n8n
Version:
n8n Workflow Automation Tool
162 lines (161 loc) • 6.17 kB
TypeScript
import type { Secret } from 'jsonwebtoken';
import { z } from 'zod';
export declare const TOKEN_EXCHANGE_GRANT_TYPE: "urn:ietf:params:oauth:grant-type:token-exchange";
export declare const JwtAlgorithmSchema: z.ZodEnum<["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "EdDSA"]>;
export declare const ExternalTokenClaimsSchema: z.ZodObject<{
sub: z.ZodString;
iss: z.ZodString;
aud: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
iat: z.ZodNumber;
exp: z.ZodNumber;
jti: z.ZodString;
nbf: z.ZodOptional<z.ZodNumber>;
email: z.ZodOptional<z.ZodString>;
given_name: z.ZodOptional<z.ZodString>;
family_name: z.ZodOptional<z.ZodString>;
role: z.ZodOptional<z.ZodString>;
}, "strip", z.ZodTypeAny, {
sub: string;
exp: number;
iss: string;
aud: string | string[];
iat: number;
jti: string;
email?: string | undefined;
role?: string | undefined;
nbf?: number | undefined;
given_name?: string | undefined;
family_name?: string | undefined;
}, {
sub: string;
exp: number;
iss: string;
aud: string | string[];
iat: number;
jti: string;
email?: string | undefined;
role?: string | undefined;
nbf?: number | undefined;
given_name?: string | undefined;
family_name?: string | undefined;
}>;
export type ExternalTokenClaims = z.infer<typeof ExternalTokenClaimsSchema>;
export declare const TrustedKeySourceSchema: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
type: z.ZodLiteral<"static">;
kid: z.ZodString;
algorithms: z.ZodArray<z.ZodEnum<["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "EdDSA"]>, "many">;
key: z.ZodString;
issuer: z.ZodString;
expectedAudience: z.ZodOptional<z.ZodString>;
allowedRoles: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
}, "strip", z.ZodTypeAny, {
key: string;
type: "static";
issuer: string;
kid: string;
algorithms: ("RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "EdDSA")[];
expectedAudience?: string | undefined;
allowedRoles?: string[] | undefined;
}, {
key: string;
type: "static";
issuer: string;
kid: string;
algorithms: ("RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "EdDSA")[];
expectedAudience?: string | undefined;
allowedRoles?: string[] | undefined;
}>, z.ZodObject<{
type: z.ZodLiteral<"jwks">;
url: z.ZodString;
issuer: z.ZodString;
expectedAudience: z.ZodOptional<z.ZodString>;
allowedRoles: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
cacheTtlSeconds: z.ZodOptional<z.ZodNumber>;
}, "strip", z.ZodTypeAny, {
url: string;
type: "jwks";
issuer: string;
expectedAudience?: string | undefined;
allowedRoles?: string[] | undefined;
cacheTtlSeconds?: number | undefined;
}, {
url: string;
type: "jwks";
issuer: string;
expectedAudience?: string | undefined;
allowedRoles?: string[] | undefined;
cacheTtlSeconds?: number | undefined;
}>]>;
export type TrustedKeySource = z.infer<typeof TrustedKeySourceSchema>;
export type StaticKeySource = Extract<TrustedKeySource, {
type: 'static';
}>;
export type JwksKeySource = Extract<TrustedKeySource, {
type: 'jwks';
}>;
export type JwtAlgorithm = z.infer<typeof JwtAlgorithmSchema>;
export type TrustedKeySourceType = 'static' | 'jwks';
export type TrustedKeySourceStatus = 'pending' | 'healthy' | 'error';
export declare const TrustedKeyDataSchema: z.ZodObject<{
algorithms: z.ZodArray<z.ZodEnum<["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "EdDSA"]>, "many">;
keyMaterial: z.ZodString;
issuer: z.ZodString;
expectedAudience: z.ZodOptional<z.ZodString>;
allowedRoles: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
expiresAt: z.ZodOptional<z.ZodString>;
}, "strip", z.ZodTypeAny, {
issuer: string;
algorithms: ("RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "EdDSA")[];
keyMaterial: string;
expiresAt?: string | undefined;
expectedAudience?: string | undefined;
allowedRoles?: string[] | undefined;
}, {
issuer: string;
algorithms: ("RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "EdDSA")[];
keyMaterial: string;
expiresAt?: string | undefined;
expectedAudience?: string | undefined;
allowedRoles?: string[] | undefined;
}>;
export type TrustedKeyData = z.infer<typeof TrustedKeyDataSchema>;
export interface ResolvedTrustedKey {
kid: string;
algorithms: JwtAlgorithm[];
key: Secret;
issuer: string;
expectedAudience?: string;
allowedRoles?: string[];
}
export declare const TokenExchangeRequestSchema: z.ZodObject<{
grant_type: z.ZodLiteral<"urn:ietf:params:oauth:grant-type:token-exchange">;
subject_token: z.ZodString;
subject_token_type: z.ZodOptional<z.ZodString>;
actor_token: z.ZodOptional<z.ZodString>;
actor_token_type: z.ZodOptional<z.ZodString>;
requested_token_type: z.ZodOptional<z.ZodString>;
scope: z.ZodOptional<z.ZodString>;
audience: z.ZodOptional<z.ZodString>;
resource: z.ZodOptional<z.ZodString>;
}, "strip", z.ZodTypeAny, {
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange";
subject_token: string;
resource?: string | undefined;
subject_token_type?: string | undefined;
actor_token?: string | undefined;
actor_token_type?: string | undefined;
requested_token_type?: string | undefined;
scope?: string | undefined;
audience?: string | undefined;
}, {
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange";
subject_token: string;
resource?: string | undefined;
subject_token_type?: string | undefined;
actor_token?: string | undefined;
actor_token_type?: string | undefined;
requested_token_type?: string | undefined;
scope?: string | undefined;
audience?: string | undefined;
}>;
export type TokenExchangeRequest = z.infer<typeof TokenExchangeRequestSchema>;