/** * Auth0統合管理 * * ⚡ 機能: * - JWT Token検証とクレーム解析 * - Management API（組織、ユーザー、ロール管理） * - Authorization Extension API（グループ、権限） * - Standard Auth0 Authentication Flow * - セキュリティログとAudit Trail * - 🆕 Auth0 Organizations（orgid）完全対応 * * 🔐 統一認証: auth.gftd.ai ドメインをデフォルトに設定 */ import { UserPayload, OrganizationInvitationStatus, OrganizationMemberRole, OrganizationSettings } from './types'; /** * Auth0設定 */ export interface Auth0Config { domain: string; audience: string; clientId?: string; jwksUri?: string; authorizationExtension?: { url: string; clientId: string; clientSecret: string; audience: string; region: 'us-west' | 'europe' | 'australia'; }; } /** * Auth0組織情報 */ export interface Auth0Organization { id: string; name: string; display_name: string; branding?: { logo_url?: string; colors?: { primary?: string; page_background?: string; }; }; metadata?: Record; connections?: { name: string; strategy: string; enabled_clients?: string[]; }[]; /** 🆕 組織設定 */ settings?: OrganizationSettings; /** 🆕 作成・更新情報 */ created_at?: string; updated_at?: string; } /** * Auth0組織メンバー */ export interface Auth0OrganizationMember { user_id: string; email?: string; name?: string; picture?: string; roles?: OrganizationMemberRole[]; /** 🆕 メンバーシップ情報 */ organization_id: string; added_at?: string; added_by?: string; } /** * Auth0組織招待 */ export interface Auth0OrganizationInvitation { id: string; organization_id: string; inviter: { name: string; email?: string; }; invitee: { email: string; }; client_id: string; connection_id?: string; app_metadata?: Record; user_metadata?: Record; roles?: string[]; send_invitation_email?: boolean; ttl_sec?: number; created_at?: string; /** 🆕 招待ステータス */ status?: OrganizationInvitationStatus; expires_at?: string; } /** * Auth0ユーザークレーム */ interface Auth0Claims { sub: string; email?: string; email_verified?: boolean; name?: string; picture?: string; nickname?: string; 'https://your-app.com/roles'?: string[]; 'https://your-app.com/permissions'?: string[]; 'https://your-app.com/tenant_id'?: string; /** 🆕 組織クレーム */ org_id?: string; org_name?: string; 'https://your-app.com/org_roles'?: string[]; 'https://your-app.com/org_permissions'?: string[]; 'https://your-app.com/organizations'?: string[]; [key: string]: any; } /** * Auth0ユーザー情報 */ export interface Auth0User { user_id: string; connection: string; email?: string; email_verified?: boolean; username?: string; phone_number?: string; phone_verified?: boolean; created_at: string; updated_at: string; identities: Array<{ connection: string; user_id: string; provider: string; isSocial: boolean; }>; app_metadata?: Record; user_metadata?: Record; picture?: string; name?: string; nickname?: string; multifactor?: string[]; last_ip?: string; last_login?: string; logins_count?: number; blocked?: boolean; given_name?: string; family_name?: string; } /** * Auth0管理API用レスポンス */ export interface Auth0ManagementResponse { data?: T; error?: { message: string; statusCode: number; error: string; errorCode?: string; }; } /** * Auth0統合マネージャー */ export declare class Auth0Integration { private static instance; private config; private jwksClient; private extensionAccessToken; private extensionTokenExpiry; /** 🆕 Management APIトークンキャッシュ */ private managementAccessToken; private managementTokenExpiry; private constructor(); /** * シングルトンインスタンスを取得 */ static getInstance(customConfig?: Partial): Auth0Integration; /** * Authorization Extension URLを構築 */ private buildExtensionUrl; /** * Extension APIのアクセストークンを取得 */ private getExtensionAccessToken; /** * Management APIのアクセストークンを取得 */ getManagementAccessToken(): Promise; /** * Auth0 JWTトークンを検証 */ verifyAuth0Token(token: string): Promise; /** * Auth0クレームをGFTD ORMユーザーペイロードに変換（🆕 組織対応） */ mapAuth0ToUserPayload(auth0Claims: Auth0Claims): UserPayload; /** * Auth0トークンからGFTD ORMユーザーを認証 */ authenticateWithAuth0(token: string): Promise<{ success: boolean; user?: UserPayload; error?: string; }>; /** * 組織を取得 */ getOrganization(organizationId: string): Promise; /** * ユーザーの組織一覧を取得 */ getUserOrganizations(userId: string): Promise; /** * 組織メンバー一覧を取得 */ getOrganizationMembers(organizationId: string): Promise; /** * 組織にメンバーを追加 */ addOrganizationMember(organizationId: string, userId: string, roles?: string[]): Promise; /** * 組織からメンバーを削除 */ removeOrganizationMember(organizationId: string, userId: string): Promise; /** * 組織招待を送信 */ createOrganizationInvitation(organizationId: string, email: string, options?: { roles?: string[]; sendEmail?: boolean; ttlSec?: number; metadata?: Record; }): Promise; /** * 組織招待一覧を取得 */ getOrganizationInvitations(organizationId: string): Promise; } /** * Auth0統合のヘルパー関数 */ export declare const auth0: { /** * 統合マネージャーのインスタンスを取得 */ manager: () => Auth0Integration; /** * Auth0トークンで認証 */ authenticate: (token: string, customConfig?: Partial) => Promise<{ success: boolean; user?: UserPayload; error?: string; }>; /** * トークン検証 */ verifyToken: (token: string) => Promise; /** * 🆕 組織管理のヘルパー関数 */ organizations: { get: (organizationId: string) => Promise; getUserOrganizations: (userId: string) => Promise; getMembers: (organizationId: string) => Promise; addMember: (organizationId: string, userId: string, roles?: string[]) => Promise; removeMember: (organizationId: string, userId: string) => Promise; createInvitation: (organizationId: string, email: string, options?: any) => Promise; getInvitations: (organizationId: string) => Promise; }; }; export {}; //# sourceMappingURL=auth0-integration.d.ts.map