import { Cache } from '../cache'; import type { JwtPayload, JwtWithPayloadObject } from '../jsonwebtoken-type'; import type { TokenKey } from '../xsuaa-service-types'; import type { IncomingMessage } from 'http'; /** * @internal */ export declare const defaultTenantId = "provider-tenant"; /** * @internal * Get the user ID from the JWT payload. * For XSUAA tokens, this is `user_id`. * For IAS tokens, this is `user_uuid`. * @param jwtPayload - Token payload to read the user ID from. * @returns The user ID, if available. */ export declare function userId(jwtPayload: JwtPayload): string; /** * @internal * Get the default tenant ID. * @returns The default tenant ID. */ export declare function getDefaultTenantId(): string; /** * Get the tenant ID of a decoded JWT, based on its `zid` or if not available `app_tid` or `zone_uuid` (legacy) property. * @param jwt - Token to read the tenant ID from. * @returns The tenant ID, if available. */ export declare function getTenantId(jwt: JwtPayload | string | undefined): string | undefined; /** * Check if the given JWT is an IAS token. * Currently, there are only two domains for IAS tokens: * `accounts.ondemand.com` and `accounts400.ondemand.com`. * @param decodedJwt - The decoded JWT to check. * @returns Whether the given JWT is an IAS token. * @internal */ export declare function isIasToken(decodedJwt: JwtPayload): boolean; /** * @internal * Retrieve the subdomain from the decoded XSUAA JWT or ISS object. * If it is an IAS JWT, or the passed object doesn't contain an ISS propety, * returns `undefined`. * @param jwt - JWT or ISS object to retrieve the subdomain from. * @returns The subdomain, if available. */ export declare function getSubdomain(jwt: JwtPayload | string | undefined): string | undefined; /** * @internal * Retrieve the audiences of a decoded JWT based on the audiences and scopes in the token. * @param decodedToken - Token to retrieve the audiences from. * @returns A set of audiences. */ export declare function audiences(decodedToken: JwtPayload): string[]; /** * Decode JWT. * @param token - JWT to be decoded. * @returns Decoded payload. */ export declare function decodeJwt(token: string | JwtPayload): JwtPayload; /** * Decode JWT and return the complete decoded token. * @param token - JWT to be decoded. * @returns Decoded token containing payload, header and signature. * @internal */ export declare function decodeJwtComplete(token: string): JwtWithPayloadObject; /** * Retrieve JWT from a request that is based on the node `IncomingMessage`. Fails if no authorization header is given or has the wrong format. Expected format is 'Bearer '. * @param req - Request to retrieve the JWT from. * @returns JWT found in header. */ export declare function retrieveJwt(req: IncomingMessage): string | undefined; /** * 15 minutes is the default value used by the xssec lib. * @internal */ export declare const verificationKeyCache: Cache; /** * Wraps the access token in header's authorization. * @param token - Token to attach in request header * @returns The request header that holds the access token * @internal */ export declare function wrapJwtInHeader(token: string): { headers: { Authorization: string; [key: string]: any; }; }; /** * Checks if the given JWT was issued by XSUAA based on the `iss` property and the UAA domain of the XSUAA. * @param decodedJwt - JWT to be checked. * @returns Whether the JWT was issued by XSUAA. * @internal */ export declare function isXsuaaToken(decodedJwt: JwtPayload | undefined): boolean; /** * Object holding a decoded JWT payload received by decoding the encoded string also in this object. * @internal */ export interface JwtPair { /** * @internal */ decoded: JwtPayload; /** * @internal */ encoded: string; } /** * Build JwtPair from an encoded JWT. * @internal */ export declare function getJwtPair(encodedJwt: string): JwtPair; /** * The user JWT can be a full JWT containing user information but also a reduced one setting only the iss value * This method divides the two cases. * @param token - Token to be investigated * @returns Boolean value with true if the input is a UserJwtPair * @internal */ export declare function isUserToken(token: JwtPair | undefined): token is JwtPair;