@windingtree/org.id-auth - npm Package Compare versions

Comparing version 1.2.1 to 1.2.2

dist/tokens.d.ts

@@ -10,3 +10,4 @@ import type { JWTPayload, JWSHeaderParameters } from 'jose';
 }
-export declare const createAuthJWT: (privateKey: KeyLike | JWK, issuer: string, audience: string, scope?: string | string[], expiration?: string) => Promise<string>;
+export declare const validateScope: (payload: JWTPayload, scope?: string | string[]) => void;
+export declare const createAuthJWT: (privateKey: KeyLike | JWK, issuer: string, audience: string, scope?: string | string[], expiration?: string | number) => Promise<string>;
 export declare const jwtDomain: {
@@ -23,2 +24,2 @@ name: string;
 export declare const verifyAuthJWT: (jwt: string, publicKey: KeyLike | JWK, issuer: string, audience: string, scope?: string | string[]) => Promise<JWTVerifyResult>;
-export declare const verifyAuthJWTWithEthers: (jwt: string, blockchainAccountId: string, issuer: string, audience: string) => Promise<JWTVerifyResult>;
+export declare const verifyAuthJWTWithEthers: (jwt: string, blockchainAccountId: string, issuer: string, audience: string, scope?: string | string[]) => Promise<JWTVerifyResult>;

dist/tokens.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyAuthJWTWithEthers = exports.verifyAuthJWT = exports.createAuthJWTWithEthers = exports.jwtSignatureTypes = exports.jwtDomain = exports.createAuthJWT = exports.decodeJwt = void 0;
+exports.verifyAuthJWTWithEthers = exports.verifyAuthJWT = exports.createAuthJWTWithEthers = exports.jwtSignatureTypes = exports.jwtDomain = exports.createAuthJWT = exports.validateScope = exports.decodeJwt = void 0;
 const org_id_utils_1 = require("@windingtree/org.id-utils");
@@ -13,2 +13,33 @@ const jose_1 = require("jose");
 const ethers_1 = require("ethers");
+const validateScope = (payload, scope) => {
+    if (scope && scope !== '') {
+        let parsedScope;
+        if (!Array.isArray(scope)) {
+            try {
+                parsedScope = JSON.parse(scope);
+            }
+            catch {
+                throw new Error(`Unable to parse stringified scope: ${scope}`);
+            }
+        }
+        else {
+            parsedScope = scope;
+        }
+        if (!payload.scope || payload.scope === '') {
+            throw new Error('Scope not found in the payload');
+        }
+        try {
+            payload.scope = JSON.parse(payload.scope);
+        }
+        catch {
+            throw new Error(`Unable to parse scope in the payload: ${payload.scope}`);
+        }
+        const scopeMatch = payload.scope
+            .filter(x => parsedScope.includes(x));
+        if (scopeMatch.length !== parsedScope.length) {
+            throw new Error(`The scope provided by the JWT ${JSON.stringify(payload.scope)} not fully matches with verification scope: ${JSON.stringify(parsedScope)}`);
+        }
+    }
+};
+exports.validateScope = validateScope;
 // Create an authentication JWT
@@ -117,30 +148,3 @@ const createAuthJWT = async (privateKey, issuer, audience, scope, expiration) => {
     });
-    if (scope && scope !== '') {
-        let parsedScope;
-        if (!Array.isArray(scope)) {
-            try {
-                parsedScope = JSON.parse(scope);
-            }
-            catch {
-                throw new Error(`Unable to parse stringified scope: ${scope}`);
-            }
-        }
-        else {
-            parsedScope = scope;
-        }
-        if (!payload.scope || payload.scope === '') {
-            throw new Error('Scope not found in the payload');
-        }
-        try {
-            payload.scope = JSON.parse(payload.scope);
-        }
-        catch {
-            throw new Error(`Unable to parse scope in the payload: ${payload.scope}`);
-        }
-        const scopeMatch = payload.scope
-            .filter(x => parsedScope.includes(x));
-        if (scopeMatch.length !== parsedScope.length) {
-            throw new Error(`The scope provided by the JWT ${JSON.stringify(payload.scope)} not fully matches with verification scope: ${JSON.stringify(parsedScope)}`);
-        }
-    }
+    (0, exports.validateScope)(payload, scope);
     return {
@@ -153,3 +157,3 @@ payload,
 // Verify JWT signed with signer
-const verifyAuthJWTWithEthers = async (jwt, blockchainAccountId, issuer, audience) => {
+const verifyAuthJWTWithEthers = async (jwt, blockchainAccountId, issuer, audience, scope) => {
     const { accountAddress } = (0, vc_1.parseBlockchainAccountId)(blockchainAccountId);
@@ -164,2 +168,5 @@ const { protectedHeader, payload, message, signature } = (0, vc_1.decodeJws)(jwt);
     }
+    if (payload.exp && payload.exp < Date.now()) {
+        throw new Error(`JWT expired at ${(new Date(payload.exp)).toISOString()}`);
+    }
     if (payload.iss !== issuer) {
@@ -171,2 +178,3 @@ throw new Error(`Unknown JWT issuer: ${payload.iss}`);
     }
+    (0, exports.validateScope)(payload, scope);
     return {
@@ -173,0 +181,0 @@ payload,

package.json

 {
   "name": "@windingtree/org.id-auth",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "ORGiD authentication library",
@@ -44,3 +44,3 @@ "main": "dist/index.js",
   "dependencies": {
-    "@windingtree/org.id-utils": "^1.2.1",
+    "@windingtree/org.id-utils": "^1.2.2",
     "@windingtree/org.json-schema": "1.0.2",
@@ -81,3 +81,3 @@ "ethers": "5.7.1",
   },
-  "gitHead": "66ff7c8916cb20c557ad9c1975cf176589ffaea3"
+  "gitHead": "29baf36a1cf10d6a9f5927b0a1ce84a9215a9d4b"
 }

No alert changes

Improved metrics

Total package byte prevSize

66666

increased by1.33%

Lines of code

982

increased by0.92%

Dependency changes

• Updated@windingtree/org.id-utils@^1.2.2