80 lines
2.5 KiB
TypeScript
80 lines
2.5 KiB
TypeScript
import * as data from '../data/index.js';
|
|
import * as plugins from '../plugins.js';
|
|
|
|
/**
|
|
* Request to get the public key for JWT validation.
|
|
*
|
|
* **Direction:** Client → idp.global
|
|
* **Requester:** Backend services that need to verify JWTs
|
|
* **Handler:** idp.global
|
|
*
|
|
* Use this to fetch the current public key for verifying JWT signatures.
|
|
* The backend token authenticates the requesting service.
|
|
*/
|
|
export interface IReq_GetPublicKeyForValidation
|
|
extends plugins.typedRequestInterfaces.implementsTR<
|
|
plugins.typedRequestInterfaces.ITypedRequest,
|
|
IReq_GetPublicKeyForValidation
|
|
> {
|
|
method: 'getPublicKeyForValidation';
|
|
request: {
|
|
backendToken: string;
|
|
};
|
|
response: {
|
|
publicKeyPem: string;
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Push public key to connected backend services for JWT validation.
|
|
*
|
|
* **Direction:** idp.global → Client
|
|
* **Requester:** idp.global (pushes when the JWT signing key rotates)
|
|
* **Handler:** Backend services - must register a TypedHandler for this method
|
|
*
|
|
* Backend services should register a handler using `IdpClient.onPublicKeyPush()`
|
|
* to receive key rotation updates and update their local key cache.
|
|
*/
|
|
export interface IReq_PushPublicKeyForValidation
|
|
extends plugins.typedRequestInterfaces.implementsTR<
|
|
plugins.typedRequestInterfaces.ITypedRequest,
|
|
IReq_PushPublicKeyForValidation
|
|
> {
|
|
method: 'pushPublicKeyForValidation';
|
|
request: {
|
|
publicKeyPem: string;
|
|
};
|
|
response: {};
|
|
}
|
|
|
|
/**
|
|
* Push or get JWT ID blocklist for revoked tokens.
|
|
*
|
|
* **Bidirectional:**
|
|
* - **GET direction:** Client → idp.global - Client requests current blocklist
|
|
* - **PUSH direction:** idp.global → Client - Server pushes new blocklisted IDs
|
|
*
|
|
* **For GET (client fires):**
|
|
* - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
|
|
* - Response contains the complete list of blocked JWT IDs
|
|
* - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
|
|
*
|
|
* **For PUSH (idp.global fires):**
|
|
* - idp.global sends newly blocklisted JWT IDs to connected clients
|
|
* - Clients must register a handler using `IdpClient.onBlocklistPush()`
|
|
* - Store received IDs locally to reject revoked tokens
|
|
*/
|
|
export interface IReq_PushOrGetJwtIdBlocklist
|
|
extends plugins.typedRequestInterfaces.implementsTR<
|
|
plugins.typedRequestInterfaces.ITypedRequest,
|
|
IReq_PushOrGetJwtIdBlocklist
|
|
> {
|
|
method: 'pushOrGetJwtIdBlocklist';
|
|
request: {
|
|
blockedJwtIds?: string[];
|
|
};
|
|
response: {
|
|
blockedJwtIds?: string[];
|
|
};
|
|
}
|