/** * Auth0統合 - Auth0 JWTトークンとAuthorization Extension APIとの連携 */ import { UserPayload } from './types'; /** * 🏢 Organization API Type Definitions */ export interface Organization { id: string; name: string; display_name?: string; branding?: { logo_url?: string; colors?: { primary?: string; page_background?: string; }; }; metadata?: Record; enabled_connections?: Array<{ connection_id: string; assign_membership_on_login?: boolean; show_as_button?: boolean; }>; } export interface OrganizationMember { user_id: string; name?: string; email?: string; picture?: string; roles?: Array<{ id: string; name: string; }>; } export interface OrganizationInvitation { id: string; inviter: { name: string; }; invitee: { email: string; }; invitation_url: string; organization_id: string; client_id: string; connection_id?: string; expires_at: string; created_at: string; roles?: string[]; app_metadata?: Record; user_metadata?: Record; } export interface OrganizationRole { id: string; name: string; description?: string; } /** * Auth0設定 */ interface Auth0Config { domain: string; audience: string; clientId?: string; jwksUri?: string; authorizationExtension?: { url: string; clientId: string; clientSecret: string; audience: string; region: 'us-west' | 'europe' | 'australia'; }; } /** * Auth0ユーザークレーム */ interface Auth0Claims { sub: string; email?: string; email_verified?: boolean; name?: string; picture?: string; nickname?: string; 'https://your-app.com/roles'?: string[]; 'https://your-app.com/permissions'?: string[]; 'https://your-app.com/tenant_id'?: string; [key: string]: any; } /** * 🔐 NEW: Authorization Extension API レスポンス型 */ interface AuthExtensionGroup { _id: string; name: string; description: string; members?: string[]; mappings?: Array<{ _id: string; groupName: string; connectionName: string; }>; nested?: string[]; roles?: string[]; } interface AuthExtensionRole { _id: string; name: string; description: string; applicationId: string; permissions?: string[]; } interface AuthExtensionPolicy { groups: string[]; roles: string[]; permissions: string[]; } /** * Auth0統合マネージャー */ export declare class Auth0Integration { private static instance; private config; private jwksClient; private extensionAccessToken; private extensionTokenExpiry; private constructor(); /** * 🔐 NEW: Extension URLを構築 */ private buildExtensionUrl; /** * シングルトンインスタンスを取得 */ static getInstance(customConfig?: Partial): Auth0Integration; /** * 設定を更新 */ private updateConfig; /** * 🔐 NEW: Machine-to-Machine認証でExtension Access Tokenを取得 */ private getExtensionAccessToken; /** * 🔐 NEW: Extension APIリクエストヘルパー */ private extensionApiRequest; /** * Auth0 JWTトークンを検証 */ verifyAuth0Token(token: string): Promise; /** * Auth0クレームをGFTD ORMユーザーペイロードに変換 */ mapAuth0ToUserPayload(auth0Claims: Auth0Claims): UserPayload; /** * Auth0トークンからGFTD ORMユーザーを認証 */ authenticateWithAuth0(token: string): Promise<{ success: boolean; user?: UserPayload; error?: string; }>; /** * Auth0権限をチェック */ checkAuth0Permission(user: UserPayload, permission: string): boolean; /** * Auth0ロールをチェック */ checkAuth0Role(user: UserPayload, role: string): boolean; /** * Auth0のManagement APIを使ってユーザー情報を取得 */ getAuth0UserInfo(managementToken: string, userId: string): Promise; /** * Auth0のManagement APIを使ってユーザーロールを更新 */ updateAuth0UserRoles(managementToken: string, userId: string, roles: string[]): Promise; /** * �� NEW: Extension API - 全グループを取得 */ getGroups(): Promise<{ groups: AuthExtensionGroup[]; total: number; }>; /** * 🔐 NEW: Extension API - 特定のグループを取得 */ getGroup(groupId: string, expand?: boolean): Promise; /** * 🔐 NEW: Extension API - グループを作成 */ createGroup(name: string, description?: string): Promise; /** * 🔐 NEW: Extension API - グループを更新 */ updateGroup(groupId: string, updates: