feat: add experimental support for edge compute runtimes JWKS caching

panva · Jun 19, 2024 · 15b7aff · 15b7aff
1 parent cb4e45c
commit 15b7aff
Show file tree

Hide file tree

Showing 15 changed files with 625 additions and 29 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -146,11 +146,15 @@
 - [DeviceAuthorizationRequestOptions](interfaces/DeviceAuthorizationRequestOptions.md)
 - [DeviceAuthorizationResponse](interfaces/DeviceAuthorizationResponse.md)
 - [DiscoveryRequestOptions](interfaces/DiscoveryRequestOptions.md)
+- [ExportedJWKSCache](interfaces/ExportedJWKSCache.md)
 - [GenerateKeyPairOptions](interfaces/GenerateKeyPairOptions.md)
 - [HttpRequestOptions](interfaces/HttpRequestOptions.md)
 - [IDToken](interfaces/IDToken.md)
 - [IntrospectionRequestOptions](interfaces/IntrospectionRequestOptions.md)
 - [IntrospectionResponse](interfaces/IntrospectionResponse.md)
+- [JWK](interfaces/JWK.md)
+- [JWKS](interfaces/JWKS.md)
+- [JWKSCacheOptions](interfaces/JWKSCacheOptions.md)
 - [JWTAccessTokenClaims](interfaces/JWTAccessTokenClaims.md)
 - [MTLSEndpointAliases](interfaces/MTLSEndpointAliases.md)
 - [OAuth2Error](interfaces/OAuth2Error.md)
@@ -167,13 +171,16 @@
 - [UserInfoAddress](interfaces/UserInfoAddress.md)
 - [UserInfoRequestOptions](interfaces/UserInfoRequestOptions.md)
 - [UserInfoResponse](interfaces/UserInfoResponse.md)
+- [ValidateDetachedSignatureResponseOptions](interfaces/ValidateDetachedSignatureResponseOptions.md)
 - [ValidateJWTAccessTokenOptions](interfaces/ValidateJWTAccessTokenOptions.md)
+- [ValidateJwtAuthResponseOptions](interfaces/ValidateJwtAuthResponseOptions.md)
 - [WWWAuthenticateChallenge](interfaces/WWWAuthenticateChallenge.md)
 - [WWWAuthenticateChallengeParameters](interfaces/WWWAuthenticateChallengeParameters.md)
 
 ### Type Aliases
 
 - [ClientAuthenticationMethod](types/ClientAuthenticationMethod.md)
+- [JWKSCacheInput](types/JWKSCacheInput.md)
 - [JWSAlgorithm](types/JWSAlgorithm.md)
 - [JsonArray](types/JsonArray.md)
 - [JsonObject](types/JsonObject.md)
@@ -187,6 +194,7 @@
 - [customFetch](variables/customFetch.md)
 - [expectNoNonce](variables/expectNoNonce.md)
 - [expectNoState](variables/expectNoState.md)
+- [experimental\_jwksCache](variables/experimental_jwksCache.md)
 - [skipAuthTimeCheck](variables/skipAuthTimeCheck.md)
 - [skipStateCheck](variables/skipStateCheck.md)
 - [skipSubjectCheck](variables/skipSubjectCheck.md)

diff --git a/docs/functions/validateDetachedSignatureResponse.md b/docs/functions/validateDetachedSignatureResponse.md
@@ -17,7 +17,7 @@ responses.
 | `expectedNonce` | `string` | Expected ID Token `nonce` claim value. |
 | `expectedState?` | `string` \| typeof [`expectNoState`](../variables/expectNoState.md) | Expected `state` parameter value. Default is [expectNoState](../variables/expectNoState.md). |
 | `maxAge?` | `number` \| typeof [`skipAuthTimeCheck`](../variables/skipAuthTimeCheck.md) | ID Token [`auth_time`](../interfaces/IDToken.md#auth_time) claim value will be checked to be present and conform to the `maxAge` value. Use of this option is required if you sent a `max_age` parameter in an authorization request. Default is [`client.default_max_age`](../interfaces/Client.md#default_max_age) and falls back to [skipAuthTimeCheck](../variables/skipAuthTimeCheck.md). |
-| `options?` | [`HttpRequestOptions`](../interfaces/HttpRequestOptions.md) | - |
+| `options?` | [`ValidateDetachedSignatureResponseOptions`](../interfaces/ValidateDetachedSignatureResponseOptions.md) | - |
 
