logto/packages/core/src/env-set/oidc.ts

import crypto from 'node:crypto';

import type { LogtoOidcConfigType } from '@logto/schemas';
import { LogtoOidcConfigKey } from '@logto/schemas';
import { conditional } from '@silverhand/essentials';
import { createLocalJWKSet } from 'jose';

import { exportJWK } from '#src/utils/jwks.js';

const loadOidcValues = async (issuer: string, configs: LogtoOidcConfigType) => {
  const cookieKeys = configs[LogtoOidcConfigKey.CookieKeys].map(({ value }) => value);
  const privateKeys = configs[LogtoOidcConfigKey.PrivateKeys].map(({ value }) =>
    crypto.createPrivateKey(value)
  );
  const publicKeys = privateKeys.map((key) => crypto.createPublicKey(key));
  const privateJwks = await Promise.all(privateKeys.map(async (key) => exportJWK(key)));
  const publicJwks = await Promise.all(publicKeys.map(async (key) => exportJWK(key)));
  const localJWKSet = createLocalJWKSet({ keys: publicJwks });

  // Use ES384 if it's an Elliptic Curve key, otherwise fall back to default
  // It's for backwards compatibility since we were using RSA keys before v1.0.0-beta.20
  const jwkSigningAlg = conditional(privateJwks[0]?.kty === 'EC' && 'ES384');

  return Object.freeze({
    cookieKeys,
    privateJwks,
    publicJwks,
    jwkSigningAlg,
    localJWKSet,
    issuer,
  });
};

export default loadOidcValues;
chore(deps): update silverhand configs monorepo packages to v3.0.0 (#3585) * chore(deps): update silverhand configs monorepo packages to v3.0.0 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Gao Sun <gao@silverhand.io> 2023-03-24 16:28:36 +00:00			`import crypto from 'node:crypto';`
refactor(core): inquire when required env not found (#586) * refactor(core): inquire when required env not found * refactor(core): add comments for create DB pool 2022-04-21 16:13:59 +08:00
refactor: fix lint errors 2022-10-21 13:14:17 +08:00			`import type { LogtoOidcConfigType } from '@logto/schemas';`
			`import { LogtoOidcConfigKey } from '@logto/schemas';`
refactor: support EC key and ES signing algorithms (#2847) 2023-01-09 17:34:13 +08:00			`import { conditional } from '@silverhand/essentials';`
feat(core): support signing key rotation (#1732) 2022-08-08 14:00:24 +08:00			`import { createLocalJWKSet } from 'jose';`
refactor(core): inquire when required env not found (#586) * refactor(core): inquire when required env not found * refactor(core): add comments for create DB pool 2022-04-21 16:13:59 +08:00
refactor: use esm (batch 3) 2022-11-21 16:38:24 +08:00			`import { exportJWK } from '#src/utils/jwks.js';`
feat(core): support signing key rotation (#1732) 2022-08-08 14:00:24 +08:00
refactor(core): read OIDC configs from database 2022-10-09 17:22:34 +08:00			`const loadOidcValues = async (issuer: string, configs: LogtoOidcConfigType) => {`
refactor(schemas,core,cli): alter signing key type to json object (#4582) 2023-10-08 12:51:04 -05:00			`const cookieKeys = configs[LogtoOidcConfigKey.CookieKeys].map(({ value }) => value);`
			`const privateKeys = configs[LogtoOidcConfigKey.PrivateKeys].map(({ value }) =>`
			`crypto.createPrivateKey(value)`
feat(core): support signing key rotation (#1732) 2022-08-08 14:00:24 +08:00			`);`
			`const publicKeys = privateKeys.map((key) => crypto.createPublicKey(key));`
			`const privateJwks = await Promise.all(privateKeys.map(async (key) => exportJWK(key)));`
			`const publicJwks = await Promise.all(publicKeys.map(async (key) => exportJWK(key)));`
			`const localJWKSet = createLocalJWKSet({ keys: publicJwks });`
refactor(core): inquire when required env not found (#586) * refactor(core): inquire when required env not found * refactor(core): add comments for create DB pool 2022-04-21 16:13:59 +08:00
refactor: support EC key and ES signing algorithms (#2847) 2023-01-09 17:34:13 +08:00			`// Use ES384 if it's an Elliptic Curve key, otherwise fall back to default`
			`// It's for backwards compatibility since we were using RSA keys before v1.0.0-beta.20`
			`const jwkSigningAlg = conditional(privateJwks[0]?.kty === 'EC' && 'ES384');`

refactor(core): inquire when required env not found (#586) * refactor(core): inquire when required env not found * refactor(core): add comments for create DB pool 2022-04-21 16:13:59 +08:00			`return Object.freeze({`
feat(core): cookie keys configuration (#902) * feat(core): cookie keys configuration * refactor: improved wording * refactor: improved wording * fix(core): test 2022-05-20 00:08:33 +08:00			`cookieKeys,`
feat(core): support signing key rotation (#1732) 2022-08-08 14:00:24 +08:00			`privateJwks,`
refactor!: adjust packages to adapt admin tenant 2023-02-10 19:57:25 +08:00			`publicJwks,`
refactor: support EC key and ES signing algorithms (#2847) 2023-01-09 17:34:13 +08:00			`jwkSigningAlg,`
feat(core): support signing key rotation (#1732) 2022-08-08 14:00:24 +08:00			`localJWKSet,`
refactor(core): use `ENDPOINT` to replace original env urls (#1416) * refactor(core): use `ENDPOINT` to replace original env urls * refactor(core): log endpoint if needed * refactor: update AC App ID in tests * fix(core): oidc issuer * refactor: remove unnecessary `.toString()` 2022-07-05 18:01:49 +08:00			`issuer,`
refactor(core): inquire when required env not found (#586) * refactor(core): inquire when required env not found * refactor(core): add comments for create DB pool 2022-04-21 16:13:59 +08:00			`});`
			`};`

			`export default loadOidcValues;`