UNPKG

5.83 kBTypeScriptView Raw
1import { Algorithm, VerifyOptions } from "jsonwebtoken";
2import { Strategy as PassportStrategy } from "passport-strategy";
3
4export declare class Strategy extends PassportStrategy {
5 /**
6 * Strategy constructor
7 */
8 constructor(opt: StrategyOptionsWithoutRequest, verify: VerifyCallback);
9 /**
10 * Strategy constructor
11 */
12 constructor(opt: StrategyOptionsWithRequest, verify: VerifyCallbackWithRequest);
13 name: string;
14}
15
16/**
17 * Interface for providing the secret or key for verification.
18 */
19export interface SecretOrKeyProvider<T = any> {
20 /**
21 * Callback for secret or key provider.
22 *
23 * @param request - The request object from your framework (e.g., Express.Request)
24 * @param rawJwtToken - The raw JWT token string
25 * @param done - A function with the signature function(err, secret)
26 */
27 (request: T, rawJwtToken: any, done: (err: any, secretOrKey?: string | Buffer) => void): void;
28}
29
30interface BaseStrategyOptions {
31 /**
32 * Function that accepts a request as the only parameter and returns either the JWT as a string or null.
33 * REQUIRED.
34 */
35 jwtFromRequest: JwtFromRequestFunction;
36 /**
37 * If defined, the issuer will be verified against this value.
38 */
39 issuer?: string | string[] | undefined;
40 /**
41 * If defined, the audience will be verified against this value.
42 */
43 audience?: string | string[] | undefined;
44 /**
45 * List of strings with the names of allowed algorithms (e.g., ["HS256", "HS384"]).
46 */
47 algorithms?: Algorithm[] | undefined;
48 /**
49 * If true, do not validate the expiration of the token.
50 */
51 ignoreExpiration?: boolean | undefined;
52
53 /**
54 * @deprecated
55 * for backwards compatibility, still allowing you to pass
56 * audience / issuer / algorithms / ignoreExpiration
57 * on the options.
58 */
59 jsonWebTokenOptions?: VerifyOptions | undefined;
60}
61interface WithSecretOrKeyProvider extends BaseStrategyOptions {
62 secretOrKeyProvider: SecretOrKeyProvider;
63}
64interface WithSecretOrKey extends BaseStrategyOptions {
65 secretOrKey: string | Buffer;
66}
67type StrategyOptionsWithSecret =
68 | Omit<WithSecretOrKey, "secretOrKeyProvider">
69 | Omit<WithSecretOrKeyProvider, "secretOrKey">;
70type StrategyOptionsWithRequest = StrategyOptionsWithSecret & {
71 /**
72 * If true, the verify callback will be called with args (request, jwt_payload, done_callback).
73 */
74 passReqToCallback: true;
75};
76type StrategyOptionsWithoutRequest = StrategyOptionsWithSecret & {
77 /**
78 * If true, the verify callback will be called with args (request, jwt_payload, done_callback).
79 */
80 passReqToCallback?: false;
81};
82
83/**
84 * Union type for all possible Strategy options.
85 */
86export type StrategyOptions = StrategyOptionsWithRequest | StrategyOptionsWithoutRequest;
87
88/**
89 * Callback used to verify the JWT payload.
90 */
91export type VerifyCallback = (payload: any, done: VerifiedCallback) => void;
92
93/**
94 * Callback used to verify the JWT payload with request.
95 */
96export type VerifyCallbackWithRequest<T = any> = (req: T, payload: any, done: VerifiedCallback) => void;
97
98/**
99 * Callback for the verified result.
100 */
101export interface VerifiedCallback {
102 (error: any, user?: unknown | false, info?: any): void;
103}
104
105/**
106 * Function that returns either the JWT as a string or null.
107 */
108export interface JwtFromRequestFunction<T = any> {
109 (req: T): string | null;
110}
111
112export declare namespace ExtractJwt {
113 /**
114 * Creates an extractor function to retrieve a token from the request header.
115 *
116 * @param {string} header_name - The name of the header to extract the token from.
117 * @returns {JwtFromRequestFunction} A function that takes a request object and returns the extracted token.
118 */
119 export function fromHeader(header_name: string): JwtFromRequestFunction;
120 /**
121 * Creates an extractor function to retrieve a token from a field in the request body.
122 *
123 * @param {string} field_name - The name of the field to extract the token from.
124 * @returns {JwtFromRequestFunction} A function that takes a request object and returns the extracted token.
125 */
126 export function fromBodyField(field_name: string): JwtFromRequestFunction;
127 /**
128 * Creates an extractor function to retrieve a token from a query parameter in the URL.
129 *
130 * @param {string} param_name - The name of the query parameter to extract the token from.
131 * @returns {JwtFromRequestFunction} A function that takes a request object and returns the extracted token.
132 */
133 export function fromUrlQueryParameter(param_name: string): JwtFromRequestFunction;
134 /**
135 * Creates an extractor function to retrieve a token from the authorization header with a specific scheme.
136 *
137 * @param {string} auth_scheme - The authorization scheme (e.g., 'Bearer').
138 * @returns {JwtFromRequestFunction} A function that takes a request object and returns the extracted token.
139 */
140 export function fromAuthHeaderWithScheme(auth_scheme: string): JwtFromRequestFunction;
141 /**
142 * Creates an extractor function that combines multiple extractor functions.
143 *
144 * @param {JwtFromRequestFunction[]} extractors - An array of extractor functions.
145 * @returns {JwtFromRequestFunction} A function that takes a request object and returns the extracted token.
146 */
147 export function fromExtractors<T = any>(extractors: Array<JwtFromRequestFunction<T>>): JwtFromRequestFunction<T>;
148 /**
149 * Creates an extractor function to retrieve a token from the authorization header as a Bearer token.
150 *
151 * @returns {JwtFromRequestFunction} A function that takes a request object and returns the extracted token.
152 */
153 export function fromAuthHeaderAsBearerToken(): JwtFromRequestFunction;
154}