You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
4.4 KiB
143 lines
4.4 KiB
import 'node'
|
|
|
|
export type Algorithm =
|
|
| 'none'
|
|
| 'HS256'
|
|
| 'HS384'
|
|
| 'HS512'
|
|
| 'ES256'
|
|
| 'ES384'
|
|
| 'ES512'
|
|
| 'RS256'
|
|
| 'RS384'
|
|
| 'RS512'
|
|
| 'PS256'
|
|
| 'PS384'
|
|
| 'PS512'
|
|
| 'EdDSA'
|
|
|
|
export type TokenValidationErrorCode =
|
|
| 'FAST_JWT_INVALID_TYPE'
|
|
| 'FAST_JWT_INVALID_OPTION'
|
|
| 'FAST_JWT_INVALID_ALGORITHM'
|
|
| 'FAST_JWT_INVALID_CLAIM_TYPE'
|
|
| 'FAST_JWT_INVALID_CLAIM_VALUE'
|
|
| 'FAST_JWT_INVALID_KEY'
|
|
| 'FAST_JWT_INVALID_SIGNATURE'
|
|
| 'FAST_JWT_INVALID_PAYLOAD'
|
|
| 'FAST_JWT_MALFORMED'
|
|
| 'FAST_JWT_INACTIVE'
|
|
| 'FAST_JWT_EXPIRED'
|
|
| 'FAST_JWT_MISSING_KEY'
|
|
| 'FAST_JWT_KEY_FETCHING_ERROR'
|
|
| 'FAST_JWT_SIGN_ERROR'
|
|
| 'FAST_JWT_VERIFY_ERROR'
|
|
| 'FAST_JWT_MISSING_SIGNATURE'
|
|
|
|
declare class TokenError extends Error {
|
|
static wrap(originalError: Error, code: TokenValidationErrorCode, message: string): TokenError
|
|
static codes: {
|
|
invalidType: 'FAST_JWT_INVALID_TYPE'
|
|
invalidOption: 'FAST_JWT_INVALID_OPTION'
|
|
invalidAlgorithm: 'FAST_JWT_INVALID_ALGORITHM'
|
|
invalidClaimType: 'FAST_JWT_INVALID_CLAIM_TYPE'
|
|
invalidClaimValue: 'FAST_JWT_INVALID_CLAIM_VALUE'
|
|
invalidKey: 'FAST_JWT_INVALID_KEY'
|
|
invalidSignature: 'FAST_JWT_INVALID_SIGNATURE'
|
|
invalidPayload: 'FAST_JWT_INVALID_PAYLOAD'
|
|
malformed: 'FAST_JWT_MALFORMED'
|
|
inactive: 'FAST_JWT_INACTIVE'
|
|
expired: 'FAST_JWT_EXPIRED'
|
|
missingKey: 'FAST_JWT_MISSING_KEY'
|
|
keyFetchingError: 'FAST_JWT_KEY_FETCHING_ERROR'
|
|
signError: 'FAST_JWT_SIGN_ERROR'
|
|
verifyError: 'FAST_JWT_VERIFY_ERROR'
|
|
missingSignature: 'FAST_JWT_MISSING_SIGNATURE'
|
|
}
|
|
|
|
code: TokenValidationErrorCode;
|
|
[key: string]: any
|
|
}
|
|
|
|
type SignerCallback = (e: Error | TokenError | null, token: string) => void
|
|
type VerifierCallback = (e: Error | TokenError | null, payload: any) => void
|
|
|
|
type KeyFetcher =
|
|
| ((header: { [key: string]: any }) => Promise<string | Buffer>)
|
|
| ((header: { [key: string]: any }, cb: (err: Error | TokenError | null, key: string | Buffer) => void) => void)
|
|
|
|
declare function SignerSync(payload: string | Buffer | { [key: string]: any }): string
|
|
declare function SignerAsync(payload: string | Buffer | { [key: string]: any }): Promise<string>
|
|
declare function SignerAsync(payload: string | Buffer | { [key: string]: any }, cb: SignerCallback): void
|
|
|
|
declare function VerifierSync(token: string | Buffer): any
|
|
declare function VerifierAsync(token: string | Buffer): Promise<any>
|
|
declare function VerifierAsync(token: string | Buffer, cb: object): void
|
|
|
|
export interface JwtHeader {
|
|
alg: string | Algorithm
|
|
typ?: string | undefined
|
|
cty?: string | undefined
|
|
crit?: Array<string | Exclude<keyof JwtHeader, 'crit'>> | undefined
|
|
kid?: string | undefined
|
|
jku?: string | undefined
|
|
x5u?: string | string[] | undefined
|
|
'x5t#S256'?: string | undefined
|
|
x5t?: string | undefined
|
|
x5c?: string | string[] | undefined
|
|
}
|
|
|
|
export interface SignerOptions {
|
|
algorithm: Algorithm
|
|
mutatePayload: boolean
|
|
expiresIn: number
|
|
notBefore: number
|
|
jti: string
|
|
aud: string | string[]
|
|
iss: string
|
|
sub: string
|
|
nonce: string
|
|
kid: string
|
|
header: JwtHeader
|
|
noTimestamp: boolean
|
|
clockTimestamp: number
|
|
}
|
|
|
|
export interface DecoderOptions {
|
|
complete: boolean
|
|
checkTyp: string
|
|
}
|
|
|
|
export interface VerifierOptions {
|
|
algorithms: Algorithm[]
|
|
complete: boolean
|
|
cache: boolean | number
|
|
cacheTTL: number
|
|
errorCacheTTL: number | ((tokenError: TokenError) => number)
|
|
allowedJti: string | RegExp | Array<string | RegExp>
|
|
allowedAud: string | RegExp | Array<string | RegExp>
|
|
allowedIss: string | RegExp | Array<string | RegExp>
|
|
allowedSub: string | RegExp | Array<string | RegExp>
|
|
allowedNonce: string | RegExp | Array<string | RegExp>
|
|
ignoreExpiration: boolean
|
|
ignoreNotBefore: boolean
|
|
maxAge: number
|
|
clockTimestamp: number
|
|
clockTolerance: number
|
|
requiredClaims: Array<string>
|
|
checkTyp: string
|
|
}
|
|
|
|
export interface PrivateKey {
|
|
key: string | Buffer
|
|
passphrase: string | undefined
|
|
}
|
|
|
|
export function createSigner(
|
|
options?: Partial<SignerOptions & { key: string | Buffer | PrivateKey }>
|
|
): typeof SignerSync
|
|
export function createSigner(options?: Partial<SignerOptions & { key: KeyFetcher }>): typeof SignerAsync
|
|
export function createDecoder(options?: Partial<DecoderOptions>): (token: string | Buffer) => any
|
|
export function createVerifier(options?: Partial<VerifierOptions & { key: string | Buffer }>): typeof VerifierSync
|
|
export function createVerifier(options?: Partial<VerifierOptions & { key: KeyFetcher }>): typeof VerifierAsync
|