89 lines
3.3 KiB
TypeScript
89 lines
3.3 KiB
TypeScript
|
import { OIDCProvider } from '../src';
|
|||
|
|
import type { OIDCProviderConfig } from '../src/types';
|
|||
|
|
|
|||
|
|
// 示例:使用RS256算法自动生成密钥对
|
|||
|
|
const configWithRS256: OIDCProviderConfig = {
|
|||
|
|
issuer: 'https://your-auth-server.com',
|
|||
|
|
signingKey: 'temporary-key', // 这个字符串会被自动生成的RSA密钥对替代
|
|||
|
|
signingAlgorithm: 'RS256', // 指定使用RSA算法
|
|||
|
|
storage: {} as any, // 这里应该是真实的存储适配器
|
|||
|
|
findUser: async (userId: string) => null,
|
|||
|
|
findClient: async (clientId: string) => null,
|
|||
|
|
authConfig: {
|
|||
|
|
passwordValidator: async (username: string, password: string) => null,
|
|||
|
|
},
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
// 示例:使用ES256算法自动生成密钥对
|
|||
|
|
const configWithES256: OIDCProviderConfig = {
|
|||
|
|
issuer: 'https://your-auth-server.com',
|
|||
|
|
signingKey: 'temporary-key', // 这个字符串会被自动生成的ECDSA密钥对替代
|
|||
|
|
signingAlgorithm: 'ES256', // 指定使用ECDSA算法
|
|||
|
|
storage: {} as any,
|
|||
|
|
findUser: async (userId: string) => null,
|
|||
|
|
findClient: async (clientId: string) => null,
|
|||
|
|
authConfig: {
|
|||
|
|
passwordValidator: async (username: string, password: string) => null,
|
|||
|
|
},
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
// 示例:使用HS256算法(不会自动生成密钥对)
|
|||
|
|
const configWithHS256: OIDCProviderConfig = {
|
|||
|
|
issuer: 'https://your-auth-server.com',
|
|||
|
|
signingKey: 'your-secret-key', // 对于HMAC,直接使用字符串密钥
|
|||
|
|
signingAlgorithm: 'HS256',
|
|||
|
|
storage: {} as any,
|
|||
|
|
findUser: async (userId: string) => null,
|
|||
|
|
findClient: async (clientId: string) => null,
|
|||
|
|
authConfig: {
|
|||
|
|
passwordValidator: async (username: string, password: string) => null,
|
|||
|
|
},
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
// 使用示例
|
|||
|
|
async function demonstrateAutoKeyGeneration() {
|
|||
|
|
console.log('=== 自动密钥生成示例 ===\n');
|
|||
|
|
|
|||
|
|
// RS256 示例
|
|||
|
|
console.log('1. 创建使用RS256算法的Provider:');
|
|||
|
|
const providerRS256 = new OIDCProvider(configWithRS256);
|
|||
|
|
|
|||
|
|
// 第一次调用会触发RSA密钥对生成
|
|||
|
|
console.log('获取JWKS (会自动生成RSA密钥对):');
|
|||
|
|
const jwksRS256 = await providerRS256.getJWKS();
|
|||
|
|
console.log('RSA JWKS keys数量:', jwksRS256.keys.length);
|
|||
|
|
console.log('RSA 密钥类型:', jwksRS256.keys[0]?.kty);
|
|||
|
|
console.log('RSA 算法:', jwksRS256.keys[0]?.alg);
|
|||
|
|
console.log('');
|
|||
|
|
|
|||
|
|
// ES256 示例
|
|||
|
|
console.log('2. 创建使用ES256算法的Provider:');
|
|||
|
|
const providerES256 = new OIDCProvider(configWithES256);
|
|||
|
|
|
|||
|
|
// 第一次调用会触发ECDSA密钥对生成
|
|||
|
|
console.log('获取JWKS (会自动生成ECDSA密钥对):');
|
|||
|
|
const jwksES256 = await providerES256.getJWKS();
|
|||
|
|
console.log('ECDSA JWKS keys数量:', jwksES256.keys.length);
|
|||
|
|
console.log('ECDSA 密钥类型:', jwksES256.keys[0]?.kty);
|
|||
|
|
console.log('ECDSA 算法:', jwksES256.keys[0]?.alg);
|
|||
|
|
console.log('');
|
|||
|
|
|
|||
|
|
// HS256 示例
|
|||
|
|
console.log('3. 创建使用HS256算法的Provider:');
|
|||
|
|
const providerHS256 = new OIDCProvider(configWithHS256);
|
|||
|
|
|
|||
|
|
// HS256不会生成JWKS
|
|||
|
|
console.log('获取JWKS (HS256不暴露密钥):');
|
|||
|
|
const jwksHS256 = await providerHS256.getJWKS();
|
|||
|
|
console.log('HS256 JWKS keys数量:', jwksHS256.keys.length);
|
|||
|
|
console.log('');
|
|||
|
|
|
|||
|
|
console.log('=== 示例完成 ===');
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 如果直接运行此文件
|
|||
|
|
if (require.main === module) {
|
|||
|
|
demonstrateAutoKeyGeneration().catch(console.error);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
export { demonstrateAutoKeyGeneration };
|