UNPKG

@tree-house/authentication

Version:

Tree House Authentication

github.com/ShopBonsai/tree-house/tree/master/packages/core

ShopBonsai/tree-house

32 lines (31 loc) 1.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.getKey = exports.authenticateSso = void 0; const openid_client_1 = require("openid-client"); const jwksClient = require("jwks-rsa"); const jwt_authentication_1 = require("./jwt-authentication"); async function authenticateSso(token) { if (token === '') throw new Error('SSO token is empty.'); const { header, payload } = (0, jwt_authentication_1.decodeJwt)(token, { complete: true }); const { metadata } = await openid_client_1.Issuer.discover(payload.iss); const secret = await getKey(metadata.jwks_uri, header.kid); const options = { issuer: payload.iss, algorithms: [header.alg], aud: payload.aud, expiresIn: payload.exp, secretOrKey: secret, }; return (0, jwt_authentication_1.verifyJwt)(token, options); } exports.authenticateSso = authenticateSso; async function getKey(jwksUri, token) { const client = jwksClient({ jwksUri, }); const key = await client.getSigningKey(token); const signingKey = key.getPublicKey(); return signingKey; } exports.getKey = getKey;