1 | /// <reference types="node" />
|
2 | import { IncomingMessage } from 'http';
|
3 | import { AxiosRequestConfig } from 'axios';
|
4 | import { Jwt, JwtPayload } from 'jsonwebtoken';
|
5 | import { TokenKey } from './xsuaa-service-types';
|
6 | import { Cache } from './cache';
|
7 | import type { RegisteredJWTClaimsTenant } from './tenant';
|
8 | import type { RegisteredJWTClaimsUser } from './user';
|
9 | /**
|
10 | * Decode JWT.
|
11 | * @param token - JWT to be decoded
|
12 | * @returns Decoded payload.
|
13 | */
|
14 | export declare function decodeJwt(token: string): JwtPayload;
|
15 | /**
|
16 | * Decode JWT and return the complete decoded token.
|
17 | * @param token - JWT to be decoded.
|
18 | * @returns Decoded token containing payload, header and signature.
|
19 | */
|
20 | export declare function decodeJwtComplete(token: string): Jwt;
|
21 | /**
|
22 | * Retrieve JWT from a request that is based on the node `IncomingMessage`. Fails if no authorization header is given or has the wrong format. Expected format is 'Bearer <TOKEN>'.
|
23 | * @param req - Request to retrieve the JWT from
|
24 | * @returns JWT found in header
|
25 | */
|
26 | export declare function retrieveJwt(req: IncomingMessage): string | undefined;
|
27 | /**
|
28 | * Verifies the given JWT and returns the decoded payload.
|
29 | * @param token - JWT to be verified
|
30 | * @param options - Options to control certain aspects of JWT verification behavior.
|
31 | * @returns A Promise to the decoded and verified JWT.
|
32 | */
|
33 | export declare function verifyJwt(token: string, options?: VerifyJwtOptions): Promise<JwtPayload>;
|
34 | /**
|
35 | * Options to control certain aspects of JWT verification behavior.
|
36 | */
|
37 | export interface VerifyJwtOptions {
|
38 | cacheVerificationKeys?: boolean;
|
39 | }
|
40 | export declare const verificationKeyCache: Cache<TokenKey>;
|
41 | /**
|
42 | * Verifies the given JWT with the given key and returns the decoded payload.
|
43 | * @param token - JWT to be verified.
|
44 | * @param key - Key to use for verification.
|
45 | * @returns A Promise to the decoded and verified JWT.
|
46 | */
|
47 | export declare function verifyJwtWithKey(token: string, key: string): Promise<JwtPayload>;
|
48 | /**
|
49 | * Get the issuer URL of a decoded JWT.
|
50 | * @param decodedToken - Token to read the issuer URL from.
|
51 | * @returns The issuer URL if available.
|
52 | */
|
53 | export declare function issuerUrl(decodedToken: JwtPayload): string | undefined;
|
54 | /**
|
55 | * Retrieve the audiences of a decoded JWT based on the audiences and scopes in the token.
|
56 | * @param decodedToken - Token to retrieve the audiences from.
|
57 | * @returns A set of audiences.
|
58 | */
|
59 | export declare function audiences(decodedToken: JwtPayload): Set<string>;
|
60 | /**
|
61 | * Wraps the access token in header's authorization.
|
62 | * @param token - Token to attach in request header
|
63 | * @returns The request header that holds the access token
|
64 | */
|
65 | export declare function wrapJwtInHeader(token: string): AxiosRequestConfig;
|
66 | export declare function readPropertyWithWarn(jwtPayload: JwtPayload, property: string): any;
|
67 | /**
|
68 | * @deprecated Since v1.46.0. This interface will not be replaced. Use the higher level JWT types directly.
|
69 | * Interface to represent the registered claims of a JWT.
|
70 | */
|
71 | export declare type RegisteredJWTClaims = RegisteredJWTClaimsBasic & RegisteredJWTClaimsUser & RegisteredJWTClaimsTenant;
|
72 | /**
|
73 | * @deprecated Since v1.46.0. This interface will not be replaced. Use the higher level JWT types directly.
|
74 | * Interface to represent the basic properties like issuer, audience etc.
|
75 | */
|
76 | export interface RegisteredJWTClaimsBasic {
|
77 | iss?: string;
|
78 | exp?: number;
|
79 | sub?: string;
|
80 | aud?: string[];
|
81 | nbf?: string;
|
82 | iat?: number;
|
83 | jti?: string;
|
84 | }
|
85 | /**
|
86 | * @deprecated Since v1.46.0. Use `JwtHeader` instead.
|
87 | * Interface to represent the basic properties of a JWT header.
|
88 | */
|
89 | export interface JWTHeader {
|
90 | alg: string;
|
91 | typ: string;
|
92 | jku?: string;
|
93 | }
|
94 | /**
|
95 | * @deprecated Since v1.20.0. Use [[JWTPayload]] if you want to represent the decoded JWT payload or [[CompleteDecodedJWT]] for the full decoded object.
|
96 | * Interface to represent the payload of a JWT.
|
97 | */
|
98 | export interface DecodedJWT extends RegisteredJWTClaims {
|
99 | [otherKey: string]: any;
|
100 | }
|
101 | /**
|
102 | * @deprecated Since v1.46.0. Use `JwtPayload` instead.
|
103 | * Interface to represent the payload of a JWT.
|
104 | */
|
105 | export interface JWTPayload extends RegisteredJWTClaims {
|
106 | [otherKey: string]: any;
|
107 | }
|
108 | /**
|
109 | * @deprecated Since v1.46.0. Use `Jwt` instead.
|
110 | * Interface to represent header and payload of a JWT.
|
111 | */
|
112 | export interface CompleteDecodedJWT extends RegisteredJWTClaims {
|
113 | header: JWTHeader;
|
114 | payload: JWTPayload;
|
115 | signature: string;
|
116 | }
|
117 | export declare type JwtKeyMapping<InterfaceT, JwtKeysT> = {
|
118 | [key in keyof InterfaceT]: {
|
119 | keyInJwt: JwtKeysT extends string ? JwtKeysT : keyof JwtKeysT;
|
120 | extractorFunction: (jwtPayload: JwtPayload) => any;
|
121 | };
|
122 | };
|
123 | /**
|
124 | * Checks if a given key is present in the decoded JWT. If not, an error is thrown.
|
125 | * @param key - The key of the representation in typescript
|
126 | * @param mapping - The mapping between the typescript keys and the JWT key
|
127 | * @param jwtPayload - JWT payload to check fo the given key.
|
128 | */
|
129 | export declare function checkMandatoryValue<InterfaceT, JwtKeysT>(key: keyof InterfaceT, mapping: JwtKeyMapping<InterfaceT, JwtKeysT>, jwtPayload: JwtPayload): void;
|
130 | /**
|
131 | * Object holding a decoded JWT payload received by decoding the encoded string also in this object.
|
132 | */
|
133 | export interface JwtPair {
|
134 | decoded: JwtPayload;
|
135 | encoded: string;
|
136 | }
|
137 | /**
|
138 | * The user JWT can be a full JWT containing user information but also a reduced one setting only the iss value
|
139 | * This method divides the two cases.
|
140 | * @param token - Token to be investigated
|
141 | * @returns Boolean value with true if the input is a UserJwtPair
|
142 | */
|
143 | export declare function isUserToken(token: JwtPair | undefined): token is JwtPair;
|
144 | //# sourceMappingURL=jwt.d.ts.map |
\ | No newline at end of file |