UNPKG

lets-mfa

Version:

Free, secure, and quick way to add MFA to your existing app. No user migrations or re-architecture needed!

93 lines 4.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import * as jose from "jose"; import { AuthPolicy } from "./lib/auth-policy"; import { AuthenticateResponse } from "./lib/auth"; import { JWTVerificationOptions } from "lets-mfa-rp-lib"; import { AuthStartResponse, EnrollStartResponse, JWT } from "./main"; export type SuccessResponse = AuthenticateResponse & { sub: string; jwt: JWT; }; export interface LetsMFAOptions { /** The LetsMFA realm to use. Defaults to "auth.letsmfa.com" */ realm?: string; /** A response URL that will be used when there no response URL is * provided for each request. This is useful when you have a single * response url for all types of requests. */ defaultResponseUrl?: string; /** The domain for this LetsMFA instance */ domain: string; /** The logo to display to the user during auth. This must be from a domain * covered by the 'domain' value. For example, if the domain is 'example.com', * the logoUrl may be from 'https://images.example.com/logo.png' */ logoUrl?: string; /** The unique identifier, such as IP address, for this client/host */ clientId?: string; /** Public/private keys for communicating with LetsMFA. Each must be a json JWK object, * or a string that can base JSON.parse() into a JWK object. */ keys: { publicKey: jose.JWK | string; privateKey: jose.JWK | string; }; /** An AuthPolicy that will be used as a default when none is supplied to the enroll/auth methods. */ defaultAuthPolicy?: AuthPolicy; /** Validation requirements for any JWT given on the enroll/auth flows. */ nestedJWTValidationOptions?: JWTVerificationOptions; } export declare class LetsMFA { private options; private privateKey; private publicKey; constructor(options: LetsMFAOptions); /** Returns the public key */ getPublicKey(): jose.JWK; /** The Enrollment flow allows a user to define their methods of authentication. The EnrollmentResponse * object is returned as a query parameter to the responseUrl provided in the EnrollRequest. * * @param responseUrl The URL to which the user will be redirected after enrollment is complete. * @param nestedJWT A signed JWT from another provider, or self generated. This value will be nested in the JWT returned by LetsMFA. * @param enrollOptions Optional configuration for the enrollment flow. These can be used to configure the user interface and to enforce authentication requirements. * @param validThrough Optional The epoch seconds UTC through which the user has to complete enrollment. If not provided, the request will expire in 5 minutes. * @param accountVault Optional supply an existing account vault to allow the user to update/change their methods of authentication. * @param requestId Optional supply a unique identifier for this request. If not provided, a random UUID will be generated. This may be used to prevent replay attacks. * * returns a URL to which the user should be redirect to begin the enrollment flow */ startEnroll(options: { responseUrl?: string; nestedJWT: string; authPolicy?: AuthPolicy; validThrough?: number; accountVault?: string; requestId?: string; accountDisplayName: string; isTestAccount?: boolean; }): Promise<EnrollStartResponse>; handleAuthResponse(responseToken: string): Promise<SuccessResponse>; /** A convenience method for generating a self signed JWT (aka a JWS) * that can be used in the generateEnrollRequest and generateAuthenticateRequest methods. * * Supply the user value, which can be any string. THe value will be used as the subject of the JWT. * * @param user The user value to use as the subject of the JWT * @param expirationEpochSeconds Optional The epoch UTC seconds through which the JWT is valid. If not provided, the JWT will expire in 8 hours. * @param requestId Optional supply a unique identifier for this request. If not provided, a random UUID will be generated. This may be used to prevent replay attacks. */ generateSelfSignedJWT(user: string, expirationEpochSeconds?: number): Promise<string>; /** The Authentication flow allows a user to authenticate using the methods they have enrolled. */ startAuthentication(options: { responseUrl?: string; nestedJWT: string; accountVault: string; validThrough?: number; authPolicy?: AuthPolicy; accountDisplayName: string; requestId?: string; isTestAccount?: boolean; }): Promise<AuthStartResponse>; validateJwt(jwt: string): Promise<JWT[]>; getRealm(): string; } //# sourceMappingURL=letsmfa.d.ts.map