UNPKG

auth0

Version:

SDK for Auth0 API v2

github.com/auth0/node-auth0

auth0/node-auth0

64 lines 2.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import { JSONApiResponse } from '../lib/models.js'; import { BaseAuthAPI } from './base-auth-api.js'; /** RFC 8693-defined grant type for token exchange */ const TOKEN_EXCHANGE_GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:token-exchange'; /** Auth0 token endpoint path */ const TOKEN_URL = '/oauth/token'; /** * Implements Auth0's Custom Token Exchange functionality with security best practices * * @security * - **HTTPS Enforcement**: All requests require TLS encryption * - **Credential Protection**: Client secrets never exposed in browser contexts * - **Input Validation**: Strict namespace enforcement for token types * * @example * ```typescript * // Secure token validation in Auth0 Action * exports.onExecuteCustomTokenExchange = async (event, api) => { * const { jws } = require('jose'); * const { createRemoteJWKSet } = require('jose/jwks'); * * const JWKS = createRemoteJWKSet(new URL('https://external-idp.com/.well-known/jwks.json')); * * try { * const { payload } = await jws.verify(event.transaction.subject_token, JWKS); * api.authentication.setUserById(payload.sub); * } catch (error) { * api.access.rejectInvalidSubjectToken('Invalid token signature'); * } * }; * ``` */ export class CustomTokenExchange extends BaseAuthAPI { /** * Executes token exchange flow with security validations * * @param options - Exchange configuration parameters * @returns Auth0-issued tokens with requested claims * * @throws {Error} When: * - `subject_token_type` uses prohibited namespace * - Network failures occur * - Auth0 returns error responses (4xx/5xx) */ async exchangeToken(options) { const body = { ...options, grant_type: TOKEN_EXCHANGE_GRANT_TYPE, client_id: this.clientId, }; await this.addClientAuthentication(body); const response = await this.request({ path: TOKEN_URL, method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, body: new URLSearchParams(body), }, {}); const r = await JSONApiResponse.fromResponse(response); return r.data; } } //# sourceMappingURL=tokenExchange.js.map