UNPKG

@wristband/express-auth

Version:

SDK for integrating your ExpressJS application with Wristband. Handles user authentication and token management.

wristband.dev

wristband-dev/express-auth

96 lines (95 loc) 5.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import { Request, Response } from 'express'; import { AuthConfig, CallbackResult, LoginConfig, LogoutConfig, TokenData } from './types'; /** * WristbandAuth is a utility interface providing methods for seamless interaction with Wristband for authenticating * application users. It can handle the following: * - Initiate a login request by redirecting to Wristband. * - Receive callback requests from Wristband to complete a login request. * - Retrive all necessary JWT tokens and userinfo to start an application session. * - Logout a user from the application by revoking refresh tokens and redirecting to Wristband. * - Checking for expired access tokens and refreshing them automatically, if necessary. */ export interface WristbandAuth { /** * Initiates a login request by redirecting to Wristband. An authorization request is constructed * for the user attempting to login in order to start the Authorization Code flow. * * Your Express request can contain Wristband-specific query parameters: * - login_hint: A hint to Wristband about user's preferred login identifier. This can be appended as a query * parameter in the redirect request to the Authorize URL. * - return_url: The location of where to send users after authenticating. * - tenant_custom_domain: The tenant custom domain for the tenant that the user belongs to, if applicable. Should be * used as the domain of the authorize URL when present. * - tenant_domain: The domain name of the tenant the user belongs to. Should be used in the tenant vanity domain of * the authorize URL when not utilizing tenant subdomains nor tenant custom domains. * * @param {Request} req The Express request object. * @param {Response} res The Express response object. * @param {LoginConfig} [config] Additional configuration for creating an auth request to Wristband. * @returns {Promise<void>} A Promise as a result of a URL redirect to Wristband. * @throws {Error} If an error occurs during the login process. */ login(req: Request, res: Response, config?: LoginConfig): Promise<void>; /** * Receives incoming requests from Wristband with an authorization code. It will then proceed to exchange the auth * code for an access token as well as fetch the userinfo for the user attempting to login. * * Your Express request can contain Wristband-specific query parameters: * - code: The authorization code to use for exchanging for an access token. * - error: An error code indicating that some an issue occurred during the login process. * - error_description: A plaintext description giving more detail around the issue that occurred during the login * process. * - state: The state value that was originally sent to the Authorize URL. * - tenant_custom_domain: If the tenant has a tenant custom domain defined, then this query parameter will be part * of the incoming request to the Callback Endpoint. n the event a redirect to the Login Endpoint is required, then * this should be appended as a query parameter when redirecting to the Login Endpoint. * - tenant_domain: The domain name of the tenant the user belongs to. In the event a redirect to the Login Endpoint * is required and neither tenant subdomains nor tenant custom domains are not being utilized, then this should be * appended as a query parameter when redirecting to the Login Endpoint. * * @param {Request} req The Express request object. * @param {Response} res The Express response object. * @returns {Promise<CallbackResult>} A Promise containing the result of what happened during callback execution * as well as any accompanying data. * @throws {Error} If an error occurs during the callback handling. */ callback(req: Request, res: Response): Promise<CallbackResult>; /** * Revokes the user's refresh token and redirects them to the Wristband logout endpoint to destroy * their authenticated session in Wristband. * * @param {Request} req The Express request object. * @param {Response} res The Express response object. * @param {LogoutConfig} [config] Additional configuration for logging out the user. * @returns {Promise<void>} A Promise of type void as a result of a URL redirect to Wristband. * @throws {Error} If an error occurs during the logout process. */ logout(req: Request, res: Response, config?: LogoutConfig): Promise<void>; /** * Checks if the user's access token is expired and refreshed the token, if necessary. * * @param {string} refreshToken The refresh token. * @param {number} expiresAt Unix timestamp in milliseconds at which the token expires. * @returns {Promise<TokenData | null>} A Promise with the data from the token endpoint if the token was refreshed. * Otherwise, a Promise with null value is returned. * @throws {Error} If an error occurs during the token refresh process. */ refreshTokenIfExpired(refreshToken: string, expiresAt: number): Promise<TokenData | null>; } /** * WristbandAuth is a utility class providing methods for seamless interaction with the Wristband authentication service. * @implements {WristbandAuth} */ export declare class WristbandAuthImpl implements WristbandAuth { private authService; /** * Creates an instance of WristbandAuth. * * @param {AuthConfig} authConfig The configuration for Wristband authentication. */ constructor(authConfig: AuthConfig); login(req: Request, res: Response, config?: LoginConfig): Promise<void>; callback(req: Request, res: Response): Promise<CallbackResult>; logout(req: Request, res: Response, config?: LogoutConfig): Promise<void>; refreshTokenIfExpired(refreshToken: string, expiresAt: number): Promise<TokenData | null>; }