 #### Returns
 

diff --git a/docs/functions/validateJwtAuthResponse.md b/docs/functions/validateJwtAuthResponse.md
@@ -14,7 +14,7 @@ Same as [validateAuthResponse](validateAuthResponse.md) but for signed JARM resp
 | `client` | [`Client`](../interfaces/Client.md) | Client Metadata. |
 | `parameters` | [`URLSearchParams`]( https://developer.mozilla.org/docs/Web/API/URLSearchParams ) \| [`URL`]( https://developer.mozilla.org/docs/Web/API/URL ) | JARM authorization response. |
 | `expectedState?` | `string` \| typeof [`expectNoState`](../variables/expectNoState.md) \| typeof [`skipStateCheck`](../variables/skipStateCheck.md) | Expected `state` parameter value. Default is [expectNoState](../variables/expectNoState.md). |
-| `options?` | [`HttpRequestOptions`](../interfaces/HttpRequestOptions.md) | - |
+| `options?` | [`ValidateJwtAuthResponseOptions`](../interfaces/ValidateJwtAuthResponseOptions.md) | - |
 
 #### Returns
 

diff --git a/docs/interfaces/ExportedJWKSCache.md b/docs/interfaces/ExportedJWKSCache.md
@@ -0,0 +1,22 @@
+# Interface: ExportedJWKSCache
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+## Table of contents
+
+### Properties
+
+- [jwks](ExportedJWKSCache.md#jwks)
+- [uat](ExportedJWKSCache.md#uat)
+
+## Properties
+
+### jwks
+
+• **jwks**: [`JWKS`](JWKS.md)
+
+___
+
+### uat
+
+• **uat**: `number`
diff --git a/docs/interfaces/HttpRequestOptions.md b/docs/interfaces/HttpRequestOptions.md
@@ -61,6 +61,10 @@ const signal = () => AbortSignal.timeout(5_000) // Note: AbortSignal.timeout may
 
   ↳ [`IntrospectionRequestOptions`](IntrospectionRequestOptions.md)
 
+  ↳ [`ValidateJwtAuthResponseOptions`](ValidateJwtAuthResponseOptions.md)
+
+  ↳ [`ValidateDetachedSignatureResponseOptions`](ValidateDetachedSignatureResponseOptions.md)
+
   ↳ [`DeviceAuthorizationRequestOptions`](DeviceAuthorizationRequestOptions.md)
 
