UNPKG

lbx-jwt

Version:

Provides JWT authentication for loopback applications. Includes storing roles inside tokens and handling refreshing. Built-in reuse detection.

140 lines (139 loc) 4.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
import { BindingKey } from '@loopback/core'; import { AccessTokenService, BaseMailService, BaseUserService, BaseBiometricCredentialsService, RefreshTokenService, TwoFactorService } from './services'; /** * Contains all values which have defaults. */ interface DefaultValues { /** * The amount of milliseconds after which the access token expires. * @default 3600000 // 1 hour */ readonly ACCESS_TOKEN_EXPIRES_IN_MS: number; /** * The amount of milliseconds after which the refresh token expires. * @default 8640000000 // 100 days */ readonly REFRESH_TOKEN_EXPIRES_IN_MS: number; /** * The refresh token issuer stored inside the refresh token. * @default 'api' */ readonly REFRESH_TOKEN_ISSUER: string; /** * The amount of time that the password reset token is active. */ readonly PASSWORD_RESET_TOKEN_EXPIRES_IN_MS: number; } /** * Default Values for the component. */ export declare const LbxJwtDefaultValues: DefaultValues; /** * Bindings to customize the LbxJwt component. */ export declare namespace LbxJwtBindings { /** * The key for the secret used to generate access tokens. */ const ACCESS_TOKEN_SECRET: BindingKey<string>; /** * The key for the amount of milliseconds after which the access token expires. * @default 3600000 // 1 hour */ const ACCESS_TOKEN_EXPIRES_IN_MS: BindingKey<number>; /** * The key for the service that handles generating and validating access tokens. */ const ACCESS_TOKEN_SERVICE: BindingKey<AccessTokenService<string>>; /** * The key for the service that handles verifying user credentials. */ const BASE_USER_SERVICE: BindingKey<BaseUserService<string>>; /** * The key of the datasource. */ const DATASOURCE_KEY: string; /** * The key of the repository responsible for handling users. */ const BASE_USER_REPOSITORY: string; /** * The key of the repository responsible for handling user credentials. */ const CREDENTIALS_REPOSITORY: string; /** * The key for the secret used to generate refresh tokens. */ const REFRESH_TOKEN_SECRET: BindingKey<string>; /** * The key for the amount of milliseconds after which the refresh token expires. * @default 8640000000 // 100 days */ const REFRESH_TOKEN_EXPIRES_IN_MS: BindingKey<number>; /** * The key for the service that handles refresh tokens. */ const REFRESH_TOKEN_SERVICE: BindingKey<RefreshTokenService<string>>; /** * The key for the refresh token issuer stored inside the refresh token.. * @default 'api' */ const REFRESH_TOKEN_ISSUER: BindingKey<string>; /** * The key of the backend datasource for refresh token's persistency. */ const REFRESH_TOKEN_DATASOURCE_KEY: string; /** * Key for the repository that stores the refresh token and its bound user information. */ const REFRESH_TOKEN_REPOSITORY: string; /** * The key for the amount of milliseconds after which the reset password token expires. * @default 300000 // 5 minutes */ const PASSWORD_RESET_TOKEN_EXPIRES_IN_MS: BindingKey<number>; /** * The key for the repository that stores the password reset token. */ const PASSWORD_RESET_TOKEN_REPOSITORY: string; /** * The key for the service that handles sending emails. */ const MAIL_SERVICE: BindingKey<BaseMailService<string>>; /** * Provider for all possible role values. */ const ROLES: BindingKey<string[]>; /** * The label to display inside the two factor app. */ const TWO_FACTOR_LABEL: BindingKey<string>; /** * Whether or not two factor authentication should be forced. If set to true a user is only allowed to login, * any other request leads to an error if two factor authentication is disabled. */ const FORCE_TWO_FACTOR: BindingKey<boolean>; /** * Routes that should be accessible even if two factor authentication is disabled for the user. * By default this is the login route. */ const FORCE_TWO_FACTOR_ALLOWED_ROUTES: BindingKey<string[]>; /** * The custom header for request where the two factor code is provided. * Defaults to 'X-Authorization-2FA'. */ const TWO_FACTOR_HEADER: BindingKey<string>; /** * Provider for the two factor service. */ const TWO_FACTOR_SERVICE: BindingKey<TwoFactorService<string>>; /** * Provider for the biometric credentials service. */ const BIOMETRIC_CREDENTIALS_SERVICE: BindingKey<BaseBiometricCredentialsService>; /** * The key for the repository that stores the password reset token. */ const BIOMETRIC_CREDENTIALS_REPOSITORY: string; } export {};