UNPKG

matrix-js-sdk

Version:

Matrix Client-Server SDK for Javascript

github.com/matrix-org/matrix-js-sdk

matrix-org/matrix-js-sdk

78 lines 3.24 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import { type IdTokenClaims, type OidcMetadata, type SigninResponse } from "oidc-client-ts"; /** * Metadata from OAuth 2.0 client authentication API as per * https://spec.matrix.org/v1.17/client-server-api/#get_matrixclientv1auth_metadata * With validated properties required in type */ export type ValidatedAuthMetadata = Partial<OidcMetadata> & Pick<OidcMetadata, "issuer" | "authorization_endpoint" | "token_endpoint" | "revocation_endpoint" | "response_types_supported" | "grant_types_supported" | "code_challenge_methods_supported"> & { account_management_uri?: string; account_management_actions_supported?: string[]; prompt_values_supported?: string[]; device_authorization_endpoint?: string; }; /** * Validates OAuth 2.0 auth metadata as defined by * https://spec.matrix.org/v1.17/client-server-api/#get_matrixclientv1auth_metadata * is compatible with Element's OAuth/OIDC flow * @param authMetadata - json object * @returns valid issuer config * @throws Error - when issuer config is not found or is invalid */ export declare const validateAuthMetadata: (authMetadata: unknown) => ValidatedAuthMetadata; export declare const decodeIdToken: (token: string) => IdTokenClaims; /** * Validate idToken * https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation * @param idToken - id token from token endpoint * @param issuer - issuer for the OP as found during discovery * @param clientId - this client's id as registered with the OP * @param nonce - nonce used in the authentication request * @throws when id token is invalid */ export declare const validateIdToken: (idToken: string | undefined, issuer: string, clientId: string, nonce: string | undefined) => void; /** * State we ask OidcClient to store when starting oidc authorization flow (in `generateOidcAuthorizationUrl`) * so that we can access it on return from the OP and complete login */ export type UserState = { /** * Remember which server we were trying to login to */ homeserverUrl: string; identityServerUrl?: string; /** * Used to validate id token */ nonce: string; }; /** * Validate stored user state exists and is valid * @param userState - userState returned by oidcClient.processSigninResponse * @throws when userState is invalid */ export declare function validateStoredUserState(userState: unknown): asserts userState is UserState; /** * The expected response type from the token endpoint during authorization code flow * Normalized to always use capitalized 'Bearer' for token_type * * See https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.4, * https://openid.net/specs/openid-connect-basic-1_0.html#TokenOK. */ export type BearerTokenResponse = { token_type: "Bearer"; access_token: string; scope: string; refresh_token?: string; expires_in?: number; expires_at?: number; id_token: string; }; /** * Make required properties required in type */ type ValidSignInResponse = SigninResponse & BearerTokenResponse & { token_type: "Bearer" | "bearer"; }; export declare function validateBearerTokenResponse(response: unknown): asserts response is ValidSignInResponse; export {}; //# sourceMappingURL=validate.d.ts.map