1 | /// <reference types="node" />
|
2 | import { IncomingMessage } from 'http';
|
3 | import { JwtPayload } from 'jsonwebtoken';
|
4 | import { TokenKey } from './xsuaa-service-types';
|
5 | import { Cache } from './cache';
|
6 | import type { RegisteredJWTClaimsTenant } from './tenant';
|
7 | import type { RegisteredJWTClaimsUser } from './user';
|
8 | import { JwtWithPayloadObject } from './jsonwebtoken-type';
|
9 | /**
|
10 | * Decode JWT.
|
11 | * @param token - JWT to be decoded
|
12 | * @returns Decoded payload.
|
13 | */
|
14 | export declare function decodeJwt(token: string): JwtPayload;
|
15 | /**
|
16 | * Decode JWT and return the complete decoded token.
|
17 | * @param token - JWT to be decoded.
|
18 | * @returns Decoded token containing payload, header and signature.
|
19 | * @internal
|
20 | */
|
21 | export declare function decodeJwtComplete(token: string): JwtWithPayloadObject;
|
22 | /**
|
23 | * Retrieve JWT from a request that is based on the node `IncomingMessage`. Fails if no authorization header is given or has the wrong format. Expected format is 'Bearer <TOKEN>'.
|
24 | * @param req - Request to retrieve the JWT from
|
25 | * @returns JWT found in header
|
26 | */
|
27 | export declare function retrieveJwt(req: IncomingMessage): string | undefined;
|
28 | /**
|
29 | * Verifies the given JWT and returns the decoded payload.
|
30 | * @param token - JWT to be verified
|
31 | * @param options - Options to control certain aspects of JWT verification behavior.
|
32 | * @returns A Promise to the decoded and verified JWT.
|
33 | */
|
34 | export declare function verifyJwt(token: string, options?: VerifyJwtOptions): Promise<JwtPayload>;
|
35 | /**
|
36 | * Options to control certain aspects of JWT verification behavior.
|
37 | */
|
38 | export interface VerifyJwtOptions {
|
39 | cacheVerificationKeys?: boolean;
|
40 | }
|
41 | export declare const verificationKeyCache: Cache<TokenKey>;
|
42 | /**
|
43 | * Verifies the given JWT with the given key and returns the decoded payload.
|
44 | * @param token - JWT to be verified.
|
45 | * @param key - Key to use for verification.
|
46 | * @returns A Promise to the decoded and verified JWT.
|
47 | */
|
48 | export declare function verifyJwtWithKey(token: string, key: string): Promise<JwtPayload>;
|
49 | /**
|
50 | * Get the issuer URL of a decoded JWT.
|
51 | * @param decodedToken - Token to read the issuer URL from.
|
52 | * @returns The issuer URL if available.
|
53 | */
|
54 | export declare function issuerUrl(decodedToken: JwtPayload): string | undefined;
|
55 | /**
|
56 | * Retrieve the audiences of a decoded JWT based on the audiences and scopes in the token.
|
57 | * @param decodedToken - Token to retrieve the audiences from.
|
58 | * @returns A set of audiences.
|
59 | */
|
60 | export declare function audiences(decodedToken: JwtPayload): Set<string>;
|
61 | /**
|
62 | * Wraps the access token in header's authorization.
|
63 | * @param token - Token to attach in request header
|
64 | * @returns The request header that holds the access token
|
65 | */
|
66 | export declare function wrapJwtInHeader(token: string): {
|
67 | headers: {
|
68 | Authorization: string;
|
69 | [key: string]: any;
|
70 | };
|
71 | };
|
72 | export declare function readPropertyWithWarn(jwtPayload: JwtPayload, property: string): any;
|
73 | /**
|
74 | * @deprecated Since v1.46.0. This interface will not be replaced. Use the higher level JWT types directly.
|
75 | * Interface to represent the registered claims of a JWT.
|
76 | */
|
77 | export declare type RegisteredJWTClaims = RegisteredJWTClaimsBasic & RegisteredJWTClaimsUser & RegisteredJWTClaimsTenant;
|
78 | /**
|
79 | * @deprecated Since v1.46.0. This interface will not be replaced. Use the higher level JWT types directly.
|
80 | * Interface to represent the basic properties like issuer, audience etc.
|
81 | */
|
82 | export interface RegisteredJWTClaimsBasic {
|
83 | iss?: string;
|
84 | exp?: number;
|
85 | sub?: string;
|
86 | aud?: string[];
|
87 | nbf?: string;
|
88 | iat?: number;
|
89 | jti?: string;
|
90 | }
|
91 | /**
|
92 | * @deprecated Since v1.46.0. Use `JwtHeader` instead.
|
93 | * Interface to represent the basic properties of a JWT header.
|
94 | */
|
95 | export interface JWTHeader {
|
96 | alg: string;
|
97 | typ: string;
|
98 | jku?: string;
|
99 | }
|
100 | /**
|
101 | * @deprecated Since v1.20.0. Use [[JWTPayload]] if you want to represent the decoded JWT payload or [[CompleteDecodedJWT]] for the full decoded object.
|
102 | * Interface to represent the payload of a JWT.
|
103 | */
|
104 | export interface DecodedJWT extends RegisteredJWTClaims {
|
105 | [otherKey: string]: any;
|
106 | }
|
107 | /**
|
108 | * @deprecated Since v1.46.0. Use `JwtPayload` instead.
|
109 | * Interface to represent the payload of a JWT.
|
110 | */
|
111 | export interface JWTPayload extends RegisteredJWTClaims {
|
112 | [otherKey: string]: any;
|
113 | }
|
114 | /**
|
115 | * @deprecated Since v1.46.0. Use `Jwt` instead.
|
116 | * Interface to represent header and payload of a JWT.
|
117 | */
|
118 | export interface CompleteDecodedJWT extends RegisteredJWTClaims {
|
119 | header: JWTHeader;
|
120 | payload: JWTPayload;
|
121 | signature: string;
|
122 | }
|
123 | export declare type JwtKeyMapping<InterfaceT, JwtKeysT> = {
|
124 | [key in keyof InterfaceT]: {
|
125 | keyInJwt: JwtKeysT extends string ? JwtKeysT : keyof JwtKeysT;
|
126 | extractorFunction: (jwtPayload: JwtPayload) => any;
|
127 | };
|
128 | };
|
129 | /**
|
130 | * Checks if a given key is present in the decoded JWT. If not, an error is thrown.
|
131 | * @param key - The key of the representation in typescript
|
132 | * @param mapping - The mapping between the typescript keys and the JWT key
|
133 | * @param jwtPayload - JWT payload to check fo the given key.
|
134 | */
|
135 | export declare function checkMandatoryValue<InterfaceT, JwtKeysT>(key: keyof InterfaceT, mapping: JwtKeyMapping<InterfaceT, JwtKeysT>, jwtPayload: JwtPayload): void;
|
136 | /**
|
137 | * Object holding a decoded JWT payload received by decoding the encoded string also in this object.
|
138 | */
|
139 | export interface JwtPair {
|
140 | decoded: JwtPayload;
|
141 | encoded: string;
|
142 | }
|
143 | /**
|
144 | * The user JWT can be a full JWT containing user information but also a reduced one setting only the iss value
|
145 | * This method divides the two cases.
|
146 | * @param token - Token to be investigated
|
147 | * @returns Boolean value with true if the input is a UserJwtPair
|
148 | */
|
149 | export declare function isUserToken(token: JwtPair | undefined): token is JwtPair;
|
150 | //# sourceMappingURL=jwt.d.ts.map |
\ | No newline at end of file |