export async function introspectJwtToken()

in src/smartAuthorizationHelper.ts [215:254]

• 36 lines of code
• 5 McCabe index (conditional complexity)

export async function introspectJwtToken(
    token: string,
    expectedAudValue: string | RegExp,
    expectedIssValue: string,
    introspectionOptions: IntrospectionOptions,
) {
    // used to verify if `iss` or `aud` is valid
    const decodedTokenPayload = decodeJwtToken(token, expectedAudValue, expectedIssValue).payload;
    const { introspectUrl, clientId, clientSecret } = introspectionOptions;

    // setup basic authentication
    const username = clientId;
    const password = clientSecret;
    const auth = `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`;

    try {
        const response = await axios.post(introspectUrl, `token=${token}`, {
            headers: {
                'content-type': 'application/x-www-form-urlencoded',
                accept: 'application/json',
                authorization: auth,
                'cache-control': 'no-cache',
            },
        });
        if (!response.data.active) {
            throw new UnauthorizedError(GENERIC_ERR_MESSAGE);
        }
        return decodedTokenPayload;
    } catch (e) {
        if (axios.isAxiosError(e)) {
            if (e.response) {
                logger.warn(`Status received from introspection call: ${e.response.status}`);
                logger.warn(e.response.data);
            }
        } else {
            logger.warn((e as any).message);
        }
        throw new UnauthorizedError(GENERIC_ERR_MESSAGE);
    }
}