Buckets:
| import { GaxiosError, GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios'; | |
| import * as querystring from 'querystring'; | |
| import { JwkCertificate } from '../crypto/crypto'; | |
| import { AuthClient, AuthClientOptions, GetAccessTokenResponse, BodyResponseCallback } from './authclient'; | |
| import { Credentials } from './credentials'; | |
| import { LoginTicket } from './loginticket'; | |
| /** | |
| * The results from the `generateCodeVerifierAsync` method. To learn more, | |
| * See the sample: | |
| * https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js | |
| */ | |
| export interface CodeVerifierResults { | |
| /** | |
| * The code verifier that will be used when calling `getToken` to obtain a new | |
| * access token. | |
| */ | |
| codeVerifier: string; | |
| /** | |
| * The code_challenge that should be sent with the `generateAuthUrl` call | |
| * to obtain a verifiable authentication url. | |
| */ | |
| codeChallenge?: string; | |
| } | |
| export interface Certificates { | |
| [index: string]: string | JwkCertificate; | |
| } | |
| export interface PublicKeys { | |
| [index: string]: string; | |
| } | |
| export declare enum CodeChallengeMethod { | |
| Plain = "plain", | |
| S256 = "S256" | |
| } | |
| export declare enum CertificateFormat { | |
| PEM = "PEM", | |
| JWK = "JWK" | |
| } | |
| /** | |
| * The client authentication type. Supported values are basic, post, and none. | |
| * https://datatracker.ietf.org/doc/html/rfc7591#section-2 | |
| */ | |
| export declare enum ClientAuthentication { | |
| ClientSecretPost = "ClientSecretPost", | |
| ClientSecretBasic = "ClientSecretBasic", | |
| None = "None" | |
| } | |
| export interface GetTokenOptions { | |
| code: string; | |
| codeVerifier?: string; | |
| /** | |
| * The client ID for your application. The value passed into the constructor | |
| * will be used if not provided. Must match any client_id option passed to | |
| * a corresponding call to generateAuthUrl. | |
| */ | |
| client_id?: string; | |
| /** | |
| * Determines where the API server redirects the user after the user | |
| * completes the authorization flow. The value passed into the constructor | |
| * will be used if not provided. Must match any redirect_uri option passed to | |
| * a corresponding call to generateAuthUrl. | |
| */ | |
| redirect_uri?: string; | |
| } | |
| export interface TokenInfo { | |
| /** | |
| * The application that is the intended user of the access token. | |
| */ | |
| aud: string; | |
| /** | |
| * This value lets you correlate profile information from multiple Google | |
| * APIs. It is only present in the response if you included the profile scope | |
| * in your request in step 1. The field value is an immutable identifier for | |
| * the logged-in user that can be used to create and manage user sessions in | |
| * your application. The identifier is the same regardless of which client ID | |
| * is used to retrieve it. This enables multiple applications in the same | |
| * organization to correlate profile information. | |
| */ | |
| user_id?: string; | |
| /** | |
| * An array of scopes that the user granted access to. | |
| */ | |
| scopes: string[]; | |
| /** | |
| * The datetime when the token becomes invalid. | |
| */ | |
| expiry_date: number; | |
| /** | |
| * An identifier for the user, unique among all Google accounts and never | |
| * reused. A Google account can have multiple emails at different points in | |
| * time, but the sub value is never changed. Use sub within your application | |
| * as the unique-identifier key for the user. | |
| */ | |
| sub?: string; | |
| /** | |
| * The client_id of the authorized presenter. This claim is only needed when | |
| * the party requesting the ID token is not the same as the audience of the ID | |
| * token. This may be the case at Google for hybrid apps where a web | |
| * application and Android app have a different client_id but share the same | |
| * project. | |
| */ | |
| azp?: string; | |
| /** | |
| * Indicates whether your application can refresh access tokens | |
| * when the user is not present at the browser. Valid parameter values are | |
| * 'online', which is the default value, and 'offline'. Set the value to | |
| * 'offline' if your application needs to refresh access tokens when the user | |
| * is not present at the browser. This value instructs the Google | |
