UNPKG

embassy

Version:

Simple JSON Web Tokens (JWT) with embedded scopes for services

github.com/TomFrost/embassy

TomFrost/embassy

219 lines (134 loc) 6.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
[embassy](../README.md) / [Exports](../modules.md) / TokenOptions # Interface: TokenOptions ## Hierarchy * [*EmbassyOptions*](embassyoptions.md) ↳ **TokenOptions** ## Table of contents ### Properties - [audience](tokenoptions.md#audience) - [claims](tokenoptions.md#claims) - [domainScopes](tokenoptions.md#domainscopes) - [expiresInSecs](tokenoptions.md#expiresinsecs) - [getPrivateKey](tokenoptions.md#getprivatekey) - [getPublicKey](tokenoptions.md#getpublickey) - [issuer](tokenoptions.md#issuer) - [keys](tokenoptions.md#keys) - [refreshScopes](tokenoptions.md#refreshscopes) - [refreshScopesAfterMs](tokenoptions.md#refreshscopesafterms) - [token](tokenoptions.md#token) ## Properties ### audience • `Optional` **audience**: *string* The audience string with which to sign and verify tokens by default. Inherited from: [EmbassyOptions](embassyoptions.md).[audience](embassyoptions.md#audience) Defined in: [src/types.ts:130](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L130) ___ ### claims • `Optional` **claims**: [*ManualClaims*](manualclaims.md) A mapping of default claims to add to each new JWT, unless overridden. Defined in: [src/types.ts:238](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L238) ___ ### domainScopes • `Optional` **domainScopes**: [*DomainScopeMap*](domainscopemap.md) A mapping of domain to maps of scopes to their index under that name. For example, if the "users" domain has "editSelf" and "editAll" scopes, the domainScopes might appear as ``` { users: { editSelf: 0, editAll: 1 } } ``` The index of each scope within a domain should start at 0 and increment by 1 with every new scope, never repeating a number. **`remarks`** Once an index has been set, it should never be changed as currently issued and valid tokens refer to their scopes by index number. This format is used so that scopes that become inapplicable after time can be deleted without shifting the indexes of scopes that come after them. Inherited from: [EmbassyOptions](embassyoptions.md).[domainScopes](embassyoptions.md#domainscopes) Defined in: [src/types.ts:171](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L171) ___ ### expiresInSecs • `Optional` **expiresInSecs**: *number* The number of seconds after which a newly signed token should expire, by default. **`defaultvalue`** 3600 Inherited from: [EmbassyOptions](embassyoptions.md).[expiresInSecs](embassyoptions.md#expiresinsecs) Defined in: [src/types.ts:144](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L144) ___ ### getPrivateKey • `Optional` **getPrivateKey**: (`kid`: *string*) => [*PrivateKeyDefinition*](../modules.md#privatekeydefinition) \| *Promise*<[*PrivateKeyDefinition*](../modules.md#privatekeydefinition)\> A function to be called when attempting to use a currently-unknown key ID to either: - Sign a Token - Verify a Token that was signed using a shared-secret symmetric algorithm in the HMAC family The function takes a key ID and should return or resolve to a `PrivateKeyDefinition` with the `algorithm` of the key, and a `privateKey` property with either the PEM-formatted asymmetric key or shared secret. **`param`** The ID of the key to be retrieved **`returns`** A private key definition for the supplied `kid`, or a promise that resolves to one. Inherited from: [EmbassyOptions](embassyoptions.md).[getPrivateKey](embassyoptions.md#getprivatekey) Defined in: [src/types.ts:215](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L215) ___ ### getPublicKey • `Optional` **getPublicKey**: (`kid`: *string*) => *string* \| *Promise*<*string*\> A function to be called when attempting to verify a token that was signed with a currently-unknown key ID using an asymmetric algorithm. It takes the key ID as its only argument, and must return a PEM-formatted public key. **`remarks`** When verifying a token signed with HMAC, `getPrivateKey` is used since symmetric keys should never be considered "public". This distinction is made automatically based on the algorithm header of the token being verified. **`param`** The ID of the key to be retrieved **`returns`** The PEM-encoded public key associated with the supplied `kid`. Inherited from: [EmbassyOptions](embassyoptions.md).[getPublicKey](embassyoptions.md#getpublickey) Defined in: [src/types.ts:233](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L233) ___ ### issuer • `Optional` **issuer**: *string* The issuer string with which to sign and verify tokens by default. Inherited from: [EmbassyOptions](embassyoptions.md).[issuer](embassyoptions.md#issuer) Defined in: [src/types.ts:134](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L134) ___ ### keys • `Optional` **keys**: *Record*<*string*, [*KeyDefinition*](../modules.md#keydefinition)\> A mapping of key IDs to KeyDefinitions to check initially before any calls to find external keys are made. **`remarks`** **IMPORTANT NOTE:** This object will be mutated in order to cache keys for future token signing and verification. If it's important that the original object remain unmodified, clone it before passing it in. Inherited from: [EmbassyOptions](embassyoptions.md).[keys](embassyoptions.md#keys) Defined in: [src/types.ts:181](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L181) ___ ### refreshScopes • `Optional` **refreshScopes**: () => [*DomainScopeMap*](domainscopemap.md) \| *Promise*<[*DomainScopeMap*](domainscopemap.md)\> A function to update (or retrieve for the first time) the domainScopes map. When a scope is requested that does not exist in the currently known map, this function will be called to update the map and look for the scope before giving up and throwing an Error. Must return, or resolve to, a new `DomainScopeMap`. Inherited from: [EmbassyOptions](embassyoptions.md).[refreshScopes](embassyoptions.md#refreshscopes) Defined in: [src/types.ts:189](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L189) ___ ### refreshScopesAfterMs • `Optional` **refreshScopesAfterMs**: *number* The number of milliseconds that must pass before the scopes can be refreshed again. If `refreshScopes` is called and a new, unknown scope is encountered within this amount of time from that call, an Error will be thrown rather than refreshing the scopes. **`defaultvalue`** 1000 Inherited from: [EmbassyOptions](embassyoptions.md).[refreshScopesAfterMs](embassyoptions.md#refreshscopesafterms) Defined in: [src/types.ts:198](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L198) ___ ### token • `Optional` **token**: *string* A token string to be decoded and parsed to initialize this Token Defined in: [src/types.ts:240](https://github.com/TomFrost/Embassy/blob/3a9cf3a/src/types.ts#L240)