UNPKG

@shane32/msoauth

Version:

A React library for Azure AD authentication with PKCE (Proof Key for Code Exchange) flow support. This library provides a secure and easy-to-use solution for implementing Azure AD authentication in React applications, with support for both API and Microso

github.com/shane32/msoauth

shane32/msoauth

135 lines (134 loc) 4.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/** * Response structure from the OAuth token endpoint */ export interface TokenResponse { /** The access token used for API authorization */ access_token: string; /** The refresh token used to obtain new access tokens */ refresh_token: string; /** Number of seconds until the access token expires */ expires_in: number; /** The id token used for user information */ id_token: string; } /** * Legacy (version 1) representation of token information with expiration */ export interface TokenInfoV1 { /** The version number of this structure */ version: 1; /** The current access token for API requests */ apiAccessToken: string; /** The current access token for MS Graph requests */ msAccessToken: string; /** The refresh token for obtaining new access tokens */ refreshToken: string; /** Timestamp (in milliseconds) when the API access token expires */ apiExpiresAt: number; /** Timestamp (in milliseconds) when the MS Graph access token expires */ msExpiresAt: number; /** The id token used for user information */ idToken: string; } /** * Version 2 representation of token information with expiration */ export interface TokenInfoV2 { /** The version number of this structure */ version: 2; /** The refresh token for obtaining new access tokens */ refreshToken: string; /** The id token used for user information */ idToken: string; /** Access tokens for different scope sets */ accessTokens: { [scopeSetName: string]: { /** The access token */ token: string; /** Timestamp (in milliseconds) when the access token expires */ expiresAt: number; }; }; } /** * Current representation of token information with expiration (version 3) */ export interface TokenInfo extends Omit<TokenInfoV2, "version"> { /** The version number of this structure */ version: 3; /** Timestamp (in milliseconds) when the ID token expires */ idTokenExpiresAt: number; } /** * User information extracted from the JWT token */ export interface UserInfo { /** Unique identifier for the user */ oid: string; /** Display name of the user */ name?: string; /** Email address of the user */ email?: string; /** User's first name */ given_name?: string; /** User's last name */ family_name?: string; /** Array of roles assigned to the user */ roles: string[]; /** Additional custom claims in the JWT */ [key: string]: unknown; } /** * Interface for PKCE (Proof Key for Code Exchange) codes used in OAuth authentication. */ interface PKCECodes { /** The randomly generated verifier string */ codeVerifier: string; /** The SHA-256 hashed and base64-url encoded challenge derived from the verifier */ codeChallenge: string; } /** * Generates a cryptographically secure random state string for OAuth authentication. * Used to prevent CSRF attacks by ensuring the auth response matches the request. * @returns {string} A base64url-encoded random string */ export declare function generateState(): string; /** * Generates PKCE codes for OAuth authorization code flow with PKCE. * Creates a random code verifier and its corresponding SHA-256 hashed challenge. * @returns {Promise<PKCECodes>} Object containing the code verifier and challenge */ export declare function generatePKCECodes(): Promise<PKCECodes>; /** * Converts a Uint8Array buffer to a base64url-encoded string. * Base64url encoding is similar to base64 but uses URL-safe characters. * @param {Uint8Array} buffer - The buffer to convert * @returns {string} The base64url-encoded string */ export declare function bufferToBase64Url(buffer: Uint8Array): string; /** * Gets the current relative URL of the window, including path, search, and hash. * @returns {string} The relative URL of the window */ export declare function getCurrentRelativeUrl(): string; /** * Extracts user information from a JWT token * @param {string} idToken - The JWT token to decode * @returns {UserInfo} The extracted user information * @throws {Error} If required claims are missing from the token */ export declare function extractUserInfo(idToken: string): UserInfo; /** * Extracts the expiration timestamp from a JWT token. * @param {string} token - The JWT token to decode * @returns {number} The expiration timestamp in milliseconds since Unix epoch * @throws {Error} If the token doesn't contain an expiration claim */ export declare function extractTokenExpiration(token: string): number; /** * Converts a TokenInfo from older versions to version 3 * @param {any} tokenData - The token data to convert * @returns {TokenInfo} The converted token info */ export declare function convertTokenInfoToV3(tokenData: TokenInfo | TokenInfoV2 | TokenInfoV1): TokenInfo; export {};