| * authorization server to return a refresh token and an access token the | |
| * first time that your application exchanges an authorization code for | |
| * tokens. | |
| */ | |
| access_type?: string; | |
| /** | |
| * The user's email address. This value may not be unique to this user and | |
| * is not suitable for use as a primary key. Provided only if your scope | |
| * included the email scope value. | |
| */ | |
| email?: string; | |
| /** | |
| * True if the user's e-mail address has been verified; otherwise false. | |
| */ | |
| email_verified?: boolean; | |
| } | |
| export interface GenerateAuthUrlOpts { | |
| /** | |
| * Recommended. Indicates whether your application can refresh access tokens | |
| * when the user is not present at the browser. Valid parameter values are | |
| * 'online', which is the default value, and 'offline'. Set the value to | |
| * 'offline' if your application needs to refresh access tokens when the user | |
| * is not present at the browser. This value instructs the Google | |
| * authorization server to return a refresh token and an access token the | |
| * first time that your application exchanges an authorization code for | |
| * tokens. | |
| */ | |
| access_type?: string; | |
| /** | |
| * The hd (hosted domain) parameter streamlines the login process for G Suite | |
| * hosted accounts. By including the domain of the G Suite user (for example, | |
| * mycollege.edu), you can indicate that the account selection UI should be | |
| * optimized for accounts at that domain. To optimize for G Suite accounts | |
| * generally instead of just one domain, use an asterisk: hd=*. | |
| * Don't rely on this UI optimization to control who can access your app, | |
| * as client-side requests can be modified. Be sure to validate that the | |
| * returned ID token has an hd claim value that matches what you expect | |
| * (e.g. mycolledge.edu). Unlike the request parameter, the ID token claim is | |
| * contained within a security token from Google, so the value can be trusted. | |
| */ | |
| hd?: string; | |
| /** | |
| * The 'response_type' will always be set to 'CODE'. | |
| */ | |
| response_type?: string; | |
| /** | |
| * The client ID for your application. The value passed into the constructor | |
| * will be used if not provided. You can find this value in the API Console. | |
| */ | |
| client_id?: string; | |
| /** | |
| * Determines where the API server redirects the user after the user | |
| * completes the authorization flow. The value must exactly match one of the | |
| * 'redirect_uri' values listed for your project in the API Console. Note that | |
| * the http or https scheme, case, and trailing slash ('/') must all match. | |
| * The value passed into the constructor will be used if not provided. | |
| */ | |
| redirect_uri?: string; | |
| /** | |
| * Required. A space-delimited list of scopes that identify the resources that | |
| * your application could access on the user's behalf. These values inform the | |
| * consent screen that Google displays to the user. Scopes enable your | |
| * application to only request access to the resources that it needs while | |
| * also enabling users to control the amount of access that they grant to your | |
| * application. Thus, there is an inverse relationship between the number of | |
| * scopes requested and the likelihood of obtaining user consent. The | |
| * OAuth 2.0 API Scopes document provides a full list of scopes that you might | |
| * use to access Google APIs. We recommend that your application request | |
| * access to authorization scopes in context whenever possible. By requesting | |
| * access to user data in context, via incremental authorization, you help | |
| * users to more easily understand why your application needs the access it is | |
| * requesting. | |
| */ | |
| scope?: string[] | string; | |
| /** | |
| * Recommended. Specifies any string value that your application uses to | |
| * maintain state between your authorization request and the authorization | |
| * server's response. The server returns the exact value that you send as a | |
| * name=value pair in the hash (#) fragment of the 'redirect_uri' after the | |
| * user consents to or denies your application's access request. You can use | |
| * this parameter for several purposes, such as directing the user to the | |
| * correct resource in your application, sending nonces, and mitigating | |
