UNPKG

fastify-auth0-verify

Version:

Auth0 verification plugin for Fastify

github.com/nearform/fastify-auth0-verify

nearform/fastify-auth0-verify

93 lines (80 loc) 3.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import { FastifyPluginCallback, FastifyReply, FastifyRequest } from 'fastify' import { UserType, SignPayloadType } from '@fastify/jwt' import NodeCache from 'node-cache' declare module 'fastify' { interface FastifyInstance { authenticate: fastifyAuth0Verify.Authenticate auth0Verify: fastifyAuth0Verify.Auth0Verify } interface FastifyRequest { auth0Verify: fastifyAuth0Verify.Auth0Verify auth0VerifySecretsCache: Pick<NodeCache, 'get' | 'set' | 'close'> } } type FastifyAuth0Verify = FastifyPluginCallback<fastifyAuth0Verify.FastifyAuth0VerifyOptions> declare namespace fastifyAuth0Verify { export interface FastifyAuth0VerifyOptions { /** * The Auth0 tenant domain. It enables verification of RS256 encoded tokens. * It is also used to verify the token issuer (iss). * Either provide a domain or the full URL, including the trailing slash (https://domain.com/). */ readonly domain?: string /** * The Auth0 audience (aud), usually the API name. * If you provide the value true, the domain will be also used as audience. * Accepts a string value, or an array of strings for multiple providers. */ readonly audience?: string | readonly string[] | boolean /** * The Auth0 issuer (iss), usually the API name. * By default the domain will be also used as audience. * Accepts a string value, or an array of strings or regexes for multiple * issuers. */ readonly issuer?: string | RegExp | (RegExp | string)[] /** * The Auth0 client secret. It enables verification of HS256 encoded JWT tokens. */ readonly secret?: string /** * If to return also the header and signature of the verified token. */ readonly complete?: boolean /** * How long (in milliseconds) to cache RS256 secrets before getting them * again using well known JWKS URLS. Setting to 0 or less disables the cache. */ readonly secretsTtl?: string | number /** * Used to indicate that the token can be passed using cookie, instead of the Authorization header. */ readonly cookie?: { /** * The name of the cookie. */ cookieName: string /** * Indicates whether the cookie is signed or not. If set to `true`, the JWT * will be verified using the unsigned value. */ signed?: boolean } /** * You may customize the request.user object setting a custom sync function as parameter: */ readonly formatUser?: (payload: SignPayloadType) => UserType } export type Authenticate = (request: FastifyRequest, reply: FastifyReply) => Promise<void> export interface Auth0Verify extends Pick<fastifyAuth0Verify.FastifyAuth0VerifyOptions, 'domain' | 'audience' | 'secret'> { readonly verify: fastifyAuth0Verify.FastifyAuth0VerifyOptions & { readonly algorithms: readonly string[] readonly audience?: string | readonly string[] } } export const fastifyAuth0Verify: FastifyAuth0Verify export { fastifyAuth0Verify as default } } declare function fastifyAuth0Verify(...params: Parameters<FastifyAuth0Verify>): ReturnType<FastifyAuth0Verify> export = fastifyAuth0Verify