   ↳ [`ValidateJWTAccessTokenOptions`](ValidateJWTAccessTokenOptions.md)
diff --git a/docs/interfaces/JWK.md b/docs/interfaces/JWK.md
@@ -0,0 +1,82 @@
+# Interface: JWK
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+## Indexable
+
+▪ [parameter: `string`]: [`JsonValue`](../types/JsonValue.md) \| `undefined`
+
+## Table of contents
+
+### Properties
+
+- [alg](JWK.md#alg)
+- [crv](JWK.md#crv)
+- [e](JWK.md#e)
+- [key\_ops](JWK.md#key_ops)
+- [kid](JWK.md#kid)
+- [kty](JWK.md#kty)
+- [n](JWK.md#n)
+- [use](JWK.md#use)
+- [x](JWK.md#x)
+- [y](JWK.md#y)
+
+## Properties
+
+### alg
+
+• `Optional` `Readonly` **alg**: `string`
+
+___
+
+### crv
+
+• `Optional` `Readonly` **crv**: `string`
+
+___
+
+### e
+
+• `Optional` `Readonly` **e**: `string`
+
+___
+
+### key\_ops
+
+• `Optional` `Readonly` **key\_ops**: `string`[]
+
+___
+
+### kid
+
+• `Optional` `Readonly` **kid**: `string`
+
+___
+
+### kty
+
+• `Optional` `Readonly` **kty**: `string`
+
+___
+
+### n
+
+• `Optional` `Readonly` **n**: `string`
+
+___
+
+### use
+
+• `Optional` `Readonly` **use**: `string`
+
+___
+
+### x
+
+• `Optional` `Readonly` **x**: `string`
+
+___
+
+### y
+
+• `Optional` `Readonly` **y**: `string`
diff --git a/docs/interfaces/JWKS.md b/docs/interfaces/JWKS.md
@@ -0,0 +1,15 @@
+# Interface: JWKS
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+## Table of contents
+
+### Properties
+
+- [keys](JWKS.md#keys)
+
+## Properties
+
+### keys
+
+• `Readonly` **keys**: [`JWK`](JWK.md)[]
diff --git a/docs/interfaces/JWKSCacheOptions.md b/docs/interfaces/JWKSCacheOptions.md
@@ -0,0 +1,27 @@
+# Interface: JWKSCacheOptions
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+## Table of contents
+
+### Properties
+
+- [[experimental\_jwksCache]](JWKSCacheOptions.md#experimental_jwkscache)
+
+## Properties
+
+### [experimental\_jwksCache]
+
+• `Optional` **[experimental\_jwksCache]**: [`JWKSCacheInput`](../types/JWKSCacheInput.md)
+
+See [experimental_jwksCache](../variables/experimental_jwksCache.md).
+
+## Hierarchy
+
+- **`JWKSCacheOptions`**
+
+  ↳ [`ValidateJwtAuthResponseOptions`](ValidateJwtAuthResponseOptions.md)
+
+  ↳ [`ValidateDetachedSignatureResponseOptions`](ValidateDetachedSignatureResponseOptions.md)
+
+  ↳ [`ValidateJWTAccessTokenOptions`](ValidateJWTAccessTokenOptions.md)
diff --git a/docs/interfaces/ValidateDetachedSignatureResponseOptions.md b/docs/interfaces/ValidateDetachedSignatureResponseOptions.md
@@ -0,0 +1,61 @@
+# Interface: ValidateDetachedSignatureResponseOptions
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+## Table of contents
+
+### Properties
+
+- [[customFetch]](ValidateDetachedSignatureResponseOptions.md#customfetch)
+- [[experimental\_jwksCache]](ValidateDetachedSignatureResponseOptions.md#experimental_jwkscache)
+- [headers](ValidateDetachedSignatureResponseOptions.md#headers)
+- [signal](ValidateDetachedSignatureResponseOptions.md#signal)
+
+## Properties
+
+### [customFetch]
+
+• `Optional` **[customFetch]**: (`input`: `RequestInfo` \| [`URL`]( https://developer.mozilla.org/docs/Web/API/URL ), `init?`: `RequestInit`) => [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Response`]( https://developer.mozilla.org/docs/Web/API/Response )\>
+
+See [customFetch](../variables/customFetch.md).
+
+___
+
+### [experimental\_jwksCache]
+
+• `Optional` **[experimental\_jwksCache]**: [`JWKSCacheInput`](../types/JWKSCacheInput.md)
+
+See [experimental_jwksCache](../variables/experimental_jwksCache.md).
+
+___
+
+### headers
+
+• `Optional` **headers**: [`Record`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#recordkeys-type )\<`string`, `string`\> \| [`string`, `string`][] \| [`Headers`]( https://developer.mozilla.org/docs/Web/API/Headers )
+
+Headers to additionally send with the HTTP request(s) triggered by this function's invocation.
+
+___
+
+### signal
+
+• `Optional` **signal**: [`AbortSignal`]( https://developer.mozilla.org/docs/Web/API/AbortSignal ) \| () => [`AbortSignal`]( https://developer.mozilla.org/docs/Web/API/AbortSignal )
+
+An AbortSignal instance, or a factory returning one, to abort the HTTP request(s) triggered by
+this function's invocation.
+
+**`Example`**
+
+A 5000ms timeout AbortSignal for every request
+
+```js
+const signal = () => AbortSignal.timeout(5_000) // Note: AbortSignal.timeout may not yet be available in all runtimes.
+```
+
+## Hierarchy
+
+- [`HttpRequestOptions`](HttpRequestOptions.md)
+
+- [`JWKSCacheOptions`](JWKSCacheOptions.md)
+
+  ↳ **`ValidateDetachedSignatureResponseOptions`**
diff --git a/docs/interfaces/ValidateJWTAccessTokenOptions.md b/docs/interfaces/ValidateJWTAccessTokenOptions.md
@@ -9,6 +9,7 @@
 - [[clockSkew]](ValidateJWTAccessTokenOptions.md#clockskew)
 - [[clockTolerance]](ValidateJWTAccessTokenOptions.md#clocktolerance)
 - [[customFetch]](ValidateJWTAccessTokenOptions.md#customfetch)
+- [[experimental\_jwksCache]](ValidateJWTAccessTokenOptions.md#experimental_jwkscache)
 - [headers](ValidateJWTAccessTokenOptions.md#headers)
 - [requireDPoP](ValidateJWTAccessTokenOptions.md#requiredpop)
 - [signal](ValidateJWTAccessTokenOptions.md#signal)
@@ -39,6 +40,14 @@ See [customFetch](../variables/customFetch.md).
 
