UNPKG

auth0

Version:

Auth0 Node.js SDK for the Management API v2.

github.com/auth0/node-auth0

auth0/node-auth0

159 lines (158 loc) 4.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
import { BaseAuthAPI } from "./base-auth-api.js"; /** * The response from the authorize endpoint. */ export type AuthorizeResponse = { /** * The authorization request ID. */ auth_req_id: string; /** * The duration in seconds until the authentication request expires. */ expires_in: number; /** * The interval in seconds to wait between poll requests. */ interval: number; }; /** * Options for the authorize request. */ export type AuthorizeOptions = { /** * A human-readable string intended to be displayed on both the device calling /bc-authorize and the user’s authentication device. */ binding_message: string; /** * A space-separated list of OIDC and custom API scopes. */ scope: string; /** * Unique identifier of the audience for an issued token. */ audience?: string; /** * Custom expiry time in seconds for this request. * @deprecated Use {@link AuthorizeOptions.requested_expiry} instead. */ request_expiry?: string; /** * Custom expiry time in seconds for this request. */ requested_expiry?: string; /** * The user ID. */ userId: string; /** * Optional parameter for subject issuer context. */ subjectIssuerContext?: string; /** * Optional authorization details to use Rich Authorization Requests (RAR). * @see https://auth0.com/docs/get-started/apis/configure-rich-authorization-requests */ authorization_details?: string; } & Record<string, string>; export interface AuthorizationDetails { readonly type: string; readonly [parameter: string]: unknown; } /** * The response from the token endpoint. */ export type TokenResponse = { /** * The access token. */ access_token: string; /** * The refresh token, available with the `offline_access` scope. */ refresh_token?: string; /** * The user's ID Token. */ id_token: string; /** * The token type of the access token. */ token_type?: string; /** * The duration in seconds that the access token is valid. */ expires_in: number; /** * The scopes associated with the token. */ scope: string; /** * Optional authorization details when using Rich Authorization Requests (RAR). * @see https://auth0.com/docs/get-started/apis/configure-rich-authorization-requests */ authorization_details?: AuthorizationDetails[]; }; /** * Options for the token request. */ export type TokenOptions = { /** * The authorization request ID. */ auth_req_id: string; }; /** * Interface for the backchannel authentication. */ export interface IBackchannel { authorize: (options: AuthorizeOptions) => Promise<AuthorizeResponse>; backchannelGrant: (options: TokenOptions) => Promise<TokenResponse>; } /** * Class implementing the backchannel authentication flow. */ export declare class Backchannel extends BaseAuthAPI implements IBackchannel { /** * Initiates a CIBA authorization request. * * @param {AuthorizeOptions} options - The options for the request. * @returns {Promise<AuthorizeResponse>} - The authorization response. * * @throws {Error} - If the request fails. */ authorize({ userId, ...options }: AuthorizeOptions): Promise<AuthorizeResponse>; /** * Handles the backchannel grant flow for authentication. Client can poll this method at regular intervals to check if the backchannel auth request has been approved. * * @param {string} auth_req_id - The authorization request ID. This value is returned from the call to /bc-authorize. Once you have exchanged an auth_req_id for an ID and access token, it is no longer usable. * @returns {Promise<TokenResponse>} - A promise that resolves to the token response. * * @throws {Error} - Throws an error if the request fails. * * If the authorizing user has not yet approved or rejected the request, you will receive a response like this: * ```json * { * "error": "authorization_pending", * "error_description": "The end-user authorization is pending" * } * ``` * * If the authorizing user rejects the request, you will receive a response like this: * ```json * { * "error": "access_denied", * "error_description": "The end-user denied the authorization request or it has been expired" * } * ``` * * If you are polling too quickly (faster than the interval value returned from /bc-authorize), you will receive a response like this: * ```json * { * "error": "slow_down", * "error_description": "You are polling faster than allowed. Try again in 10 seconds." * } * ``` */ backchannelGrant({ auth_req_id }: TokenOptions): Promise<TokenResponse>; }