TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 23:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

token util

Browse Source
This commit is contained in:
Max Peintner
2025-01-20 15:22:14 +01:00
parent 86679f14a0
commit 28dc956f40
4 changed files with 29 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.changeset/twenty-clouds-prove.md Normal file
View File

@@ -0,0 +1,5 @@
---
"@zitadel/client": patch
---
dynamic properties for system token utility

15
apps/login/src/lib/api.ts
View File

@@ -1,4 +1,4 @@
import { importPKCS8, SignJWT } from "jose"; import { newSystemToken } from "@zitadel/client/node";
import { getInstanceDomainByHost } from "./zitadel"; import { getInstanceDomainByHost } from "./zitadel";
export async function getInstanceUrl(host: string): Promise<string> { export async function getInstanceUrl(host: string): Promise<string> {
@@ -30,14 +30,11 @@ export async function systemAPIToken() {
const decodedToken = Buffer.from(key, "base64").toString("utf-8"); const decodedToken = Buffer.from(key, "base64").toString("utf-8");
const token = new SignJWT({}) const token = newSystemToken({
.setProtectedHeader({ alg: "RS256" }) audience: audience,
.setIssuedAt() subject: userID,
.setExpirationTime("1h") key: decodedToken,
.setIssuer(userID) });
.setSubject(userID)
.setAudience(audience)
.sign(await importPKCS8(decodedToken, "RS256"));
return token; return token;
} }

22
packages/zitadel-client/src/node.ts
View File

@@ -27,13 +27,23 @@ export function createClientTransport(token: string, opts: GrpcTransportOptions)
}); });
} }
export async function newSystemToken() { export async function newSystemToken({
audience,
subject,
key,
expirationTime,
}: {
audience: string;
subject: string;
key: string;
expirationTime?: number | string | Date;
}) {
return await new SignJWT({}) return await new SignJWT({})
.setProtectedHeader({ alg: "RS256" }) .setProtectedHeader({ alg: "RS256" })
.setIssuedAt() .setIssuedAt()
.setExpirationTime("1h") .setExpirationTime(expirationTime ?? "1h")
.setIssuer(process.env.ZITADEL_SYSTEM_API_USERID ?? "") .setIssuer(subject)
.setSubject(process.env.ZITADEL_SYSTEM_API_USERID ?? "") .setSubject(subject)
.setAudience(process.env.ZITADEL_ISSUER ?? "") .setAudience(audience)
.sign(await importPKCS8(process.env.ZITADEL_SYSTEM_API_KEY ?? "", "RS256")); .sign(await importPKCS8(key, "RS256"));
} }

3
turbo.json
View File

@@ -11,7 +11,8 @@
"SYSTEM_USER_PRIVATE_KEY", "SYSTEM_USER_PRIVATE_KEY",
"ZITADEL_API_URL", "ZITADEL_API_URL",
"ZITADEL_USER_ID", "ZITADEL_USER_ID",
"ZITADEL_USER_TOKEN" "ZITADEL_USER_TOKEN",
"ZITADEL_SYSTEM_API_USERID"
], ],
"tasks": { "tasks": {
"generate": { "generate": {