matrix-js-sdk
Version:
Matrix Client-Server SDK for Javascript
98 lines • 4 kB
TypeScript
import { OidcMetadata, SigninResponse } from "oidc-client-ts";
import { IDelegatedAuthConfig } from "../client";
import { OidcError } from "./error";
/**
* re-export for backwards compatibility
* @deprecated use OidcError
*/
export { OidcError as OidcDiscoveryError };
export type ValidatedIssuerConfig = {
authorizationEndpoint: string;
tokenEndpoint: string;
registrationEndpoint?: string;
};
/**
* Validates MSC2965 m.authentication config
* Returns valid configuration
* @param wellKnown - client well known as returned from ./well-known/client/matrix
* @returns config - when present and valid
* @throws when config is not found or invalid
*/
export declare const validateWellKnownAuthentication: (authentication?: IDelegatedAuthConfig) => IDelegatedAuthConfig;
/**
* Validates issuer `.well-known/openid-configuration`
* As defined in RFC5785 https://openid.net/specs/openid-connect-discovery-1_0.html
* validates that OP is compatible with Element's OIDC flow
* @param wellKnown - json object
* @returns valid issuer config
* @throws Error - when issuer config is not found or is invalid
*/
export declare const validateOIDCIssuerWellKnown: (wellKnown: unknown) => ValidatedIssuerConfig;
/**
* Metadata from OIDC authority discovery
* With validated properties required in type
*/
export type ValidatedIssuerMetadata = Partial<OidcMetadata> & Pick<OidcMetadata, "issuer" | "authorization_endpoint" | "token_endpoint" | "registration_endpoint" | "revocation_endpoint" | "response_types_supported" | "grant_types_supported" | "code_challenge_methods_supported">;
/**
* Wraps validateOIDCIssuerWellKnown in a type assertion
* that asserts expected properties are present
* (Typescript assertions cannot be arrow functions)
* @param metadata - issuer openid-configuration response
* @throws when metadata validation fails
*/
export declare function isValidatedIssuerMetadata(metadata: Partial<OidcMetadata>): asserts metadata is ValidatedIssuerMetadata;
/**
* Validate idToken
* https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
* @param idToken - id token from token endpoint
* @param issuer - issuer for the OP as found during discovery
* @param clientId - this client's id as registered with the OP
* @param nonce - nonce used in the authentication request
* @throws when id token is invalid
*/
export declare const validateIdToken: (idToken: string | undefined, issuer: string, clientId: string, nonce: string) => void;
/**
* State we ask OidcClient to store when starting oidc authorization flow (in `generateOidcAuthorizationUrl`)
* so that we can access it on return from the OP and complete login
*/
export type UserState = {
/**
* Remember which server we were trying to login to
*/
homeserverUrl: string;
identityServerUrl?: string;
/**
* Used to validate id token
*/
nonce: string;
};
/**
* Validate stored user state exists and is valid
* @param userState - userState returned by oidcClient.processSigninResponse
* @throws when userState is invalid
*/
export declare function validateStoredUserState(userState: unknown): asserts userState is UserState;
/**
* The expected response type from the token endpoint during authorization code flow
* Normalized to always use capitalized 'Bearer' for token_type
*
* See https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.4,
* https://openid.net/specs/openid-connect-basic-1_0.html#TokenOK.
*/
export type BearerTokenResponse = {
token_type: "Bearer";
access_token: string;
scope: string;
refresh_token?: string;
expires_in?: number;
expires_at?: number;
id_token?: string;
};
/**
* Make required properties required in type
*/
type ValidSignInResponse = SigninResponse & BearerTokenResponse & {
token_type: "Bearer" | "bearer";
};
export declare function validateBearerTokenResponse(response: unknown): asserts response is ValidSignInResponse;
//# sourceMappingURL=validate.d.ts.map