Partial): Promise; /** * 🔐 NEW: Extension API - グループを削除 */ deleteGroup(groupId: string): Promise; /** * 🔐 NEW: Extension API - 全ロールを取得 */ getRoles(): Promise; /** * 🔐 NEW: Extension API - 特定のロールを取得 */ getRole(roleId: string): Promise; /** * 🔐 NEW: Extension API - ロールを作成 */ createRole(name: string, description?: string, applicationId?: string): Promise; /** * 🔐 NEW: Extension API - ロールを更新 */ updateRole(roleId: string, updates: Partial): Promise; /** * 🔐 NEW: Extension API - ロールを削除 */ deleteRole(roleId: string): Promise; /** * 🔐 NEW: Extension API - ユーザーのロールを取得 */ getUserRoles(userId: string): Promise; /** * 🔐 NEW: Extension API - ユーザーにロールを追加 */ addUserToRoles(userId: string, roleIds: string[]): Promise; /** * 🔐 NEW: Extension API - ユーザーからロールを削除 */ removeUserFromRoles(userId: string, roleIds: string[]): Promise; /** * 🔐 NEW: Extension API - ユーザーのロールを計算（グループ含む） */ calculateUserRoles(userId: string): Promise; /** * 🔐 NEW: Extension API - 認可ポリシーを実行 */ executeAuthorizationPolicy(userId: string, clientId: string, connectionName: string, groups?: string[]): Promise; /** * 🔐 NEW: Extension API - ユーザーのグループを取得 */ getUserGroups(userId: string): Promise; /** * 🔐 NEW: Extension API - ユーザーをグループに追加 */ addUserToGroups(userId: string, groupIds: string[]): Promise; /** * 🔐 NEW: Extension API - ユーザーをグループから削除 */ removeUserFromGroups(userId: string, groupIds: string[]): Promise; /** * Auth0 Universal Login URLを生成 */ buildLoginUrl(options: { redirectUri: string; responseType?: 'code' | 'token'; scope?: string; state?: string; nonce?: string; connection?: string; prompt?: 'login' | 'consent' | 'select_account'; }): string; /** * Auth0 Universal Signup URLを生成 */ buildSignupUrl(options: { redirectUri: string; responseType?: 'code' | 'token'; scope?: string; state?: string; nonce?: string; connection?: string; }): string; /** * Auth0 Logout URLを生成 */ buildLogoutUrl(options: { returnTo: string; clientId?: string; }): string; /** * Auth0 Password Reset URLを生成 */ buildPasswordResetUrl(options: { email: string; connection?: string; }): string; /** * Authorization Codeを使ってTokenを取得 */ exchangeCodeForToken(options: { code: string; redirectUri: string; codeVerifier?: string; clientSecret?: string; }): Promise<{ access_token: string; id_token: string; token_type: string; expires_in: number; scope: string; refresh_token?: string; }>; /** * Refresh Tokenを使って新しいAccess Tokenを取得 */ refreshAccessToken(refreshToken: string): Promise<{ access_token: string; id_token: string; token_type: string; expires_in: number; scope: string; }>; /** * Management APIアクセストークンを取得 */ getManagementApiToken(): Promise; /** * Management APIを使ってユーザーを作成 */ createUser(options: { email: string; password: string; name?: string; connection?: string; email_verified?: boolean; user_metadata?: any; app_metadata?: any; }): Promise; /** * Management APIを使ってユーザーを更新 */ updateUser(userId: string, updates: { email?: string; name?: string; password?: string; user_metadata?: any; app_metadata?: any; email_verified?: boolean; }): Promise; /** * Management APIを使ってユーザーを削除 */ deleteUser(userId: string): Promise; /** * パスワードリセットメールを送信 */ sendPasswordResetEmail(email: string, connection?: string): Promise; /** * Email verification を送信 */ sendEmailVerification(userId: string): Promise; /** * ユーザーのプロファイルを取得 */ getUserProfile(userId: string): Promise; /** * ユーザーリストを取得 */ getUsers(options?: { page?: number; per_page?: number; search?: string; sort?: string; connection?: string; }): Promise; /** * PKCEチャレンジを生成 */ generatePKCEChallenge(): { codeVerifier: string; codeChallenge: string; }; /** * ランダム文字列を生成 */ private generateRandomString; /** * SHA256ハッシュを計算 */ private sha256; /** * Base64URLエンコード */ private base64URLEncode; /** * 🏢 Organizations一覧を取得 */ getOrganizations(options?: { page?: number; per_page?: number; include_totals?: boolean; from?: string; take?: number; }): Promise<{ organizations: Organization[]; total?: number; }>; /** * 🏢 特定のOrganizationを取得 */ getOrganization(organizationId: string): Promise; /** * 🏢 Organizationを作成 */ createOrganization(organization: { name: string; display_name?: string; branding?: { logo_url?: string; colors?: { primary?: string; page_background?: string; }; }; metadata?: Record; }): Promise; /** * 🏢 Organizationを更新 */ updateOrganization(organizationId: string, updates: { name?: string; display_name?: string; branding?: { logo_url?: string; colors?: { primary?: string; page_background?: string; }; }; metadata?: Record; }): Promise; /** * 🏢 Organizationを削除 */ deleteOrganization(organizationId: string): Promise; /** * 🏢 Organization Membersを取得 */ getOrganizationMembers(organizationId: string, options?: { page?: number; per_page?: number; include_totals?: boolean; from?: string; take?: number; }): Promise<{ members: OrganizationMember[]; total?: number; }>; /** * 🏢 OrganizationにMemberを追加 */ addOrganizationMembers(organizationId: string, userIds: string[]): Promise; /** * 🏢 OrganizationからMemberを削除 */ removeOrganizationMembers(organizationId: string, userIds: string[]): Promise; /** * 🏢 Organization Invitationを作成（メンバー招待） */ createOrganizationInvitation(organizationId: string, invitation: { inviter: { name: string; }; invitee: { email: string; }; client_id: string; connection_id?: string; app_metadata?: Record; user_metadata?: Record; roles?: string[]; send_invitation_email?: boolean; ttl_sec?: number; }): Promise; /** * 🏢 Organization Invitationsを取得 */ getOrganizationInvitations(organizationId: string, options?: { page?: number; per_page?: number; include_totals?: boolean; sort?: string; from?: string; take?: number; }): Promise<{ invitations: OrganizationInvitation[]; total?: number; }>; /** * 🏢 Organization Invitationを取得 */ getOrganizationInvitation(organizationId: string, invitationId: string): Promise; /** * 🏢 Organization Invitationを削除 */ deleteOrganizationInvitation(organizationId: string, invitationId: string): Promise; /** * 🏢 Organization-scoped Access Tokenを取得 */ getOrganizationAccessToken(options: { organizationId: string; audience?: string; scope?: string; grant_type?: 'client_credentials'; }): Promise<{ access_token: string; token_type: string; expires_in: number; scope?: string; }>; /** * 🏢 Organization Rolesを取得 */ getOrganizationRoles(organizationId: string): Promise; /** * 🏢 Organization Member Rolesを取得 */ getOrganizationMemberRoles(organizationId: string, userId: string): Promise; /** * 🏢 Organization Memberにロールを追加 */ addOrganizationMemberRoles(organizationId: string, userId: string, roleIds: string[]): Promise; /** * 🏢 Organization Memberからロールを削除 */ removeOrganizationMemberRoles(organizationId: string, userId: string, roleIds: string[]): Promise; } /** * Express.js ミドルウェア: Auth0認証 */ export declare function auth0AuthMiddleware(options?: { requireAuth?: boolean; requiredPermissions?: string[]; requiredRoles?: string[]; }): (req: any, res: any, next: any) => Promise; /** * Auth0統合のヘルパー関数 */ export declare const auth0: { /** * 統合マネージャーのインスタンスを取得 */ manager: () => Auth0Integration; /** * Auth0トークンで認証 */ authenticate: (token: string, customConfig?: Partial) => Promise<{ success: boolean; user?: UserPayload; error?: string; }>; /** * 権限チェック */ checkPermission: (user: UserPayload, permission: string) => boolean; /** * ロールチェック */ checkRole: (user: UserPayload, role: string) => boolean; /** * トークン検証 */ verifyToken: (token: string) => Promise; /** * ユーザー情報取得 */ getUserInfo: (managementToken: string, userId: string) => Promise; }; export {}; //# sourceMappingURL=auth0-integration.d.ts.map