# sourceMappingURL=auth0-integration.d.ts.map