| * cross-site request forgery. Since your redirect_uri can be guessed, using a | |
| * state value can increase your assurance that an incoming connection is the | |
| * result of an authentication request. If you generate a random string or | |
| * encode the hash of a cookie or another value that captures the client's | |
| * state, you can validate the response to additionally ensure that the | |
| * request and response originated in the same browser, providing protection | |
| * against attacks such as cross-site request forgery. See the OpenID Connect | |
| * documentation for an example of how to create and confirm a state token. | |
| */ | |
| state?: string; | |
| /** | |
| * Optional. Enables applications to use incremental authorization to request | |
| * access to additional scopes in context. If you set this parameter's value | |
| * to true and the authorization request is granted, then the new access token | |
| * will also cover any scopes to which the user previously granted the | |
| * application access. See the incremental authorization section for examples. | |
| */ | |
| include_granted_scopes?: boolean; | |
| /** | |
| * Optional. If your application knows which user is trying to authenticate, | |
| * it can use this parameter to provide a hint to the Google Authentication | |
| * Server. The server uses the hint to simplify the login flow either by | |
| * prefilling the email field in the sign-in form or by selecting the | |
| * appropriate multi-login session. Set the parameter value to an email | |
| * address or sub identifier, which is equivalent to the user's Google ID. | |
| */ | |
| login_hint?: string; | |
| /** | |
| * Optional. A space-delimited, case-sensitive list of prompts to present the | |
| * user. If you don't specify this parameter, the user will be prompted only | |
| * the first time your app requests access. Possible values are: | |
| * | |
| * 'none' - Donot display any authentication or consent screens. Must not be | |
| * specified with other values. | |
| * 'consent' - Prompt the user for consent. | |
| * 'select_account' - Prompt the user to select an account. | |
| */ | |
| prompt?: string; | |
| /** | |
| * Recommended. Specifies what method was used to encode a 'code_verifier' | |
| * that will be used during authorization code exchange. This parameter must | |
| * be used with the 'code_challenge' parameter. The value of the | |
| * 'code_challenge_method' defaults to "plain" if not present in the request | |
| * that includes a 'code_challenge'. The only supported values for this | |
| * parameter are "S256" or "plain". | |
| */ | |
| code_challenge_method?: CodeChallengeMethod; | |
| /** | |
| * Recommended. Specifies an encoded 'code_verifier' that will be used as a | |
| * server-side challenge during authorization code exchange. This parameter | |
| * must be used with the 'code_challenge' parameter described above. | |
| */ | |
| code_challenge?: string; | |
| /** | |
| * A way for developers and/or the auth team to provide a set of key value | |
| * pairs to be added as query parameters to the authorization url. | |
| */ | |
| [key: string]: querystring.ParsedUrlQueryInput[keyof querystring.ParsedUrlQueryInput]; | |
| } | |
| export interface AccessTokenResponse { | |
| access_token: string; | |
| expiry_date: number; | |
| } | |
| export interface GetRefreshHandlerCallback { | |
| (): Promise<AccessTokenResponse>; | |
| } | |
| export interface GetTokenCallback { | |
| (err: GaxiosError | null, token?: Credentials | null, res?: GaxiosResponse | null): void; | |
| } | |
| export interface GetTokenResponse { | |
| tokens: Credentials; | |
| res: GaxiosResponse | null; | |
| } | |
| export interface GetAccessTokenCallback { | |
| (err: GaxiosError | null, token?: string | null, res?: GaxiosResponse | null): void; | |
| } | |
| export interface RefreshAccessTokenCallback { | |
| (err: GaxiosError | null, credentials?: Credentials | null, res?: GaxiosResponse | null): void; | |
| } | |
| export interface RefreshAccessTokenResponse { | |
| credentials: Credentials; | |
| res: GaxiosResponse | null; | |
| } | |
| export interface RequestMetadataResponse { | |
| headers: Headers; | |
| res?: GaxiosResponse<void> | null; | |
| } | |
| export interface RequestMetadataCallback { | |
| (err: GaxiosError | null, headers?: Headers, res?: GaxiosResponse<void> | null): void; | |
| } | |
