diff --git a/docs/README.md b/docs/README.md index 974fa800..cbd07b29 100644 --- a/docs/README.md +++ b/docs/README.md @@ -170,6 +170,8 @@ ### Variables +- [clockSkew](variables/clockSkew.md) +- [clockTolerance](variables/clockTolerance.md) - [expectNoNonce](variables/expectNoNonce.md) - [expectNoState](variables/expectNoState.md) - [skipAuthTimeCheck](variables/skipAuthTimeCheck.md) diff --git a/docs/interfaces/Client.md b/docs/interfaces/Client.md index 1769b513..f6a5e23d 100644 --- a/docs/interfaces/Client.md +++ b/docs/interfaces/Client.md @@ -17,6 +17,8 @@ Recognized Client Metadata that have an effect on the exposed functionality. ### Properties - [client\_id](Client.md#client_id) +- [[clockSkew]](Client.md#[clockskew]) +- [[clockTolerance]](Client.md#[clocktolerance]) - [authorization\_signed\_response\_alg](Client.md#authorization_signed_response_alg) - [client\_secret](Client.md#client_secret) - [default\_max\_age](Client.md#default_max_age) @@ -36,6 +38,60 @@ Client identifier. ___ +### [clockSkew] + +• `Optional` **[clockSkew]**: `number` + +Use to adjust the client's assumed current time. Positive and negative finite values +representing seconds are allowed. Default is `0` (Date.now() + 0 seconds is used). + +**`Example`** + +When the client's local clock is mistakenly 1 hour in the past + +```ts +const client: oauth.Client = { + client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428', + // ... other metadata + [oauth.clockSkew]: +(60 * 60), +} +``` + +**`Example`** + +When the client's local clock is mistakenly 1 hour in the future + +```ts +const client: oauth.Client = { + client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428', + // ... other metadata + [oauth.clockSkew]: -(60 * 60), +} +``` + +___ + +### [clockTolerance] + +• `Optional` **[clockTolerance]**: `number` + +Use to set allowed client's clock tolerance when checking DateTime JWT Claims. Only positive +finite values representing seconds are allowed. Default is `30` (30 seconds). + +**`Example`** + +Tolerate 30 seconds clock skew when validating JWT claims like exp or nbf. + +```ts +const client: oauth.Client = { + client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428', + // ... other metadata + [oauth.clockTolerance]: 30, +} +``` + +___ + ### authorization\_signed\_response\_alg • `Optional` **authorization\_signed\_response\_alg**: [`JWSAlgorithm`](../types/JWSAlgorithm.md) diff --git a/docs/interfaces/ProtectedResourceRequestOptions.md b/docs/interfaces/ProtectedResourceRequestOptions.md index e2357a9d..68889171 100644 --- a/docs/interfaces/ProtectedResourceRequestOptions.md +++ b/docs/interfaces/ProtectedResourceRequestOptions.md @@ -7,6 +7,7 @@ ### Properties - [DPoP](ProtectedResourceRequestOptions.md#dpop) +- [[clockSkew]](ProtectedResourceRequestOptions.md#[clockskew]) - [signal](ProtectedResourceRequestOptions.md#signal) ## Properties @@ -19,6 +20,18 @@ DPoP-related options. ___ +### [clockSkew] + +• `Optional` **[clockSkew]**: `number` + +Use to adjust the client's assumed current time. Positive and negative finite values +representing seconds are allowed. Default is `0` (Date.now() + 0 seconds is used). + +This option only affects the request if the [DPoP](DPoPRequestOptions.md#dpop) +option is also used. + +___ + ### signal • `Optional` **signal**: [`AbortSignal`]( https://developer.mozilla.org/docs/Web/API/AbortSignal ) \| () => [`AbortSignal`]( https://developer.mozilla.org/docs/Web/API/AbortSignal ) diff --git a/docs/variables/clockSkew.md b/docs/variables/clockSkew.md new file mode 100644 index 00000000..9bdc7640 --- /dev/null +++ b/docs/variables/clockSkew.md @@ -0,0 +1,5 @@ +# Variable: clockSkew + +[💗 Help the project](https://github.com/sponsors/panva) + +• `Const` **clockSkew**: typeof [`clockSkew`](clockSkew.md) diff --git a/docs/variables/clockTolerance.md b/docs/variables/clockTolerance.md new file mode 100644 index 00000000..49587f8f --- /dev/null +++ b/docs/variables/clockTolerance.md @@ -0,0 +1,5 @@ +# Variable: clockTolerance + +[💗 Help the project](https://github.com/sponsors/panva) + +• `Const` **clockTolerance**: typeof [`clockTolerance`](clockTolerance.md) diff --git a/src/index.ts b/src/index.ts index de7bcbcc..bee786ce 100644 --- a/src/index.ts +++ b/src/index.ts @@ -169,9 +169,7 @@ interface JWK { readonly [parameter: string]: JsonValue | undefined } -/** @ignore during Documentation generation but part of the public API */ export const clockSkew = Symbol() -/** @ignore during Documentation generation but part of the public API */ export const clockTolerance = Symbol() /** @@ -512,9 +510,9 @@ export interface Client { * Use to adjust the client's assumed current time. Positive and negative finite values * representing seconds are allowed. Default is `0` (Date.now() + 0 seconds is used). * - * @ignore during Documentation generation but part of the public API + * @example * - * @example Client's local clock is mistakenly 1 hour in the past + * When the client's local clock is mistakenly 1 hour in the past * * ```ts * const client: oauth.Client = { @@ -524,7 +522,9 @@ export interface Client { * } * ``` * - * @example Client's local clock is mistakenly 1 hour in the future + * @example + * + * When the client's local clock is mistakenly 1 hour in the future * * ```ts * const client: oauth.Client = { @@ -540,9 +540,9 @@ export interface Client { * Use to set allowed client's clock tolerance when checking DateTime JWT Claims. Only positive * finite values representing seconds are allowed. Default is `30` (30 seconds). * - * @ignore during Documentation generation but part of the public API + * @example * - * @example Tolerate 30 seconds clock skew when validating JWT claims like exp or nbf. + * Tolerate 30 seconds clock skew when validating JWT claims like exp or nbf. * * ```ts * const client: oauth.Client = { @@ -1686,8 +1686,6 @@ export interface ProtectedResourceRequestOptions * * This option only affects the request if the {@link ProtectedResourceRequestOptions.DPoP DPoP} * option is also used. - * - * @ignore during Documentation generation but part of the public API */ [clockSkew]?: number }