1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
|
16 |
|
17 |
|
18 | import * as jwt from 'jsonwebtoken';
|
19 | import { Agent } from 'http';
|
20 | export declare const ALGORITHM_RS256: jwt.Algorithm;
|
21 | export declare type Dictionary = {
|
22 | [key: string]: any;
|
23 | };
|
24 | export declare type DecodedToken = {
|
25 | header: Dictionary;
|
26 | payload: Dictionary;
|
27 | };
|
28 | export interface SignatureVerifier {
|
29 | verify(token: string): Promise<void>;
|
30 | }
|
31 | interface KeyFetcher {
|
32 | fetchPublicKeys(): Promise<{
|
33 | [key: string]: string;
|
34 | }>;
|
35 | }
|
36 | export declare class JwksFetcher implements KeyFetcher {
|
37 | private publicKeys;
|
38 | private publicKeysExpireAt;
|
39 | private client;
|
40 | constructor(jwksUrl: string);
|
41 | fetchPublicKeys(): Promise<{
|
42 | [key: string]: string;
|
43 | }>;
|
44 | private shouldRefresh;
|
45 | private refresh;
|
46 | }
|
47 |
|
48 |
|
49 |
|
50 | export declare class UrlKeyFetcher implements KeyFetcher {
|
51 | private clientCertUrl;
|
52 | private readonly httpAgent?;
|
53 | private publicKeys;
|
54 | private publicKeysExpireAt;
|
55 | constructor(clientCertUrl: string, httpAgent?: Agent | undefined);
|
56 | /**
|
57 | * Fetches the public keys for the Google certs.
|
58 | *
|
59 | * @returns A promise fulfilled with public keys for the Google certs.
|
60 | */
|
61 | fetchPublicKeys(): Promise<{
|
62 | [key: string]: string;
|
63 | }>;
|
64 | |
65 |
|
66 |
|
67 |
|
68 |
|
69 | private shouldRefresh;
|
70 | private refresh;
|
71 | }
|
72 |
|
73 |
|
74 |
|
75 | export declare class PublicKeySignatureVerifier implements SignatureVerifier {
|
76 | private keyFetcher;
|
77 | constructor(keyFetcher: KeyFetcher);
|
78 | static withCertificateUrl(clientCertUrl: string, httpAgent?: Agent): PublicKeySignatureVerifier;
|
79 | static withJwksUrl(jwksUrl: string): PublicKeySignatureVerifier;
|
80 | verify(token: string): Promise<void>;
|
81 | private verifyWithoutKid;
|
82 | private verifyWithAllKeys;
|
83 | }
|
84 | /**
|
85 | * Class for verifying unsigned (emulator) JWTs.
|
86 | */
|
87 | export declare class EmulatorSignatureVerifier implements SignatureVerifier {
|
88 | verify(token: string): Promise<void>;
|
89 | }
|
90 |
|
91 |
|
92 |
|
93 |
|
94 |
|
95 |
|
96 |
|
97 |
|
98 |
|
99 | export declare function verifyJwtSignature(token: string, secretOrPublicKey: jwt.Secret | jwt.GetPublicKeyOrSecret, options?: jwt.VerifyOptions): Promise<void>;
|
100 |
|
101 |
|
102 |
|
103 |
|
104 |
|
105 |
|
106 | export declare function decodeJwt(jwtToken: string): Promise<DecodedToken>;
|
107 |
|
108 |
|
109 |
|
110 |
|
111 |
|
112 |
|
113 |
|
114 | export declare class JwtError extends Error {
|
115 | readonly code: JwtErrorCode;
|
116 | readonly message: string;
|
117 | constructor(code: JwtErrorCode, message: string);
|
118 | }
|
119 | /**
|
120 | * JWT error codes.
|
121 | */
|
122 | export declare enum JwtErrorCode {
|
123 | INVALID_ARGUMENT = "invalid-argument",
|
124 | INVALID_CREDENTIAL = "invalid-credential",
|
125 | TOKEN_EXPIRED = "token-expired",
|
126 | INVALID_SIGNATURE = "invalid-token",
|
127 | NO_MATCHING_KID = "no-matching-kid-error",
|
128 | NO_KID_IN_HEADER = "no-kid-error",
|
129 | KEY_FETCH_ERROR = "key-fetch-error"
|
130 | }
|
131 | export {};
|