/*! * Copyright (c) Microsoft Corporation and contributors. All rights reserved. * Licensed under the MIT License. */ import { ITokenClaims, IUser, ScopeType } from "@fluidframework/protocol-definitions"; import { NetworkError } from "@fluidframework/server-services-client"; import { type ICache, type IRevokedTokenChecker, type ITenantManager } from "@fluidframework/server-services-core"; import type { RequestHandler, Response } from "express"; import { Params } from "express-serve-static-core"; import type { Provider } from "nconf"; export declare function isKeylessFluidAccessClaimEnabled(token: string): boolean; /** * Validates a JWT token to authorize routerlicious. * @returns decoded claims. * @throws {@link NetworkError} if claims are invalid. * @internal */ export declare function validateTokenClaims(token: string, documentId: string, tenantId: string, requireDocumentId?: boolean): ITokenClaims; /** * Generates a document creation JWT token, this token doesn't provide any sort of authorization to the user. * But it can be used by other services to validate the document creator identity upon creating a document. * @internal */ export declare function getCreationToken(tenantManager: ITenantManager, token: string, documentId: string, lifetime?: number): Promise; /** * Generates a JWT token to authorize routerlicious. This function uses a large auth library (jsonwebtoken) * and should only be used in server context. * @internal */ export declare function generateToken(tenantId: string, documentId: string, key: string, scopes: ScopeType[], user?: IUser, lifetime?: number, ver?: string, jti?: string, isKeylessAccessToken?: boolean): string; /** * @internal */ export declare function generateUser(): IUser; interface IVerifyTokenOptions { requireDocumentId: boolean; requireTokenExpiryCheck?: boolean; maxTokenLifetimeSec?: number; ensureSingleUseToken: boolean; singleUseTokenCache: ICache | undefined; enableTokenCache: boolean; tokenCache: ICache | undefined; revokedTokenChecker: IRevokedTokenChecker | undefined; } /** * @internal */ export declare function respondWithNetworkError(response: Response, error: NetworkError): Response; export declare function extractTokenFromHeader(authorizationHeader: string): string; export declare function isTokenValid(token: string): boolean; export declare function getValidAccessToken(currentAccessToken: string, tenantManager: ITenantManager, tenantId: string, documentId: string, scopes: ScopeType[], lumberProperties: Record): Promise; /** * @internal */ export declare function verifyToken(tenantId: string, documentId: string, token: string, tenantManager: ITenantManager, options: IVerifyTokenOptions, requiredScopes?: string[]): Promise; /** * Verifies the storage token claims and calls riddler to validate the token. * @internal */ export declare function verifyStorageToken(tenantManager: ITenantManager, config: Provider, requiredScopes: string[], options?: IVerifyTokenOptions): RequestHandler; /** * @internal */ export declare function validateTokenScopeClaims(expectedScopes: string): RequestHandler; /** * @internal */ export declare function getParam(params: Params, key: string): string | undefined; export declare function getJtiClaimFromAccessToken(token: string): string | undefined; export {}; //# sourceMappingURL=auth.d.ts.map