-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.d.ts
209 lines (207 loc) · 6.3 KB
/
index.d.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
/* tslint:disable */
/* eslint-disable */
/* auto-generated by NAPI-RS */
export const enum Algorithm {
/** HMAC using SHA-256 */
HS256 = 'HS256',
/** HMAC using SHA-384 */
HS384 = 'HS384',
/** HMAC using SHA-512 */
HS512 = 'HS512',
/** ECDSA using SHA-256 */
ES256 = 'ES256',
/** ECDSA using SHA-384 */
ES384 = 'ES384',
/** RSASSA-PKCS1-v1_5 using SHA-256 */
RS256 = 'RS256',
/** RSASSA-PKCS1-v1_5 using SHA-384 */
RS384 = 'RS384',
/** RSASSA-PKCS1-v1_5 using SHA-512 */
RS512 = 'RS512',
/** RSASSA-PSS using SHA-256 */
PS256 = 'PS256',
/** RSASSA-PSS using SHA-384 */
PS384 = 'PS384',
/** RSASSA-PSS using SHA-512 */
PS512 = 'PS512',
/** Edwards-curve Digital Signature Algorithm (EdDSA) */
EdDSA = 'EdDSA'
}
export interface ClaimOpts {
/** Recipient for which the JWT is intended */
aud?: string
/** Time at which the JWT was issued (as UTC timestamp, seconds from epoch time) */
iat?: number
/** Issuer of JWT */
iss?: string
/** [JWT id] Unique identifier */
jti?: string
/** [not-before-time] Time before which the JWT must not be accepted for processing (as UTC timestamp, seconds from epoch time) */
nbf?: number
/** Subject of JWT (the user) */
sub?: string
}
export interface Header {
/**
* The algorithm used
*
* Defined in [RFC7515#4.1.1](https://tools.ietf.org/html/rfc7515#section-4.1.1).
* Default to `HS256`
*/
algorithm?: Algorithm
/**
* Content type
*
* Defined in [RFC7519#5.2](https://tools.ietf.org/html/rfc7519#section-5.2).
*/
contentType?: string
/**
* JSON Key URL
*
* Defined in [RFC7515#4.1.2](https://tools.ietf.org/html/rfc7515#section-4.1.2).
*/
jsonKeyUrl?: string
/**
* JSON Web Key
*
* Defined in [RFC7515#4.1.3](https://tools.ietf.org/html/rfc7515#section-4.1.3).
* Key ID
*
* Defined in [RFC7515#4.1.4](https://tools.ietf.org/html/rfc7515#section-4.1.4).
*/
keyId?: string
/**
* X.509 URL
*
* Defined in [RFC7515#4.1.5](https://tools.ietf.org/html/rfc7515#section-4.1.5).
*/
x5Url?: string
/**
* X.509 certificate chain. A Vec of base64 encoded ASN.1 DER certificates.
*
* Defined in [RFC7515#4.1.6](https://tools.ietf.org/html/rfc7515#section-4.1.6).
*/
x5CertChain?: Array<string>
/**
* X.509 SHA1 certificate thumbprint
*
* Defined in [RFC7515#4.1.7](https://tools.ietf.org/html/rfc7515#section-4.1.7).
*/
x5CertThumbprint?: string
/**
* X.509 SHA256 certificate thumbprint
*
* Defined in [RFC7515#4.1.8](https://tools.ietf.org/html/rfc7515#section-4.1.8).
*
* This will be serialized/deserialized as "x5t#S256", as defined by the RFC.
*/
x5TS256CertThumbprint?: string
}
export interface JwtClientInitOpts {
header?: Header
validation?: Validation
}
export interface Validation {
/**
* If it contains a value, the validation will check that the `aud` field is a member of the
* audience provided and will error otherwise.
*
* Defaults to an empty collection.
*/
aud?: Array<string>
/**
* Which claims are required to be present before starting the validation.
* This does not interact with the various `validate_*`. If you remove `exp` from that list, you still need
* to set `validate_exp` to `false`.
* The only value that will be used are "exp", "nbf", "aud", "iss", "sub". Anything else will be ignored.
*
* Defaults to `exp`.
*/
requiredSpecClaims?: Array<string>
/**
* Add some leeway (in seconds) to the `exp` and `nbf` validation to
* account for clock skew.
*
* Defaults to `60`.
*/
leeway?: number
/**
* Whether to validate the `exp` field.
*
* Defaults to `true`.
*/
validateExp?: boolean
/**
* Whether to validate the `nbf` field.
*
* It will return an error if the current timestamp is before the time in the `nbf` field.
*
* Defaults to `false`.
*/
validateNbf?: boolean
/**
* If it contains a value, the validation will check that the `sub` field is the same as the
* one provided and will error otherwise.
*
* Turned off by default.
*/
sub?: string
/**
* The algorithm used to verify the signature.
*
* Defaults to `HS256`.
*/
algorithms?: Array<Algorithm>
/**
* If it contains a value, the validation will check that the `iss` field is a member of the
* iss provided and will error otherwise.
* Use `set_issuer` to set it
*
* Defaults to an empty collection.
*/
iss?: Array<string>
/**
* Whether to validate the JWT signature.
*
* Defaults to `true`.
*/
validateSignature?: boolean
}
export declare class Claims {
data: Record<string, any>
/** Time after which the JWT expires (as UTC timestamp, seconds from epoch time) */
exp: number
/** Recipient for which the JWT is intended */
aud?: string
/** Time at which the JWT was issued (as UTC timestamp, seconds from epoch time) */
iat?: number
/** Issuer of JWT */
iss?: string
/** [JWT id] Unique identifier */
jti?: string
/** [not-before-time] Time before which the JWT must not be accepted for processing (as UTC timestamp, seconds from epoch time) */
nbf?: number
/** Subject of JWT (the user) */
sub?: string
constructor(data: Record<string, any>, expiresInSeconds: number, opts?: ClaimOpts | undefined | null)
}
export declare class JwtClient {
/** For symetric key based signatures */
constructor(secretKey: string | Buffer, opts?: JwtClientInitOpts | undefined | null)
/** For assymetric key based signatures */
static withPubPrivKeys(pubKey: string | Buffer, privKey: string | Buffer, opts?: JwtClientInitOpts | undefined | null): JwtClient
sign(data: Record<string, any>, expiresInSeconds: number, claimOpts?: ClaimOpts | undefined | null): string
signClaims(claims: Claims): string
verify(token: string): Claims
get header(): Header
}
export declare class JwtCacheClient {
constructor(secretKey: string | Buffer, ttlSecs: number, maxCapacity: number, opts?: JwtClientInitOpts | undefined | null)
static withPubPrivKeys(pubKey: string | Buffer, privKey: string | Buffer, ttlSecs: number, maxCapacity: number, opts?: JwtClientInitOpts | undefined | null): JwtCacheClient
sign(data: Record<string, any>, claimOpts?: ClaimOpts | undefined | null): string
verify(token: string): Claims
invalidateCache(): void
get header(): Header
get ttlSecs(): number
get maxCapacity(): number
}