 ___
 
+### [experimental\_jwksCache]
+
+• `Optional` **[experimental\_jwksCache]**: [`JWKSCacheInput`](../types/JWKSCacheInput.md)
+
+See [experimental_jwksCache](../variables/experimental_jwksCache.md).
+
+___
+
 ### headers
 
 • `Optional` **headers**: [`Record`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#recordkeys-type )\<`string`, `string`\> \| [`string`, `string`][] \| [`Headers`]( https://developer.mozilla.org/docs/Web/API/Headers )
@@ -74,4 +83,6 @@ const signal = () => AbortSignal.timeout(5_000) // Note: AbortSignal.timeout may
 
 - [`HttpRequestOptions`](HttpRequestOptions.md)
 
+- [`JWKSCacheOptions`](JWKSCacheOptions.md)
+
   ↳ **`ValidateJWTAccessTokenOptions`**
diff --git a/docs/interfaces/ValidateJwtAuthResponseOptions.md b/docs/interfaces/ValidateJwtAuthResponseOptions.md
@@ -0,0 +1,61 @@
+# Interface: ValidateJwtAuthResponseOptions
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+## Table of contents
+
+### Properties
+
+- [[customFetch]](ValidateJwtAuthResponseOptions.md#customfetch)
+- [[experimental\_jwksCache]](ValidateJwtAuthResponseOptions.md#experimental_jwkscache)
+- [headers](ValidateJwtAuthResponseOptions.md#headers)
+- [signal](ValidateJwtAuthResponseOptions.md#signal)
+
+## Properties
+
+### [customFetch]
+
+• `Optional` **[customFetch]**: (`input`: `RequestInfo` \| [`URL`]( https://developer.mozilla.org/docs/Web/API/URL ), `init?`: `RequestInit`) => [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Response`]( https://developer.mozilla.org/docs/Web/API/Response )\>
+
+See [customFetch](../variables/customFetch.md).
+
+___
+
+### [experimental\_jwksCache]
+
+• `Optional` **[experimental\_jwksCache]**: [`JWKSCacheInput`](../types/JWKSCacheInput.md)
+
+See [experimental_jwksCache](../variables/experimental_jwksCache.md).
+
+___
+
+### headers
+
+• `Optional` **headers**: [`Record`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#recordkeys-type )\<`string`, `string`\> \| [`string`, `string`][] \| [`Headers`]( https://developer.mozilla.org/docs/Web/API/Headers )
+
+Headers to additionally send with the HTTP request(s) triggered by this function's invocation.
+
+___
+
+### signal
+
+• `Optional` **signal**: [`AbortSignal`]( https://developer.mozilla.org/docs/Web/API/AbortSignal ) \| () => [`AbortSignal`]( https://developer.mozilla.org/docs/Web/API/AbortSignal )
+
+An AbortSignal instance, or a factory returning one, to abort the HTTP request(s) triggered by
+this function's invocation.
+
+**`Example`**
+
+A 5000ms timeout AbortSignal for every request
+
+```js
+const signal = () => AbortSignal.timeout(5_000) // Note: AbortSignal.timeout may not yet be available in all runtimes.
+```
+
+## Hierarchy
+
+- [`HttpRequestOptions`](HttpRequestOptions.md)
+
+- [`JWKSCacheOptions`](JWKSCacheOptions.md)
+
+  ↳ **`ValidateJwtAuthResponseOptions`**
diff --git a/docs/types/JWKSCacheInput.md b/docs/types/JWKSCacheInput.md
@@ -0,0 +1,5 @@
+# Type alias: JWKSCacheInput
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+Ƭ **JWKSCacheInput**: [`ExportedJWKSCache`](../interfaces/ExportedJWKSCache.md) \| [`Record`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#recordkeys-type )\<`string`, `never`\>