| export interface GetFederatedSignonCertsCallback { | |
| (err: GaxiosError | null, certs?: Certificates, response?: GaxiosResponse<void> | null): void; | |
| } | |
| export interface FederatedSignonCertsResponse { | |
| certs: Certificates; | |
| format: CertificateFormat; | |
| res?: GaxiosResponse<void> | null; | |
| } | |
| export interface GetIapPublicKeysCallback { | |
| (err: GaxiosError | null, pubkeys?: PublicKeys, response?: GaxiosResponse<void> | null): void; | |
| } | |
| export interface IapPublicKeysResponse { | |
| pubkeys: PublicKeys; | |
| res?: GaxiosResponse<void> | null; | |
| } | |
| export interface RevokeCredentialsResult { | |
| success: boolean; | |
| } | |
| export interface VerifyIdTokenOptions { | |
| idToken: string; | |
| audience?: string | string[]; | |
| maxExpiry?: number; | |
| } | |
| export interface OAuth2ClientEndpoints { | |
| /** | |
| * The endpoint for viewing access token information | |
| * | |
| * @example | |
| * 'https://oauth2.googleapis.com/tokeninfo' | |
| */ | |
| tokenInfoUrl: string | URL; | |
| /** | |
| * The base URL for auth endpoints. | |
| * | |
| * @example | |
| * 'https://accounts.google.com/o/oauth2/v2/auth' | |
| */ | |
| oauth2AuthBaseUrl: string | URL; | |
| /** | |
| * The base endpoint for token retrieval | |
| * . | |
| * @example | |
| * 'https://oauth2.googleapis.com/token' | |
| */ | |
| oauth2TokenUrl: string | URL; | |
| /** | |
| * The base endpoint to revoke tokens. | |
| * | |
| * @example | |
| * 'https://oauth2.googleapis.com/revoke' | |
| */ | |
| oauth2RevokeUrl: string | URL; | |
| /** | |
| * Sign on certificates in PEM format. | |
| * | |
| * @example | |
| * 'https://www.googleapis.com/oauth2/v1/certs' | |
| */ | |
| oauth2FederatedSignonPemCertsUrl: string | URL; | |
| /** | |
| * Sign on certificates in JWK format. | |
| * | |
| * @example | |
| * 'https://www.googleapis.com/oauth2/v3/certs' | |
| */ | |
| oauth2FederatedSignonJwkCertsUrl: string | URL; | |
| /** | |
| * IAP Public Key URL. | |
| * This URL contains a JSON dictionary that maps the `kid` claims to the public key values. | |
| * | |
| * @example | |
| * 'https://www.gstatic.com/iap/verify/public_key' | |
| */ | |
| oauth2IapPublicKeyUrl: string | URL; | |
| } | |
| /** | |
| * A convenient interface for those looking to pass the OAuth2 Client config via a parsed | |
| * JSON file. | |
| */ | |
| interface OAuth2JSONOptions { | |
| /** | |
| * The authentication client ID. | |
| * | |
| * @alias {@link OAuth2ClientOptions.clientId} | |
| */ | |
| client_id?: string; | |
| /** | |
| * The authentication client secret. | |
| * | |
| * @alias {@link OAuth2ClientOptions.clientSecret} | |
| */ | |
| client_secret?: string; | |
| /** | |
| * The URIs to redirect to after completing the auth request. | |
| * | |
| * @alias {@link OAuth2ClientOptions.redirectUri} | |
| */ | |
| redirect_uris?: string[]; | |
| } | |
| export interface OAuth2ClientOptions extends AuthClientOptions, OAuth2JSONOptions { | |
| /** | |
| * The authentication client ID. | |
| * | |
| * @alias {@link OAuth2JSONOptions.client_id} | |
| */ | |
| clientId?: string; | |
| /** | |
| * The authentication client secret. | |
| * | |
| * @alias {@link OAuth2JSONOptions.client_secret} | |
| */ | |
| clientSecret?: string; | |
| /** | |
| * The URI to redirect to after completing the auth request. | |
| * | |
| * @alias {@link OAuth2JSONOptions.redirect_uris} | |
| */ | |
| redirectUri?: string; | |
| /** | |
| * Customizable endpoints. | |
| */ | |
| endpoints?: Partial<OAuth2ClientEndpoints>; | |
| /** | |
| * The allowed OAuth2 token issuers. | |
| */ | |
| issuers?: string[]; | |
| /** | |
| * The client authentication type. Supported values are basic, post, and none. | |
| * Defaults to post if not provided. | |
| * https://datatracker.ietf.org/doc/html/rfc7591#section-2 | |
| */ | |
| clientAuthentication?: ClientAuthentication; | |
| } | |
| export type RefreshOptions = Pick<AuthClientOptions, 'eagerRefreshThresholdMillis' | 'forceRefreshOnFailure'>; | |
| export declare class OAuth2Client extends AuthClient { | |
| private redirectUri?; | |
| private certificateCache; | |
| private certificateExpiry; | |
| private certificateCacheFormat; | |
| protected refreshTokenPromises: Map<string, Promise<GetTokenResponse>>; | |
| readonly endpoints: Readonly<OAuth2ClientEndpoints>; | |
| readonly issuers: string[]; | |
| readonly clientAuthentication: ClientAuthentication; | |
