wol
03f2c49b7e
Some checks failed
Remove old artifacts / remove-old-artifacts (push) Has been cancelled
110 lines
5.3 KiB
TypeScript
110 lines
5.3 KiB
TypeScript
import * as jose from 'jose';
|
|
|
|
declare class AccessToken {
|
|
readonly token: string;
|
|
constructor(token: string);
|
|
get decoded(): jose.JWTPayload;
|
|
get expiresAt(): Date;
|
|
/**
|
|
* @returns The number of milliseconds until the access token expires, or 0 if it has already expired.
|
|
*/
|
|
get expiresInMillis(): number;
|
|
isExpired(): boolean;
|
|
}
|
|
declare class RefreshToken {
|
|
readonly token: string;
|
|
constructor(token: string);
|
|
}
|
|
/**
|
|
* An InternalSession represents a user's session, which may or may not be valid. It may contain an access token, a refresh token, or both.
|
|
*
|
|
* A session never changes which user or session it belongs to, but the tokens in it may change over time.
|
|
*/
|
|
declare class InternalSession {
|
|
private readonly _options;
|
|
/**
|
|
* Each session has a session key that depends on the tokens inside. If the session has a refresh token, the session key depends only on the refresh token. If the session does not have a refresh token, the session key depends only on the access token.
|
|
*
|
|
* Multiple Session objects may have the same session key, which implies that they represent the same session by the same user. Furthermore, a session's key never changes over the lifetime of a session object.
|
|
*
|
|
* This is useful for caching and indexing sessions.
|
|
*/
|
|
readonly sessionKey: string;
|
|
/**
|
|
* An access token that is not known to be invalid (ie. may be valid, but may have expired).
|
|
*/
|
|
private _accessToken;
|
|
private readonly _refreshToken;
|
|
/**
|
|
* Whether the session as a whole is known to be invalid (ie. both access and refresh tokens are invalid). Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).
|
|
*
|
|
* It is possible for the access token to be invalid but the refresh token to be valid, in which case the session is
|
|
* still valid (just needs a refresh). It is also possible for the access token to be valid but the refresh token to
|
|
* be invalid, in which case the session is also valid (eg. if the refresh token is null because the user only passed
|
|
* in an access token, eg. in a server-side request handler).
|
|
*/
|
|
private _knownToBeInvalid;
|
|
private _refreshPromise;
|
|
constructor(_options: {
|
|
refreshAccessTokenCallback(refreshToken: RefreshToken): Promise<AccessToken | null>;
|
|
refreshToken: string | null;
|
|
accessToken?: string | null;
|
|
});
|
|
static calculateSessionKey(ofTokens: {
|
|
refreshToken: string | null;
|
|
accessToken?: string | null;
|
|
}): string;
|
|
isKnownToBeInvalid(): boolean;
|
|
/**
|
|
* Marks the session object as invalid, meaning that the refresh and access tokens can no longer be used.
|
|
*/
|
|
markInvalid(): void;
|
|
onInvalidate(callback: () => void): {
|
|
unsubscribe: () => void;
|
|
};
|
|
/**
|
|
* Returns the access token if it is found in the cache, fetching it otherwise.
|
|
*
|
|
* This is usually the function you want to call to get an access token. Either set `minMillisUntilExpiration` to a reasonable value, or catch errors that occur if it expires, and call `markAccessTokenExpired` to mark the token as expired if so (after which a call to this function will always refetch the token).
|
|
*
|
|
* @returns null if the session is known to be invalid, cached tokens if they exist in the cache (which may or may not be valid still), or new tokens otherwise.
|
|
*/
|
|
getOrFetchLikelyValidTokens(minMillisUntilExpiration: number): Promise<{
|
|
accessToken: AccessToken;
|
|
refreshToken: RefreshToken | null;
|
|
} | null>;
|
|
/**
|
|
* Fetches new tokens that are, at the time of fetching, guaranteed to be valid.
|
|
*
|
|
* The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
|
|
*
|
|
* In most cases, you should prefer `getOrFetchLikelyValidTokens`.
|
|
*
|
|
* @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).
|
|
*/
|
|
fetchNewTokens(): Promise<{
|
|
accessToken: AccessToken;
|
|
refreshToken: RefreshToken | null;
|
|
} | null>;
|
|
markAccessTokenExpired(accessToken: AccessToken): void;
|
|
/**
|
|
* Note that a callback invocation with `null` does not mean the session has been invalidated; the access token may just have expired. Use `onInvalidate` to detect invalidation.
|
|
*/
|
|
onAccessTokenChange(callback: (newAccessToken: AccessToken | null) => void): {
|
|
unsubscribe: () => void;
|
|
};
|
|
/**
|
|
* @returns An access token, which may be expired or expire soon, or null if it is known to be invalid.
|
|
*/
|
|
private _getPotentiallyInvalidAccessTokenIfAvailable;
|
|
/**
|
|
* You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.
|
|
*
|
|
* @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.
|
|
*/
|
|
private _getNewlyFetchedAccessToken;
|
|
private _refreshAndSetRefreshPromise;
|
|
}
|
|
|
|
export { AccessToken, InternalSession, RefreshToken };
|