@sap/xssec/src/token/IdentityServiceToken.js

XS Advanced Container Security API for node.js

const Token = require("./Token");

class IdentityServiceToken extends Token {

    /**
     * @param {string|null} jwt 
     * @param {object} [content] - optional parsed header and payload
     * @param {import('../util/Types').JwtHeader & { [key: string]: any }} [content.header] - parsed header
     * @param {import('../util/Types').JwtPayload & import('../util/Types').IdentityServiceJwtPayload & { [key: string]: any }} [content.payload] - parsed payload
     */
    constructor(jwt, { header, payload } = {}) {
        super(jwt, { header, payload });
    }

    /**
     * @returns {string} The ID of the caller's tenant within the SAP Cloud Identity Service application for which the token was fetched.
     */
    get appTid() {
        return this.payload.app_tid ?? this.payload.zone_uuid;
    }

    /**
     * Returns the SAP Cloud Identity Service APIs consumed by the caller (based on the token's 'ias_apis' claim).
     * @returns {string[]} The consumed APIs or [] if the caller does not consume any APIs.
     */
    get consumedApis() {
        return this.payload.ias_apis || [];
    }

    get customIssuer() {
        return this.payload.ias_iss ? this.payload.iss : null;
    }

    /** 
     * @returns {string} The issuer of the token.
     */
    get issuer() {
        return this.payload.ias_iss || this.payload.iss;
    }

    /**
     * Returns the SCIM id of the user.
     * @returns {string} The SCIM id or undefined if the token does not contain a SCIM id, e.g. because it is a technical user token.
     */
    get scimId() {
        return this.payload.scim_id;
    }

    // Methods for backward-compatibility
    getAppTID() {
        return this.appTid;
    }

    getCustomIssuer() {
        return this.customIssuer;
    }

    /**
     * @deprecated Access appTid instead
     */
    getZoneId() {
        return this.appTid;
    }
}

module.exports = IdentityServiceToken;