UNPKG

lbx-jwt

Version:

Provides JWT authentication for loopback applications. Includes storing roles inside tokens and handling refreshing. Built-in reuse detection.

50 lines (49 loc) 2.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import { Options } from '@loopback/repository'; import { AccessTokenService } from './access-token.service'; import { BaseUserService } from './base-user.service'; import { RefreshTokenWithRelations } from '../models'; import { BaseUserProfile } from '../models/base-user-profile.model'; import { BaseUserRepository, RefreshTokenRepository } from '../repositories'; import { TokenObject } from '../types'; /** * Handles refreshing of auth tokens. */ export declare class RefreshTokenService<RoleType extends string> { private readonly refreshTokenSecret; private readonly refreshTokenExpiresInMs; private readonly refreshIssuer; private readonly baseUserRepository; private readonly refreshTokenRepository; private readonly userService; private readonly accessTokenService; private readonly accessTokenExpiresInMs; constructor(refreshTokenSecret: string, refreshTokenExpiresInMs: number, refreshIssuer: string, baseUserRepository: BaseUserRepository<RoleType>, refreshTokenRepository: RefreshTokenRepository, userService: BaseUserService<RoleType>, accessTokenService: AccessTokenService<RoleType>, accessTokenExpiresInMs: number); /** * Generate a refresh token, bind it with the given user profile, then store them in backend. * @param userProfile - The user profile for which the token should be generated. * @param token - The access token of the user. * @returns An object containing the access and the refresh token. */ generateToken(userProfile: BaseUserProfile<RoleType>, token: string): Promise<TokenObject>; /** * Refresh the access token bound with the given refresh token. * @param refreshTokenValue - The refresh token value used to refresh the token. * @param options - Additional options eg. Transaction. * @returns An object containing the new access and the new refresh token. */ refreshToken(refreshTokenValue: string, options?: Options): Promise<TokenObject>; private refreshTokenIsExpired; /** * Revokes the family of the given token. * That means that every refresh token that comes from the same original login gets deleted. * @param refreshTokenValue - The value of the token that should be revoked. */ revokeTokenFamily(refreshTokenValue: string): Promise<void>; /** * Verify the validity of a refresh token, and make sure it exists in backend. * @param refreshToken - The refresh token that should be verified. * @param options - Additional options eg. Transaction. * @returns The found refresh token with its relations or an error. */ verifyToken(refreshToken: string, options?: Options): Promise<RefreshTokenWithRelations>; }