-
Notifications
You must be signed in to change notification settings - Fork 8
/
index.d.ts
91 lines (82 loc) · 3.04 KB
/
index.d.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import { FastifyPluginCallback, FastifyReply, FastifyRequest } from 'fastify'
import { UserType, SignPayloadType } from '@fastify/jwt'
import NodeCache from 'node-cache'
export interface FastifyJwtJwksOptions {
/**
* JSON Web Key Set url (JWKS).
* The public endpoint returning the set of keys that contain amongst other things the keys needed to verify JSON Web Tokens (JWT)
* Eg. https://domain.com/.well-known/jwks.json
*/
readonly jwksUrl?: string
/**
* The intended consumer of the token.
* This is typically a set of endpoints at which the token can be used.
* If you provide the value `true`, the domain will be also used as audience.
* Accepts a string value, or an array of strings for multiple audiences.
*/
readonly audience?: string | readonly string[] | boolean
/**
* The domain of the system which is issuing OAuth access tokens.
* By default the domain will be also used as audience.
* Accepts a string value, or an array of strings for multiple issuers.
*/
readonly issuer?: string | RegExp | (RegExp | string)[]
/**
* The OAuth client secret. It enables verification of HS256 encoded JWT tokens.
*/
readonly secret?: string
/**
* If to return also the header and signature of the verified token.
*/
readonly complete?: boolean
/**
* How long (in milliseconds) to cache RS256 secrets before getting them
* again using well known JWKS URLS. Setting to 0 or less disables the cache.
*/
readonly secretsTtl?: string | number
/**
* Used to indicate that the token can be passed using cookie, instead of the Authorization header.
*/
readonly cookie?: {
/**
* The name of the cookie.
*/
cookieName: string
/**
* Indicates whether the cookie is signed or not. If set to `true`, the JWT
* will be verified using the unsigned value.
*/
signed?: boolean
}
/**
* You may customize the request.user object setting a custom sync function as parameter:
*/
readonly formatUser?: (payload: SignPayloadType) => UserType
/**
* A string used to namespace the decorators of this plugin. This is to allow this plugin to be applied multiple times
* to a single Fastify instance. See the description of the namespace parameter in @fastify/jwt.
*/
readonly namespace?: string
}
export interface JwtJwks extends Pick<FastifyJwtJwksOptions, 'jwksUrl' | 'audience' | 'secret'> {
readonly verify: FastifyJwtJwksOptions & {
readonly algorithms: readonly string[]
readonly audience?: string | readonly string[]
}
}
export type Authenticate = (request: FastifyRequest, reply: FastifyReply) => Promise<void>
/**
* JWT JWKS verification plugin for Fastify, internally uses @fastify/jwt and jsonwebtoken.
*/
export const fastifyJwtJwks: FastifyPluginCallback<FastifyJwtJwksOptions>
export default fastifyJwtJwks
declare module 'fastify' {
interface FastifyInstance {
authenticate: Authenticate
jwtJwks: JwtJwks
}
interface FastifyRequest {
jwtJwks: JwtJwks
jwtJwksSecretsCache: Pick<NodeCache, 'get' | 'set' | 'close'>
}
}