kopi-id
Version:
Simple OIDC Library
225 lines (191 loc) • 7.88 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", {
value: true
});
exports["default"] = void 0;
var _jsonwebtoken = _interopRequireDefault(require("jsonwebtoken"));
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { "default": obj }; }
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
var _default = function _default(oidcConfig) {
var host = oidcConfig.host,
jwtAlgorithm = oidcConfig.jwtAlgorithm,
idTokenExpiresIn = oidcConfig.idTokenExpiresIn,
accessTokenExpiresIn = oidcConfig.accessTokenExpiresIn;
var signIdToken = /*#__PURE__*/function () {
var _ref = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee(payload, client) {
var options, token;
return regeneratorRuntime.wrap(function _callee$(_context) {
while (1) {
switch (_context.prev = _context.next) {
case 0:
_context.prev = 0;
options = {
algorithm: jwtAlgorithm,
expiresIn: idTokenExpiresIn,
audience: client.id,
issuer: host
};
token = _jsonwebtoken["default"].sign(payload, client.secret, options);
return _context.abrupt("return", Promise.resolve(token));
case 6:
_context.prev = 6;
_context.t0 = _context["catch"](0);
return _context.abrupt("return", Promise.reject(_context.t0));
case 9:
case "end":
return _context.stop();
}
}
}, _callee, null, [[0, 6]]);
}));
return function signIdToken(_x, _x2) {
return _ref.apply(this, arguments);
};
}();
var verifyIdToken = /*#__PURE__*/function () {
var _ref2 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee2(token, client) {
var options, payload;
return regeneratorRuntime.wrap(function _callee2$(_context2) {
while (1) {
switch (_context2.prev = _context2.next) {
case 0:
_context2.prev = 0;
options = {
algorithm: jwtAlgorithm,
expiresIn: idTokenExpiresIn,
audience: client.id,
issuer: host
};
payload = _jsonwebtoken["default"].verify(token, client.secret, options);
return _context2.abrupt("return", Promise.resolve(payload));
case 6:
_context2.prev = 6;
_context2.t0 = _context2["catch"](0);
return _context2.abrupt("return", Promise.reject(_context2.t0));
case 9:
case "end":
return _context2.stop();
}
}
}, _callee2, null, [[0, 6]]);
}));
return function verifyIdToken(_x3, _x4) {
return _ref2.apply(this, arguments);
};
}();
var signToken = /*#__PURE__*/function () {
var _ref3 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee3(payload, client, accessTokenSecret) {
var options, token;
return regeneratorRuntime.wrap(function _callee3$(_context3) {
while (1) {
switch (_context3.prev = _context3.next) {
case 0:
_context3.prev = 0;
options = {
algorithm: jwtAlgorithm,
expiresIn: accessTokenExpiresIn,
audience: client.id,
issuer: host
};
token = _jsonwebtoken["default"].sign(payload, accessTokenSecret, options);
return _context3.abrupt("return", Promise.resolve(token));
case 6:
_context3.prev = 6;
_context3.t0 = _context3["catch"](0);
return _context3.abrupt("return", Promise.reject(_context3.t0));
case 9:
case "end":
return _context3.stop();
}
}
}, _callee3, null, [[0, 6]]);
}));
return function signToken(_x5, _x6, _x7) {
return _ref3.apply(this, arguments);
};
}();
var verifyToken = /*#__PURE__*/function () {
var _ref4 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee4(token, accessTokenSecret) {
var options, payload;
return regeneratorRuntime.wrap(function _callee4$(_context4) {
while (1) {
switch (_context4.prev = _context4.next) {
case 0:
_context4.prev = 0;
options = {
algorithm: jwtAlgorithm,
expiresIn: accessTokenExpiresIn,
issuer: host
};
payload = _jsonwebtoken["default"].verify(token, accessTokenSecret, options);
return _context4.abrupt("return", Promise.resolve(payload));
case 6:
_context4.prev = 6;
_context4.t0 = _context4["catch"](0);
return _context4.abrupt("return", Promise.reject(_context4.t0));
case 9:
case "end":
return _context4.stop();
}
}
}, _callee4, null, [[0, 6]]);
}));
return function verifyToken(_x8, _x9) {
return _ref4.apply(this, arguments);
};
}();
var validateClientSecretJwt = /*#__PURE__*/function () {
var _ref5 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee5(token) {
var payload, clientId, client, clientSecret, options, verifiedPayload;
return regeneratorRuntime.wrap(function _callee5$(_context5) {
while (1) {
switch (_context5.prev = _context5.next) {
case 0:
_context5.prev = 0;
// Decode without Verify
payload = _jsonwebtoken["default"].decode(token); // Get Client ID
clientId = payload.sub; // Get Client Secret
_context5.next = 5;
return oidcConfig.onGetClient(clientId);
case 5:
client = _context5.sent;
if (!(client == null)) {
_context5.next = 8;
break;
}
throw new Error('Client Not Found');
case 8:
// Verify
clientSecret = client.secret;
options = {
issuer: clientId,
subject: clientId,
audience: host
};
verifiedPayload = _jsonwebtoken["default"].verify(token, clientSecret, options);
return _context5.abrupt("return", Promise.resolve(verifiedPayload));
case 14:
_context5.prev = 14;
_context5.t0 = _context5["catch"](0);
return _context5.abrupt("return", Promise.reject(_context5.t0));
case 17:
case "end":
return _context5.stop();
}
}
}, _callee5, null, [[0, 14]]);
}));
return function validateClientSecretJwt(_x10) {
return _ref5.apply(this, arguments);
};
}();
return {
signIdToken: signIdToken,
verifyIdToken: verifyIdToken,
signToken: signToken,
verifyToken: verifyToken,
validateClientSecretJwt: validateClientSecretJwt
};
};
exports["default"] = _default;