UNPKG

lbx-jwt

Version:

Provides JWT authentication for loopback applications. Includes storing roles inside tokens and handling refreshing. Built-in reuse detection.

65 lines (64 loc) 3.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { AuthenticationExtensionsAuthenticatorOutputs } from '@simplewebauthn/server/script/helpers/decodeAuthenticatorExtensions'; import { BiometricRegistrationOptions } from '../controllers'; import { AuthenticationResponse } from '../controllers/auth/biometric/authentication-response.model'; import { AuthenticatorExtensionsAuthenticatorOutputs } from '../controllers/auth/biometric/authenticator-extensions-authenticator-outputs.model'; import { BiometricRegistrationResponse } from '../controllers/auth/biometric/biometric-registration-response.model'; import { PublicKeyCredentialRequestOptions } from '../controllers/auth/biometric/public-key-credential-request-options.model'; import { VerifiedBiometricRegistration } from '../controllers/auth/biometric/verified-biometric-registration.model'; import { VerifiedAuthenticationResponse } from '../encapsulation/webauthn.utilities'; import { BiometricCredentials } from '../models'; /** * The base service for handling biometric credentials. */ export declare abstract class BaseBiometricCredentialsService { /** * Human-readable title for your frontend. */ protected abstract readonly RP_NAME: string; /** * The domain of your frontend. Without https:// and without any trailing /. */ protected abstract readonly RP_DOMAIN: string; /** * Error message to throw when no registration was found with the provided challenge for verifying the registration response. */ protected readonly NO_REGISTRATION_WITH_PROVIDED_CHALLENGE_FOUND_ERROR_MESSAGE: string; /** * The complete origin of your frontend. * By default this returns https://${this.RP_DOMAIN}. */ protected get RP_ORIGIN(): string; /** * Generate biometric registration options. * @param userEmail - The email of the user to generate the options for. * @param alreadyRegisteredCredentials - Any already registered credentials of the user to avoid duplication. * @returns The generated registration options. */ generateRegistrationOptions(userEmail: string, alreadyRegisteredCredentials: BiometricCredentials[]): Promise<BiometricRegistrationOptions>; /** * Verifies a biometric registration. * @param body - The request body including the data to verify (challenge, etc.). * @param expectedChallenge - The expected challenge. * @returns The verified biometric registration response. */ verifyRegistrationResponse(body: BiometricRegistrationResponse, expectedChallenge?: string): Promise<VerifiedBiometricRegistration>; /** * Transforms the given authenticatorExtensionResults to an easier to use structure that uses base64 url strings instead of Uint8Arrays. * @param authenticatorExtensionResults - The original extension results to transform. * @returns The transformed value. */ protected transformAuthenticatorExtensionResults(authenticatorExtensionResults: AuthenticationExtensionsAuthenticatorOutputs): AuthenticatorExtensionsAuthenticatorOutputs; /** * Generates authentication options from the provided biometric credentials. * @param credentialsOfUser - The credentials to generate the options for. * @returns The generated authentication options. */ generateAuthenticationOptions(credentialsOfUser: BiometricCredentials[]): Promise<PublicKeyCredentialRequestOptions>; /** * Verify that the user has legitimately completed the authentication process. * @param body - The response from the frontend. * @param biometricCredential - The biometric credential that the user tries to login with. * @returns The verified authentication response. */ verifyAuthenticationResponse(body: AuthenticationResponse, biometricCredential: BiometricCredentials): Promise<VerifiedAuthenticationResponse>; }