-
Notifications
You must be signed in to change notification settings - Fork 25
/
index.d.ts
92 lines (80 loc) · 3.15 KB
/
index.d.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import { FastifyPluginCallback, FastifyReply, FastifyRequest } from 'fastify'
import { UserType, SignPayloadType } from '@fastify/jwt'
import NodeCache from 'node-cache'
declare module 'fastify' {
interface FastifyInstance {
authenticate: fastifyAuth0Verify.Authenticate
auth0Verify: fastifyAuth0Verify.Auth0Verify
}
interface FastifyRequest {
auth0Verify: fastifyAuth0Verify.Auth0Verify
auth0VerifySecretsCache: Pick<NodeCache, 'get' | 'set' | 'close'>
}
}
type FastifyAuth0Verify = FastifyPluginCallback<fastifyAuth0Verify.FastifyAuth0VerifyOptions>
declare namespace fastifyAuth0Verify {
export interface FastifyAuth0VerifyOptions {
/**
* The Auth0 tenant domain. It enables verification of RS256 encoded tokens.
* It is also used to verify the token issuer (iss).
* Either provide a domain or the full URL, including the trailing slash (https://domain.com/).
*/
readonly domain?: string
/**
* The Auth0 audience (aud), usually the API name.
* If you provide the value true, the domain will be also used as audience.
* Accepts a string value, or an array of strings for multiple providers.
*/
readonly audience?: string | readonly string[] | boolean
/**
* The Auth0 issuer (iss), usually the API name.
* By default the domain will be also used as audience.
* Accepts a string value, or an array of strings or regexes for multiple
* issuers.
*/
readonly issuer?: string | RegExp | (RegExp | string)[]
/**
* The Auth0 client secret. It enables verification of HS256 encoded JWT tokens.
*/
readonly secret?: string
/**
* If to return also the header and signature of the verified token.
*/
readonly complete?: boolean
/**
* How long (in milliseconds) to cache RS256 secrets before getting them
* again using well known JWKS URLS. Setting to 0 or less disables the cache.
*/
readonly secretsTtl?: string | number
/**
* Used to indicate that the token can be passed using cookie, instead of the Authorization header.
*/
readonly cookie?: {
/**
* The name of the cookie.
*/
cookieName: string
/**
* Indicates whether the cookie is signed or not. If set to `true`, the JWT
* will be verified using the unsigned value.
*/
signed?: boolean
}
/**
* You may customize the request.user object setting a custom sync function as parameter:
*/
readonly formatUser?: (payload: SignPayloadType) => UserType
}
export type Authenticate = (request: FastifyRequest, reply: FastifyReply) => Promise<void>
export interface Auth0Verify
extends Pick<fastifyAuth0Verify.FastifyAuth0VerifyOptions, 'domain' | 'audience' | 'secret'> {
readonly verify: fastifyAuth0Verify.FastifyAuth0VerifyOptions & {
readonly algorithms: readonly string[]
readonly audience?: string | readonly string[]
}
}
export const fastifyAuth0Verify: FastifyAuth0Verify
export { fastifyAuth0Verify as default }
}
declare function fastifyAuth0Verify(...params: Parameters<FastifyAuth0Verify>): ReturnType<FastifyAuth0Verify>
export = fastifyAuth0Verify