@mft/moneyhub-api-client/dist/tokens.js

Node.JS client for the Moneyhub API

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
    __setModuleDefault(result, mod);
    return result;
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const R = __importStar(require("ramda"));
const jose = __importStar(require("jose"));
const crypto = __importStar(require("crypto"));
const exchange_code_for_token_1 = __importDefault(require("./exchange-code-for-token"));
const random = (length = 32) => jose.base64url.encode(crypto.randomBytes(length));
const createSignedJWT = async ({ alg, kid, audience, issuer, sub, privateKey, expirationTime = "10m", }) => new jose.SignJWT({})
    .setProtectedHeader({ alg, kid })
    .setSubject(sub)
    .setAudience(audience)
    .setIssuer(issuer)
    .setJti(random())
    .setIssuedAt()
    .setExpirationTime(expirationTime)
    .sign(privateKey);
const filterUndefined = R.reject(R.isNil);
const exchangeCodeForTokensErrorMessage = `
Missing Parameters in exchangeCodeForTokens method.

The signature for this method changed in v3.
The previous function is available at 'exchangeCodeForTokensLegacy'

This function now requires an object with the following properties:

{
  paramsFromCallback: {
    An object with all the params received at your redirect uri.
    The following properties are allowed:
      "code",
      "error",
      "error_description",
      "error_uri",
      "id_token",
      "state",
      "session_state",
  },
  localParams: {
    An object with params that you have in the local session for the user.
    The following properties are supported:
      "state", // required
      "nonce", // required when using 'code id_token'
      "sub", // optional, but without this param, requests where there are missing cookies will fail
      "max_age", // optional
      "response_type" // recommended
      "code_verifier" // required for PKCE
  }
}
`;
exports.default = ({ client, config, }) => {
    const { identityServiceUrl, client: { redirect_uri, request_object_signing_alg, keys, client_id }, } = config;
    const exchangeCodeForTokens = (0, exchange_code_for_token_1.default)({
        client,
        redirectUri: redirect_uri,
    });
    const createJWTBearerGrantToken = async (subject) => {
        if (request_object_signing_alg === "none")
            throw new Error("request_object_signing_alg can't be 'none'");
        const privateJWK = keys.find(({ alg }) => alg === request_object_signing_alg);
        if (!privateJWK)
            throw new Error(`Private key with alg ${request_object_signing_alg} missing`);
        const privateKey = await jose.importJWK(privateJWK);
        return await createSignedJWT({
            alg: request_object_signing_alg,
            kid: privateJWK.kid,
            sub: subject,
            audience: `${identityServiceUrl}/oidc`,
            issuer: client_id,
            privateKey,
            expirationTime: "10m",
        });
    };
    return {
        exchangeCodeForTokensLegacy: ({ state, code, nonce, id_token, }) => {
            const verify = filterUndefined({ state, nonce });
            const requestObj = filterUndefined({ state, code, id_token, nonce });
            return client.authorizationCallback(redirect_uri, requestObj, verify);
        },
        exchangeCodeForTokens: ({ paramsFromCallback, localParams }) => {
            if (!paramsFromCallback || !localParams) {
                console.error(exchangeCodeForTokensErrorMessage);
                throw new Error("Missing parameters");
            }
            return exchangeCodeForTokens({ paramsFromCallback, localParams });
        },
        refreshTokens: ({ refreshToken }) => client.refresh(refreshToken),
        getClientCredentialTokens: ({ scope, sub }) => client.grant({
            grant_type: "client_credentials",
            scope,
            sub,
        }),
        getJWTBearerToken: async ({ scope, sub }) => {
            return client.grant({
                grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
                scope,
                assertion: await createJWTBearerGrantToken(sub),
            });
        },
        createJWTBearerGrantToken,
    };
};
//# sourceMappingURL=tokens.js.map