UNPKG

moleculer-iam

Version:

Centralized IAM module for moleculer. Including a certified OIDC provider and an Identity provider for user profile, credentials, and custom claims management. Custom claims could be defined/updated by declarative schema which contains claims validation a

qmit-pro/moleculer-iam

97 lines (96 loc) 4.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import * as _ from "lodash"; import { Logger } from "../../lib/logger"; import { FindOptions, WhereAttributeHash } from "../../lib/rdbms"; import { OIDCAccountClaims, OIDCAccountCredentials } from "../../op"; import { IdentityMetadata } from "../metadata"; import { IdentityClaimsSchema } from "../claims"; import { ValidationError } from "../../lib/validator"; export declare type IDPAdapterProps = { logger?: Logger; }; export interface Transaction { commit(): Promise<void>; rollback(): Promise<void>; } export declare abstract class IDPAdapter { protected readonly props: IDPAdapterProps; protected readonly logger: Logger; abstract readonly displayName: string; constructor(props: IDPAdapterProps, options?: any); start(): Promise<void>; stop(): Promise<void>; abstract find(args: WhereAttributeHash): Promise<string | void>; abstract count(args: WhereAttributeHash): Promise<number>; abstract get(args: FindOptions): Promise<string[]>; validate(args: { id?: string; scope: string[]; claims: Partial<OIDCAccountClaims>; credentials?: Partial<OIDCAccountCredentials>; }): Promise<void>; create(args: { metadata: Partial<IdentityMetadata>; scope: string[]; claims: OIDCAccountClaims; credentials: Partial<OIDCAccountCredentials>; }, transaction?: Transaction, ignoreUndefinedClaims?: boolean): Promise<string>; abstract delete(id: string, transaction?: Transaction): Promise<boolean>; getClaims(id: string, scope: string[]): Promise<OIDCAccountClaims>; protected readonly getCachedActiveClaimsSchemata: ((scope: string[]) => Promise<{ activeClaimsVersions: { [key: string]: string; }; claimsSchemata: IdentityClaimsSchema[]; validateClaims: (value: any) => true | ValidationError[]; validClaimsKeys: string[]; uniqueClaimsSchemata: IdentityClaimsSchema[]; validateClaimsUniqueness: (id: string | void, object: { [key: string]: any; }) => Promise<true | ValidationError[]>; immutableClaimsSchemata: IdentityClaimsSchema[]; validateClaimsImmutability: (id: string, object: { [key: string]: any; }) => Promise<true | ValidationError[]>; }>) & _.MemoizedFunction; createOrUpdateClaimsWithValidation(id: string, claims: Partial<OIDCAccountClaims>, scope: string[], creating: boolean, transaction?: Transaction, ignoreUndefinedClaims?: boolean): Promise<void>; deleteClaims(id: string, scope: string[], transaction?: Transaction): Promise<void>; abstract onClaimsUpdated(id: string, updatedClaims: Partial<OIDCAccountClaims>, transaction?: Transaction): Promise<void>; abstract createOrUpdateVersionedClaims(id: string, claims: { key: string; value: any; schemaVersion: string; }[], transaction?: Transaction): Promise<void>; abstract getVersionedClaims(id: string, claims: { key: string; schemaVersion?: string; }[]): Promise<Partial<OIDCAccountClaims>>; abstract createClaimsSchema(schema: IdentityClaimsSchema, transaction?: Transaction): Promise<void>; abstract forceDeleteClaimsSchema(key: string, transaction?: Transaction): Promise<void>; onClaimsSchemaUpdated(): Promise<void>; abstract getClaimsSchema(args: { key: string; version?: string; active?: boolean; }): Promise<IdentityClaimsSchema | void>; abstract getClaimsSchemata(args: { scope: string[]; key?: string; version?: string; active?: boolean; }): Promise<IdentityClaimsSchema[]>; abstract setActiveClaimsSchema(args: { key: string; version: string; }, transaction?: Transaction): Promise<void>; abstract getMetadata(id: string): Promise<IdentityMetadata | void>; abstract createOrUpdateMetadata(id: string, metadata: Partial<IdentityMetadata>, transaction?: Transaction): Promise<void>; abstract assertCredentials(id: string, credentials: Partial<OIDCAccountCredentials>): Promise<boolean | null>; protected abstract createOrUpdateCredentials(id: string, credentials: Partial<OIDCAccountCredentials>, transaction?: Transaction): Promise<boolean>; private readonly testCredentials; createOrUpdateCredentialsWithValidation(id: string, credentials: Partial<OIDCAccountCredentials>, transaction?: Transaction): Promise<boolean>; validateCredentials(credentials: Partial<OIDCAccountCredentials>): Promise<void>; abstract transaction(): Promise<Transaction>; abstract acquireMigrationLock(key: string): Promise<void>; abstract touchMigrationLock(key: string, migratedIdentitiesNumber: number): Promise<void>; abstract releaseMigrationLock(key: string): Promise<void>; }