UNPKG

4.24 kBTypeScriptView Raw
1/*! firebase-admin v10.0.0 */
2/*!
3 * Copyright 2021 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17/// <reference types="node" />
18import * as jwt from 'jsonwebtoken';
19import { Agent } from 'http';
20export declare const ALGORITHM_RS256: jwt.Algorithm;
21export declare type Dictionary = {
22 [key: string]: any;
23};
24export declare type DecodedToken = {
25 header: Dictionary;
26 payload: Dictionary;
27};
28export interface SignatureVerifier {
29 verify(token: string): Promise<void>;
30}
31interface KeyFetcher {
32 fetchPublicKeys(): Promise<{
33 [key: string]: string;
34 }>;
35}
36export declare class JwksFetcher implements KeyFetcher {
37 private publicKeys;
38 private publicKeysExpireAt;
39 private client;
40 constructor(jwksUrl: string);
41 fetchPublicKeys(): Promise<{
42 [key: string]: string;
43 }>;
44 private shouldRefresh;
45 private refresh;
46}
47/**
48 * Class to fetch public keys from a client certificates URL.
49 */
50export declare class UrlKeyFetcher implements KeyFetcher {
51 private clientCertUrl;
52 private readonly httpAgent?;
53 private publicKeys;
54 private publicKeysExpireAt;
55 constructor(clientCertUrl: string, httpAgent?: Agent | undefined);
56 /**
57 * Fetches the public keys for the Google certs.
58 *
59 * @returns A promise fulfilled with public keys for the Google certs.
60 */
61 fetchPublicKeys(): Promise<{
62 [key: string]: string;
63 }>;
64 /**
65 * Checks if the cached public keys need to be refreshed.
66 *
67 * @returns Whether the keys should be fetched from the client certs url or not.
68 */
69 private shouldRefresh;
70 private refresh;
71}
72/**
73 * Class for verifying JWT signature with a public key.
74 */
75export declare class PublicKeySignatureVerifier implements SignatureVerifier {
76 private keyFetcher;
77 constructor(keyFetcher: KeyFetcher);
78 static withCertificateUrl(clientCertUrl: string, httpAgent?: Agent): PublicKeySignatureVerifier;
79 static withJwksUrl(jwksUrl: string): PublicKeySignatureVerifier;
80 verify(token: string): Promise<void>;
81 private verifyWithoutKid;
82 private verifyWithAllKeys;
83}
84/**
85 * Class for verifying unsigned (emulator) JWTs.
86 */
87export declare class EmulatorSignatureVerifier implements SignatureVerifier {
88 verify(token: string): Promise<void>;
89}
90/**
91 * Verifies the signature of a JWT using the provided secret or a function to fetch
92 * the secret or public key.
93 *
94 * @param token - The JWT to be verified.
95 * @param secretOrPublicKey - The secret or a function to fetch the secret or public key.
96 * @param options - JWT verification options.
97 * @returns A Promise resolving for a token with a valid signature.
98 */
99export declare function verifyJwtSignature(token: string, secretOrPublicKey: jwt.Secret | jwt.GetPublicKeyOrSecret, options?: jwt.VerifyOptions): Promise<void>;
100/**
101 * Decodes general purpose Firebase JWTs.
102 *
103 * @param jwtToken - JWT token to be decoded.
104 * @returns Decoded token containing the header and payload.
105 */
106export declare function decodeJwt(jwtToken: string): Promise<DecodedToken>;
107/**
108 * Jwt error code structure.
109 *
110 * @param code - The error code.
111 * @param message - The error message.
112 * @constructor
113 */
114export declare class JwtError extends Error {
115 readonly code: JwtErrorCode;
116 readonly message: string;
117 constructor(code: JwtErrorCode, message: string);
118}
119/**
120 * JWT error codes.
121 */
122export declare enum JwtErrorCode {
123 INVALID_ARGUMENT = "invalid-argument",
124 INVALID_CREDENTIAL = "invalid-credential",
125 TOKEN_EXPIRED = "token-expired",
126 INVALID_SIGNATURE = "invalid-token",
127 NO_MATCHING_KID = "no-matching-kid-error",
128 NO_KID_IN_HEADER = "no-kid-error",
129 KEY_FETCH_ERROR = "key-fetch-error"
130}
131export {};