| _clientId?: string; | |
| _clientSecret?: string; | |
| refreshHandler?: GetRefreshHandlerCallback; | |
| /** | |
| * An OAuth2 Client for Google APIs. | |
| * | |
| * @param options The OAuth2 Client Options. Passing an `clientId` directly is **@DEPRECATED**. | |
| * @param clientSecret **@DEPRECATED**. Provide a {@link OAuth2ClientOptions `OAuth2ClientOptions`} object in the first parameter instead. | |
| * @param redirectUri **@DEPRECATED**. Provide a {@link OAuth2ClientOptions `OAuth2ClientOptions`} object in the first parameter instead. | |
| */ | |
| constructor(options?: OAuth2ClientOptions | OAuth2ClientOptions['clientId'], | |
| /** | |
| * @deprecated - provide a {@link OAuth2ClientOptions `OAuth2ClientOptions`} object in the first parameter instead | |
| */ | |
| clientSecret?: OAuth2ClientOptions['clientSecret'], | |
| /** | |
| * @deprecated - provide a {@link OAuth2ClientOptions `OAuth2ClientOptions`} object in the first parameter instead | |
| */ | |
| redirectUri?: OAuth2ClientOptions['redirectUri']); | |
| /** | |
| * @deprecated use instance's {@link OAuth2Client.endpoints} | |
| */ | |
| protected static readonly GOOGLE_TOKEN_INFO_URL = "https://oauth2.googleapis.com/tokeninfo"; | |
| /** | |
| * Clock skew - five minutes in seconds | |
| */ | |
| private static readonly CLOCK_SKEW_SECS_; | |
| /** | |
| * The default max Token Lifetime is one day in seconds | |
| */ | |
| private static readonly DEFAULT_MAX_TOKEN_LIFETIME_SECS_; | |
| /** | |
| * Generates URL for consent page landing. | |
| * @param opts Options. | |
| * @return URL to consent page. | |
| */ | |
| generateAuthUrl(opts?: GenerateAuthUrlOpts): string; | |
| generateCodeVerifier(): void; | |
| /** | |
| * Convenience method to automatically generate a code_verifier, and its | |
| * resulting SHA256. If used, this must be paired with a S256 | |
| * code_challenge_method. | |
| * | |
| * For a full example see: | |
| * https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js | |
| */ | |
| generateCodeVerifierAsync(): Promise<CodeVerifierResults>; | |
| /** | |
| * Gets the access token for the given code. | |
| * @param code The authorization code. | |
| * @param callback Optional callback fn. | |
| */ | |
| getToken(code: string): Promise<GetTokenResponse>; | |
| getToken(options: GetTokenOptions): Promise<GetTokenResponse>; | |
| getToken(code: string, callback: GetTokenCallback): void; | |
| getToken(options: GetTokenOptions, callback: GetTokenCallback): void; | |
| private getTokenAsync; | |
| /** | |
| * Refreshes the access token. | |
| * @param refresh_token Existing refresh token. | |
| * @private | |
| */ | |
| protected refreshToken(refreshToken?: string | null): Promise<GetTokenResponse>; | |
| protected refreshTokenNoCache(refreshToken?: string | null): Promise<GetTokenResponse>; | |
| /** | |
| * Retrieves the access token using refresh token | |
| * | |
| * @param callback callback | |
| */ | |
| refreshAccessToken(): Promise<RefreshAccessTokenResponse>; | |
| refreshAccessToken(callback: RefreshAccessTokenCallback): void; | |
| private refreshAccessTokenAsync; | |
| /** | |
| * Get a non-expired access token, after refreshing if necessary | |
| * | |
| * @param callback Callback to call with the access token | |
| */ | |
| getAccessToken(): Promise<GetAccessTokenResponse>; | |
| getAccessToken(callback: GetAccessTokenCallback): void; | |
| private getAccessTokenAsync; | |
| /** | |
| * The main authentication interface. It takes an optional url which when | |
| * present is the endpoint being accessed, and returns a Promise which | |
| * resolves with authorization header fields. | |
| * | |
| * In OAuth2Client, the result has the form: | |
| * { authorization: 'Bearer <access_token_value>' } | |
| */ | |
| getRequestHeaders(url?: string | URL): Promise<Headers>; | |
| protected getRequestMetadataAsync(url?: string | URL | null): Promise<RequestMetadataResponse>; | |
| /** | |
| * Generates an URL to revoke the given token. | |
| * @param token The existing token to be revoked. | |
| * | |
| * @deprecated use instance method {@link OAuth2Client.getRevokeTokenURL} | |
| */ | |
| static getRevokeTokenUrl(token: string): string; | |
| /** | |
| * Generates a URL to revoke the given token. | |
| * | |
| * @param token The existing token to be revoked. | |
| */ | |
| getRevokeTokenURL(token: string): URL; | |
| /** | |
