UNPKG

@sgnl-ai/secevent

Version:

A comprehensive JavaScript/TypeScript library for Security Event Tokens (SET) implementing RFC 8417, CAEP, and SSF standards

195 lines (163 loc) 2.94 kB
/** * Security Event Token (SET) Types * Core types for SEC Event tokens as defined in RFC 8417 */ import { JWTPayload } from 'jose'; import { SecurityEvent } from './events'; /** * Security Event Token payload * Extends JWT payload with SET-specific claims */ export interface SecEventPayload extends JWTPayload { /** * Events claim containing one or more security events */ events: SecurityEvent; /** * Transaction identifier */ txn?: string; /** * Token identifier (jti is inherited from JWTPayload) */ jti: string; /** * Issued at timestamp (iat is inherited from JWTPayload) */ iat: number; /** * Issuer (iss is inherited from JWTPayload) */ iss: string; /** * Audience (aud is inherited from JWTPayload) */ aud?: string | string[]; /** * Subject (sub is inherited from JWTPayload) * Note: In SET, the subject is typically in the event, not the JWT subject */ sub?: string; /** * Additional custom claims */ [key: string]: unknown; } /** * Options for creating a Security Event Token */ export interface SecEventOptions { /** * Issuer of the token */ issuer: string; /** * Audience for the token */ audience?: string | string[]; /** * Token ID (defaults to UUID) */ jti?: string; /** * Issued at timestamp (defaults to current time) */ iat?: number; /** * Transaction ID */ txn?: string; /** * Additional custom claims */ additionalClaims?: Record<string, unknown>; } /** * Signed Security Event Token */ export interface SignedSecEvent { /** * The JWT string representation */ jwt: string; /** * The decoded payload */ payload: SecEventPayload; } /** * SEC Event validation options */ export interface ValidationOptions { /** * Expected issuer */ issuer?: string | string[]; /** * Expected audience */ audience?: string | string[]; /** * Clock tolerance in seconds */ clockTolerance?: number; /** * Current time (defaults to Date.now()) */ currentDate?: Date; /** * Required claims */ requiredClaims?: string[]; /** * Maximum token age in seconds */ maxTokenAge?: number; } /** * Validation result */ export interface ValidationResult { /** * Whether validation succeeded */ valid: boolean; /** * Decoded payload if valid */ payload?: SecEventPayload; /** * Error message if invalid */ error?: string; /** * Detailed validation errors */ errors?: string[]; } /** * ID Generator interface */ export interface IdGenerator { /** * Generate a unique ID */ generate(): string; } /** * Signing key configuration */ export interface SigningKey { /** * Key ID */ kid?: string; /** * Algorithm */ alg: string; /** * The actual key (can be string, Buffer, or KeyLike) */ key: unknown; }