feat: #4 introduce SigningKey type

ncats · Oct 6, 2021 · 63fccb1 · 63fccb1
1 parent 0861bfe
commit 63fccb1
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 15 deletions.
diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
@@ -159,7 +159,7 @@ export class MetadataService {
     // (undocumented)
     getRevocationEndpoint(): Promise<string | undefined>;
     // (undocumented)
-    getSigningKeys(): Promise<Record<string, string>[] | null>;
+    getSigningKeys(): Promise<SigningKey[] | null>;
     // (undocumented)
     getTokenEndpoint(optional?: boolean): Promise<string | undefined>;
     // (undocumented)
@@ -241,7 +241,7 @@ export interface OidcClientSettings {
     response_mode?: "query" | "fragment";
     response_type?: string;
     scope?: string;
-    signingKeys?: Record<string, string>[];
+    signingKeys?: SigningKey[];
     staleStateAgeInSeconds?: number;
     // Warning: (ae-forgotten-export) The symbol "StateStore" needs to be exported by the entry point index.d.ts
     //
@@ -285,6 +285,9 @@ export interface SessionStatus {
     sub?: string;
 }
 
+// @public (undocumented)
+export type SigningKey = Record<string, string | string[]>;
+
 // Warning: (ae-forgotten-export) The symbol "PopupWindowParams" needs to be exported by the entry point index.d.ts
 //
 // @public (undocumented)

diff --git a/src/MetadataService.ts b/src/MetadataService.ts
@@ -3,7 +3,7 @@
 
 import { Log } from "./utils";
 import { JsonService } from "./JsonService";
-import type { OidcClientSettingsStore } from "./OidcClientSettings";
+import type { OidcClientSettingsStore, SigningKey } from "./OidcClientSettings";
 import type { OidcMetadata } from "./OidcMetadata";
 
 const OidcMetadataUrlPath = ".well-known/openid-configuration";
@@ -17,7 +17,7 @@ export class MetadataService {
 
     // cache
     private _metadataUrl: string | null;
-    private _signingKeys: Record<string, string>[] | null;
+    private _signingKeys: SigningKey[] | null;
     private _metadata: Partial<OidcMetadata> | null;
 
     public constructor(settings: OidcClientSettingsStore) {
@@ -123,7 +123,7 @@ export class MetadataService {
         return metadata[name];
     }
 
-    public async getSigningKeys(): Promise<Record<string, string>[] | null> {
+    public async getSigningKeys(): Promise<SigningKey[] | null> {
         if (this._signingKeys) {
             Log.debug("MetadataService.getSigningKeys: Returning signingKeys from cache");
             return this._signingKeys;

diff --git a/src/OidcClientSettings.ts b/src/OidcClientSettings.ts
@@ -11,6 +11,11 @@ const DefaultClientAuthentication = "client_secret_post"; // The default value m
 const DefaultStaleStateAgeInSeconds = 60 * 15; // seconds
 const DefaultClockSkewInSeconds = 60 * 5;
 
+/**
+ * @public
+ */
+export type SigningKey = Record<string, string | string[]>;
+
 /**
  * @public
  */
@@ -23,7 +28,7 @@ export interface OidcClientSettings {
     /** Can be used to seed or add additional values to the results of the discovery request */
     metadataSeed?: Partial<OidcMetadata>;
     /** Provide signingKeys when authority server does not allow CORS on the jwks uri */
-    signingKeys?: Record<string, string>[];
+    signingKeys?: SigningKey[];
 
     /** Your client application's identifier as registered with the OIDC/OAuth2 */
     client_id: string;
@@ -70,7 +75,7 @@ export class OidcClientSettingsStore {
     public readonly metadataUrl: string | undefined;
     public readonly metadata: Partial<OidcMetadata> | undefined;
     public readonly metadataSeed: Partial<OidcMetadata> | undefined;
-    public readonly signingKeys: Record<string, string>[] | undefined;
+    public readonly signingKeys: SigningKey[] | undefined;
 
     // client config
     public readonly client_id: string;

diff --git a/src/ResponseValidator.ts b/src/ResponseValidator.ts
@@ -6,7 +6,7 @@ import type { MetadataService } from "./MetadataService";
 import { UserInfoService } from "./UserInfoService";
 import { TokenClient } from "./TokenClient";
 import { ErrorResponse } from "./ErrorResponse";
-import type { OidcClientSettingsStore } from "./OidcClientSettings";
+import type { OidcClientSettingsStore, SigningKey } from "./OidcClientSettings";
 import type { SigninState } from "./SigninState";
 import type { SigninResponse } from "./SigninResponse";
 import type { State } from "./State";
@@ -293,7 +293,7 @@ export class ResponseValidator {
         return response;
     }
 
-    protected async _getSigningKeyForJwt(jwt: ParsedJwt): Promise<Record<string, string> | null> {
+    protected async _getSigningKeyForJwt(jwt: ParsedJwt): Promise<SigningKey | null> {
         let keys = await this._metadataService.getSigningKeys();
         if (!keys) {
             Log.error("ResponseValidator._getSigningKeyForJwt: No signing keys from metadata");
@@ -317,7 +317,7 @@ export class ResponseValidator {
         return keys[0];
     }
 
-    protected async _getSigningKeyForJwtWithSingleRetry(jwt: ParsedJwt): Promise<Record<string, string> | null> {
+    protected async _getSigningKeyForJwtWithSingleRetry(jwt: ParsedJwt): Promise<SigningKey | null> {
         const key = await this._getSigningKeyForJwt(jwt);
         if (key) {
             return key;
@@ -371,7 +371,7 @@ export class ResponseValidator {
         return response;
     }
 
-    protected _filterByAlg(keys: Record<string, string>[], alg: string): Record<string, string>[] {
+    protected _filterByAlg(keys: SigningKey[], alg: string): SigningKey[] {
         let kty: string | null = null;
         if (alg.startsWith("RS")) {
             kty = "RSA";

diff --git a/src/UserInfoService.ts b/src/UserInfoService.ts
@@ -4,7 +4,7 @@
 import { Log, JoseUtil } from "./utils";
 import { JsonService } from "./JsonService";
 import type { MetadataService } from "./MetadataService";
-import type { OidcClientSettingsStore } from "./OidcClientSettings";
+import type { OidcClientSettingsStore, SigningKey } from "./OidcClientSettings";
 
 export class UserInfoService {
     private _settings: OidcClientSettingsStore;
@@ -62,7 +62,7 @@ export class UserInfoService {
             }
 
             Log.debug("UserInfoService._getClaimsFromJwt: Received signing keys");
-            let key: Record<string, string> | null;
+            let key: SigningKey | null;
             if (jwt.header.kid) {
                 key = keys.filter(key => key.kid === jwt.header.kid)[0] ?? null;
             }
@@ -97,7 +97,7 @@ export class UserInfoService {
         }
     }
 
-    protected _filterByAlg(keys: Record<string, string>[], alg: string): Record<string, string>[] {
+    protected _filterByAlg(keys: SigningKey[], alg: string): SigningKey[] {
         let kty: string | null = null;
         if (alg.startsWith("RS")) {
             kty = "RSA";

diff --git a/src/index.ts b/src/index.ts
@@ -4,7 +4,7 @@
 export { Log } from "./utils";
 
 export * from "./OidcClient";
-export type { OidcClientSettings } from "./OidcClientSettings";
+export type { OidcClientSettings, SigningKey } from "./OidcClientSettings";
 export { WebStorageStateStore } from "./WebStorageStateStore";
 export { InMemoryWebStorage } from "./InMemoryWebStorage";
 export * from "./UserManager";