| * Revokes the access given to token. | |
| * @param token The existing token to be revoked. | |
| * @param callback Optional callback fn. | |
| */ | |
| revokeToken(token: string): GaxiosPromise<RevokeCredentialsResult>; | |
| revokeToken(token: string, callback: BodyResponseCallback<RevokeCredentialsResult>): void; | |
| /** | |
| * Revokes access token and clears the credentials object | |
| * @param callback callback | |
| */ | |
| revokeCredentials(): GaxiosPromise<RevokeCredentialsResult>; | |
| revokeCredentials(callback: BodyResponseCallback<RevokeCredentialsResult>): void; | |
| private revokeCredentialsAsync; | |
| /** | |
| * Provides a request implementation with OAuth 2.0 flow. If credentials have | |
| * a refresh_token, in cases of HTTP 401 and 403 responses, it automatically | |
| * asks for a new access token and replays the unsuccessful request. | |
| * @param opts Request options. | |
| * @param callback callback. | |
| * @return Request object | |
| */ | |
| request<T>(opts: GaxiosOptions): GaxiosPromise<T>; | |
| request<T>(opts: GaxiosOptions, callback: BodyResponseCallback<T>): void; | |
| protected requestAsync<T>(opts: GaxiosOptions, reAuthRetried?: boolean): Promise<GaxiosResponse<T>>; | |
| /** | |
| * Verify id token is token by checking the certs and audience | |
| * @param options that contains all options. | |
| * @param callback Callback supplying GoogleLogin if successful | |
| */ | |
| verifyIdToken(options: VerifyIdTokenOptions): Promise<LoginTicket>; | |
| verifyIdToken(options: VerifyIdTokenOptions, callback: (err: Error | null, login?: LoginTicket) => void): void; | |
| private verifyIdTokenAsync; | |
| /** | |
| * Obtains information about the provisioned access token. Especially useful | |
| * if you want to check the scopes that were provisioned to a given token. | |
| * | |
| * @param accessToken Required. The Access Token for which you want to get | |
| * user info. | |
| */ | |
| getTokenInfo(accessToken: string): Promise<TokenInfo>; | |
| /** | |
| * Gets federated sign-on certificates to use for verifying identity tokens. | |
| * Returns certs as array structure, where keys are key ids, and values | |
| * are certificates in either PEM or JWK format. | |
| * @param callback Callback supplying the certificates | |
| */ | |
| getFederatedSignonCerts(): Promise<FederatedSignonCertsResponse>; | |
| getFederatedSignonCerts(callback: GetFederatedSignonCertsCallback): void; | |
| getFederatedSignonCertsAsync(): Promise<FederatedSignonCertsResponse>; | |
| /** | |
| * Gets federated sign-on certificates to use for verifying identity tokens. | |
| * Returns certs as array structure, where keys are key ids, and values | |
| * are certificates in either PEM or JWK format. | |
| * @param callback Callback supplying the certificates | |
| */ | |
| getIapPublicKeys(): Promise<IapPublicKeysResponse>; | |
| getIapPublicKeys(callback: GetIapPublicKeysCallback): void; | |
| getIapPublicKeysAsync(): Promise<IapPublicKeysResponse>; | |
| verifySignedJwtWithCerts(): void; | |
| /** | |
| * Verify the id token is signed with the correct certificate | |
| * and is from the correct audience. | |
| * @param jwt The jwt to verify (The ID Token in this case). | |
| * @param certs The array of certs to test the jwt against. | |
| * @param requiredAudience The audience to test the jwt against. | |
| * @param issuers The allowed issuers of the jwt (Optional). | |
| * @param maxExpiry The max expiry the certificate can be (Optional). | |
| * @return Returns a promise resolving to LoginTicket on verification. | |
| */ | |
| verifySignedJwtWithCertsAsync(jwt: string, certs: Certificates | PublicKeys, requiredAudience?: string | string[], issuers?: string[], maxExpiry?: number): Promise<LoginTicket>; | |
| /** | |
| * Returns a promise that resolves with AccessTokenResponse type if | |
| * refreshHandler is defined. | |
| * If not, nothing is returned. | |
| */ | |
| private processAndValidateRefreshHandler; | |
| /** | |
| * Returns true if a token is expired or will expire within | |
| * eagerRefreshThresholdMillismilliseconds. | |
| * If there is no expiry time, assumes the token is not expired or expiring. | |
| */ | |
| protected isTokenExpiring(): boolean; | |
| } | |
| export {}; | |
Xet Storage Details
- Size:
- 25.3 kB
- Xet hash:
- dd5cae042a2ef17027ce61141bf27072afdf1e4161a9450156f2f66819b03077
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.