token util

2025-08-11 18:47:32 +00:00 · 2025-01-20 15:22:14 +01:00
parent 86679f14a0
commit 28dc956f40
4 changed files with 29 additions and 16 deletions
--- a/.changeset/twenty-clouds-prove.md
+++ b/.changeset/twenty-clouds-prove.md
@@ -0,0 +1,5 @@
+---
+"@zitadel/client": patch
+---
+
+dynamic properties for system token utility
--- a/apps/login/src/lib/api.ts
+++ b/apps/login/src/lib/api.ts
@@ -1,4 +1,4 @@
-import { importPKCS8, SignJWT } from "jose";
+import { newSystemToken } from "@zitadel/client/node";
 import { getInstanceDomainByHost } from "./zitadel";

 export async function getInstanceUrl(host: string): Promise<string> {
@@ -30,14 +30,11 @@ export async function systemAPIToken() {

  const decodedToken = Buffer.from(key, "base64").toString("utf-8");

-  const token = new SignJWT({})
-    .setProtectedHeader({ alg: "RS256" })
-    .setIssuedAt()
-    .setExpirationTime("1h")
-    .setIssuer(userID)
-    .setSubject(userID)
-    .setAudience(audience)
-    .sign(await importPKCS8(decodedToken, "RS256"));
+  const token = newSystemToken({
+    audience: audience,
+    subject: userID,
+    key: decodedToken,
+  });

  return token;
 }
--- a/packages/zitadel-client/src/node.ts
+++ b/packages/zitadel-client/src/node.ts
@@ -27,13 +27,23 @@ export function createClientTransport(token: string, opts: GrpcTransportOptions)
  });
 }

-export async function newSystemToken() {
+export async function newSystemToken({
+  audience,
+  subject,
+  key,
+  expirationTime,
+}: {
+  audience: string;
+  subject: string;
+  key: string;
+  expirationTime?: number | string | Date;
+}) {
  return await new SignJWT({})
    .setProtectedHeader({ alg: "RS256" })
    .setIssuedAt()
-    .setExpirationTime("1h")
-    .setIssuer(process.env.ZITADEL_SYSTEM_API_USERID ?? "")
-    .setSubject(process.env.ZITADEL_SYSTEM_API_USERID ?? "")
-    .setAudience(process.env.ZITADEL_ISSUER ?? "")
-    .sign(await importPKCS8(process.env.ZITADEL_SYSTEM_API_KEY ?? "", "RS256"));
+    .setExpirationTime(expirationTime ?? "1h")
+    .setIssuer(subject)
+    .setSubject(subject)
+    .setAudience(audience)
+    .sign(await importPKCS8(key, "RS256"));
 }
--- a/turbo.json
+++ b/turbo.json
@@ -11,7 +11,8 @@
    "SYSTEM_USER_PRIVATE_KEY",
    "ZITADEL_API_URL",
    "ZITADEL_USER_ID",
-    "ZITADEL_USER_TOKEN"
+    "ZITADEL_USER_TOKEN",
+    "ZITADEL_SYSTEM_API_USERID"
  ],
  "tasks": {
    "generate": {