@sourceloop/authentication-service / Exports / IdpLoginService
Class: IdpLoginService¶
Table of contents¶
Constructors¶
Properties¶
- actorKey
- authClientRepository
- codeReader
- ctx
- currentUser
- getJwtPayload
- jwtKeysRepo
- jwtSigner
- jwtVerifier
- logger
- loginActivityRepo
- publicKeyRepo
- refreshTokenRepo
- revokedTokensRepo
- userActivity
- userRepo
- userTenantRepo
Methods¶
- createJWT
- decodeAndGetExpiry
- generateKeys
- generateNewKey
- generateToken
- getOpenIdConfiguration
- getUser
- logoutUser
- markUserActivity
- saveRefreshToken
Constructors¶
constructor¶
• new IdpLoginService(authClientRepository, userRepo, userTenantRepo, refreshTokenRepo, publicKeyRepo, jwtKeysRepo, revokedTokensRepo, logger, loginActivityRepo, actorKey, ctx, codeReader, jwtVerifier, jwtSigner, getJwtPayload, currentUser, userActivity?)
Parameters¶
| Name | Type |
|---|---|
authClientRepository |
AuthClientRepository |
userRepo |
UserRepository |
userTenantRepo |
UserTenantRepository |
refreshTokenRepo |
RefreshTokenRepository |
publicKeyRepo |
PublicKeysRepository |
jwtKeysRepo |
JwtKeysRepository |
revokedTokensRepo |
RevokedTokenRepository |
logger |
ILogger |
loginActivityRepo |
LoginActivityRepository |
actorKey |
ActorId |
ctx |
RequestContext |
codeReader |
CodeReaderFn |
jwtVerifier |
JWTVerifierFn<AnyObject> |
jwtSigner |
JWTSignerFn<object> |
getJwtPayload |
JwtPayloadFn |
currentUser |
undefined | AuthUser |
userActivity? |
IUserActivity |
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:57
Properties¶
actorKey¶
• Private Readonly actorKey: ActorId
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:76
authClientRepository¶
• authClientRepository: AuthClientRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:59
codeReader¶
• Private Readonly codeReader: CodeReaderFn
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:79
ctx¶
• Private Readonly ctx: RequestContext
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:77
currentUser¶
• Private Readonly currentUser: undefined | AuthUser
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:87
getJwtPayload¶
• Private Readonly getJwtPayload: JwtPayloadFn
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:85
jwtKeysRepo¶
• jwtKeysRepo: JwtKeysRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:69
jwtSigner¶
• Private Readonly jwtSigner: JWTSignerFn<object>
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:83
jwtVerifier¶
• Private Readonly jwtVerifier: JWTVerifierFn<AnyObject>
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:81
logger¶
• logger: ILogger
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:72
loginActivityRepo¶
• Private Readonly loginActivityRepo: LoginActivityRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:74
publicKeyRepo¶
• publicKeyRepo: PublicKeysRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:67
refreshTokenRepo¶
• refreshTokenRepo: RefreshTokenRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:65
revokedTokensRepo¶
• Private Readonly revokedTokensRepo: RevokedTokenRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:71
userActivity¶
• Private Optional Readonly userActivity: IUserActivity
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:89
userRepo¶
• userRepo: UserRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:61
userTenantRepo¶
• userTenantRepo: UserTenantRepository
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:63
Methods¶
createJWT¶
▸ createJWT(payload, authClient, loginType, tenantId?): Promise<TokenResponse>
The function createJWT generates a JWT token for a user with specified payload and
authentication client, handling token expiration and refresh token storage.
Parameters¶
| Name | Type | Description |
|---|---|---|
payload |
ClientAuthCode<User<DataObject<Model>>, undefined | string> & ExternalTokens |
The payload parameter in the createJWT function is an object that contains information about the user and external tokens. It has the following properties: |
authClient |
AuthClient<DataObject<Model>> |
The authClient parameter in the createJWT function represents the client that is requesting the JWT (JSON Web Token) creation. It contains information about the client, such as the client ID and the expiration time for the access token. This information is used to customize the JWT payload and set |
loginType |
LoginType |
The loginType parameter in the createJWT function represents the type of login being performed, such as "email", "social", "phone", etc. It helps in determining the context of the authentication process and can be used for logging, analytics, or custom logic based on the login |
tenantId? |
string |
The tenantId parameter in the createJWT function is an optional parameter that represents the ID of a specific tenant. Tenants are typically used in multi-tenant applications to isolate data and configuration for different groups of users or organizations. If provided, the tenantId is used to |
Returns¶
Promise<TokenResponse>
The createJWT function returns a TokenResponse object containing the access token,
refresh token, and expiration time.
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:288
decodeAndGetExpiry¶
▸ Private decodeAndGetExpiry(token): null | number
Decodes the given token and retrieves the expiry timestamp.
Parameters¶
| Name | Type | Description |
|---|---|---|
token |
string |
The token to decode. |
Returns¶
null | number
The expiry timestamp in milliseconds.
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:638
generateKeys¶
▸ generateKeys(): Promise<void>
Generates multiple JWT keys asynchronously based on the MAX_JWT_KEYS environment variable. If MAX_JWT_KEYS is not set, defaults to generating 2 keys.
