feat(auth): auth extensions

Introduces TokenManager and supporting classes to handle token acquisition, automatic refresh, and updates via identity providers. This foundation enables consistent authentication token management across different identity provider implementations. Key additions: - Add TokenManager to obtain and maintain auth tokens from identity providers with automated refresh scheduling based on TTL and configurable thresholds - Add IdentityProvider interface for token acquisition from auth providers - Implement Token class for managing token state and TTL tracking - Include configurable retry mechanism with exponential backoff and jitter - Add comprehensive test suite covering refresh cycles and error handling This change establishes the core infrastructure needed for reliable token lifecycle management across different authentication providers.
redis · Dec 13, 2024 · e7d6f5b · e7d6f5b
1 parent a0c324b
commit e7d6f5b
Show file tree

Hide file tree

Showing 13 changed files with 1,156 additions and 35 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/authx/index.ts b/packages/authx/index.ts
@@ -0,0 +1,13 @@
+export { TokenManager, TokenManagerConfig, TokenStreamListener, RetryPolicy, IDPError } from './lib/token-manager';
+export {
+  CredentialsProvider,
+  StreamingCredentialsProvider,
+  UnableToObtainNewCredentialsError,
+  CredentialsError,
+  StreamingCredentialsListener,
+  AsyncCredentialsProvider,
+  ReAuthenticationError,
+  BasicAuth
+} from './lib/credentials-provider';
+export { Token } from './lib/token';
+export { IdentityProvider, TokenResponse } from './lib/identity-provider';
diff --git a/.../lib/client/authx/credentials-provider.ts → packages/authx/lib/credentials-provider.ts b/.../lib/client/authx/credentials-provider.ts → packages/authx/lib/credentials-provider.ts
@@ -1,3 +1,4 @@
+
 /**
  * Provides credentials asynchronously.
  */
@@ -66,12 +67,6 @@ export type StreamingCredentialsListener<T> = {
   onError: (e: Error) => void;
 }
 
-/**
- * Disposable is an interface for objects that hold resources that should be released when they are no longer needed.
- */
-export type Disposable = {
-  dispose: () => void;
-}
 
 /**
  * Providers that can supply authentication credentials

diff --git a/packages/authx/lib/identity-provider.ts b/packages/authx/lib/identity-provider.ts
@@ -0,0 +1,22 @@
+/**
+ * An identity provider is responsible for providing a token that can be used to authenticate with a service.
+ */
+
+/**
+ * The response from an identity provider when requesting a token.
+ *
+ * note: "native" refers to the type of the token that the actual identity provider library is using.
+ *
+ * @type T The type of the native idp token.
+ * @property token The token.
+ * @property ttlMs The time-to-live of the token in epoch milliseconds extracted from the native token in local time.
+ */
+export type TokenResponse<T> = { token: T, ttlMs: number };
+
+export interface IdentityProvider<T> {
+  /**
+   * Request a token from the identity provider.
+   * @returns A promise that resolves to an object containing the token and the time-to-live in epoch milliseconds.
+   */
+  requestToken(): Promise<TokenResponse<T>>;
+}