moleculer-iam
Version:
Centralized IAM module for moleculer. Including a certified OIDC provider and an Identity provider for user profile, credentials, and custom claims management. Custom claims could be defined/updated by declarative schema which contains claims validation a
208 lines (207 loc) • 5.6 kB
TypeScript
import { AnyObject, SubjectTypes, ClaimsWithRejects, ClientAuthorizationState, InteractionResults } from "oidc-provider";
import * as jose from "jose";
export { ClientMetadata } from "oidc-provider";
export declare type Interaction = {
iat: number;
exp: number;
session?: {
accountId: string;
cookie: string;
jti?: string;
acr?: string;
amr?: string[];
};
params: AnyObject;
prompt: {
name: "login" | "consent" | string;
reasons: string[];
details: AnyObject;
};
result: InteractionResults;
returnTo: string;
signed?: string[];
uid: string;
lastSubmission?: InteractionResults;
save(ttl?: number): Promise<string>;
};
export declare type Client = {
clientId: string;
keystore: any;
grantTypes?: string[];
redirectUris?: string[];
responseTypes?: ResponseType[];
applicationType?: "web" | "native";
clientIdIssuedAt?: number;
clientName?: string;
clientSecretExpiresAt?: number;
clientSecret?: string;
clientUri?: string;
contacts?: string[];
defaultAcrValues?: string[];
defaultMaxAge?: number;
idTokenSignedResponseAlg?: string;
initiateLoginUri?: string;
jwksUri?: string;
jwks?: jose.JSONWebKeySet;
logoUri?: string;
policyUri?: string;
postLogoutRedirectUris?: string[];
requireAuthTime?: boolean;
scope?: string;
sectorIdentifierUri?: string;
subjectType?: SubjectTypes;
tokenEndpointAuthMethod?: string;
tosUri?: string;
tlsClientAuthSubjectDn?: string;
tlsClientAuthSanDns?: string;
tlsClientAuthSanUri?: string;
tlsClientAuthSanIp?: string;
tlsClientAuthSanEmail?: string;
tokenEndpointAuthSigningAlg?: string;
userinfoSignedResponseAlg?: string;
introspectionEndpointAuthMethod?: string;
introspectionEndpointAuthSigningAlg?: string;
introspectionSignedResponseAlg?: string;
introspectionEncryptedResponseAlg?: string;
introspectionEncryptedResponseEnc?: string;
revocationEndpointAuthMethod?: string;
revocationEndpointAuthSigningAlg?: string;
backchannelLogoutSessionRequired?: boolean;
backchannelLogoutUri?: string;
frontchannelLogoutSessionRequired?: boolean;
frontchannelLogoutUri?: string;
requestObjectSigningAlg?: string;
requestObjectEncryptionAlg?: string;
requestObjectEncryptionEnc?: string;
requestUris?: string[];
idTokenEncryptedResponseAlg?: string;
idTokenEncryptedResponseEnc?: string;
userinfoEncryptedResponseAlg?: string;
userinfoEncryptedResponseEnc?: string;
authorizationSignedResponseAlg?: string;
authorizationEncryptedResponseAlg?: string;
authorizationEncryptedResponseEnc?: string;
webMessageUris?: string[];
tlsClientCertificateBoundAccessTokens?: boolean;
[key: string]: any;
};
export declare type Session = {
iat: number;
exp: number;
uid: string;
jti: string;
account?: string;
acr?: string;
amr?: string[];
loginTs?: number;
transient?: boolean;
state?: AnyObject;
authorizations?: {
[clientId: string]: ClientAuthorizationState;
};
};
export declare type AuthorizationCode = {
iat: number;
exp: number;
uid: string;
jti: string;
redirectUri?: string;
codeChallenge?: string;
codeChallengeMethod?: string;
accountId?: string;
acr?: string;
amr?: string[];
authTime?: number;
claims?: ClaimsWithRejects;
nonce?: string;
resource?: string;
scope?: string;
sid?: string;
sessionUid?: string;
expiresWithSession?: boolean;
"x5t#S256"?: string;
jkt?: string;
grantId?: string;
gty?: string;
};
export declare type AccessToken = {
iat: number;
exp: number;
uid: string;
jti: string;
accountId: string;
aud?: string[];
claims?: ClaimsWithRejects;
extra?: AnyObject;
grantId: string;
scope?: string;
gty: string;
sid?: string;
sessionUid?: string;
expiresWithSession?: boolean;
tokenType: string;
"x5t#S256"?: string;
jkt?: string;
};
export declare type RefreshToken = {
iat: number;
exp: number;
uid: string;
jti: string;
rotations?: number;
accountId: string;
acr?: string;
amr?: string[];
authTime?: number;
claims?: ClaimsWithRejects;
nonce?: string;
resource?: string;
scope?: string;
sid?: string;
sessionUid?: string;
expiresWithSession?: boolean;
"x5t#S256"?: string;
jkt?: string;
grantId?: string;
gty?: string;
consumed?: any;
};
export declare type DeviceCode = {
iat: number;
exp: number;
uid: string;
jti: string;
error?: string;
errorDescription?: string;
params?: AnyObject;
userCode: string;
inFlight?: boolean;
deviceInfo?: AnyObject;
codeChallenge?: string;
codeChallengeMethod?: string;
accountId?: string;
acr?: string;
amr?: string[];
authTime?: number;
claims?: ClaimsWithRejects;
nonce?: string;
resource?: string;
scope?: string;
sid?: string;
sessionUid?: string;
expiresWithSession?: boolean;
grantId: string;
gty: string;
consumed?: any;
};
export interface DeviceInfo {
}
export interface DiscoveryMetadata {
display_values_supported?: string[];
claim_types_supported?: string[];
claims_locales_supported?: string[];
ui_locales_supported?: string[];
op_tos_uri?: string | null;
op_policy_uri?: string | null;
service_documentation?: string | null;
}