Throws
When key generation fails with message 'Failed to generate JWT keys'
Returns¶
Promise<void>
A promise that resolves when all keys have been generated
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:534
generateNewKey¶
▸ generateNewKey(isRotate?): Promise<void>
Generates a new RSA key pair and manages key rotation for JWT authentication.
This method performs the following operations: 1. Generates a new RSA key pair (public/private keys) 2. Creates a JWKS (JSON Web Key Set) object 3. Manages key rotation by removing oldest keys when maximum limit is reached 4. Stores public key in cache if rotation is enabled 5. Saves both public and private keys to the database
Throws
If JWT_PRIVATE_KEY_PASSPHRASE environment variable is not set
Throws
If key generation or storage operations fail
Parameters¶
| Name | Type | Default value | Description |
|---|---|---|---|
isRotate |
boolean |
false |
Optional flag to indicate if this is a key rotation operation. Defaults to false. When true, it will store the public key in cache with TTL based on auth client's access token expiration. |
Returns¶
Promise<void>
Promise
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:565
generateToken¶
▸ generateToken(request): Promise<TokenResponse>
The function generateToken generates a JWT token for a client using a code
and performs various authentication checks.
Parameters¶
| Name | Type |
|---|---|
request |
AuthTokenRequest |
Returns¶
Promise<TokenResponse>
The generateToken function is returning the result of calling
this.createJWT(payload, authClient, LoginType.ACCESS) after performing
various checks and operations.
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:155
getOpenIdConfiguration¶
▸ getOpenIdConfiguration(): Promise<IdpConfiguration>
Retrieves OpenID Connect configuration settings. This method constructs and returns an IdpConfiguration object containing essential OpenID Connect endpoints and supported features.
Returns¶
Promise<IdpConfiguration>
A promise that resolves to an IdpConfiguration object containing: - issuer URL - authorization endpoint - token endpoint - JWKS URI - end session endpoint - supported response types - supported scopes - supported ID token signing algorithms - supported token endpoint authentication methods - userinfo endpoint
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:109
getUser¶
▸ getUser(payload): Promise<User<DataObject<Model>>>
Retrieves a user based on provided authentication payload.
Throws
When neither user nor userId is provided
Parameters¶
| Name | Type | Description |
|---|---|---|
payload |
ClientAuthCode<User<DataObject<Model>>, undefined | string> & ExternalTokens |
Contains user authentication details including user object or userId, and optional external auth tokens |
Returns¶
Promise<User<DataObject<Model>>>
Promise resolving to User object with optional external tokens
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:243
logoutUser¶
▸ logoutUser(auth, req): Promise<SuccessResponse>
The logoutUser function in TypeScript handles the logout process for a user
by revoking tokens and deleting refresh tokens.
Parameters¶
| Name | Type | Description |
|---|---|---|
auth |
string |
The auth parameter in the logoutUser function is a string that represents the authentication token. It is used to identify and authenticate the user who is attempting to log out. The function extracts the token from the auth parameter and performs various checks and operations related to user logout based on |
req |
RefreshTokenRequest<DataObject<Model>> |
The req parameter in the logoutUser function is of type RefreshTokenRequest. It likely contains information related to the refresh token that is used to identify and authenticate the user during the logout process. This parameter may include properties such as refreshToken, which is essential for revoking |
Returns¶
Promise<SuccessResponse>
The logoutUser function returns a Promise that resolves to a
SuccessResponse object with a success property set to true and a key
property set to refreshTokenModel.userId.
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:476
markUserActivity¶
▸ Private markUserActivity(payload, user, userTenant, loginType): void
The function markUserActivity encrypts and stores user login activity,
including IP address and payload, in a database.
Parameters¶
| Name | Type | Description |
|---|---|---|
payload |
AnyObject | RefreshToken |
The payload parameter in the markUserActivity function is the data that you want to encrypt and store as part of the user's login activity. In the provided code snippet, the payload is first converted to a JSON string using JSON.stringify(payload). Then, it is |
user |
User<DataObject<Model>> |
The user parameter in the markUserActivity function represents the user who is performing the activity for which you are marking the login activity. This user object likely contains information about the user, such as their ID, name, email, etc. It is used to identify the actor of the |
userTenant |
null | UserTenant |
The userTenant parameter in the markUserActivity function represents the tenant associated with the user. It can be either an object of type UserTenant or null if there is no specific tenant assigned to the user. The function uses this parameter to determine the actor and tenant |
loginType |
LoginType |
The loginType parameter in the markUserActivity function represents the type of login activity being performed by the user. It is used to specify whether the user is logging in using a certain method or platform. Examples of loginType could include 'email', 'social', '2 |
Returns¶
void
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:377
saveRefreshToken¶
▸ Private saveRefreshToken(refreshToken, user, authClient, accessToken, data): Promise<void>
Saves a refresh token with associated user and client information to the refresh token repository
Parameters¶
| Name | Type | Description |
|---|---|---|
refreshToken |
string |
The refresh token string to be saved |
user |
User<DataObject<Model>> |
The user object containing authentication details |
authClient |
AuthClient<DataObject<Model>> |
The authentication client object containing client configuration |
accessToken |
string |
The access token string associated with this refresh token |
data |
AnyObject |
Additional data object containing tenant information |
Returns¶
Promise<void>
Promise
Defined in¶
services/authentication-service/src/services/idp-login.service.ts:207