@dcsv-io/d2-auth-abstractions
v0.1.2
Published
<!-- Copyright (c) DCSV. Licensed under the Apache License, Version 2.0. -->
Downloads
178
Readme
@dcsv-io/d2-auth-abstractions
Auth-related constants for TS consumers — Scopes tree, AuthErrorCodes,
AuthFailures factories, JwtClaimTypes. Mirrors
DcsvIo.D2.Auth.Abstractions + DcsvIo.D2.Auth.Errors consolidated
(matches the .NET assembly placement).
Install
pnpm add @dcsv-io/d2-auth-abstractionsPublic API
| Export | Source | Mirror |
| ------------------------------------------------------- | --------------------------------- | ------------------------------------------- |
| Scopes (nested constants) | scopes.g.ts (codegen) | Scopes.*.* (.NET) |
| ALL_SCOPES | scopes.g.ts | Scopes.AllScopes |
| AuthErrorCodes | auth-error-codes.g.ts (codegen) | DcsvIo.D2.Auth.Errors.AuthErrorCodes |
| ALL_AUTH_ERROR_CODES / getAuthErrorHttpStatus(code) | auth-error-codes.g.ts | AuthErrorCodes.AllCodes / GetHttpStatus |
| AuthFailures.<factory>() | auth-failures.g.ts (codegen) | DcsvIo.D2.Auth.Errors.AuthFailures.* |
| JwtClaimTypes | jwt-claim-types.g.ts (codegen) | DcsvIo.D2.Auth.Abstractions.JwtClaimTypes |
| JwtPayload | jwt-payload.g.ts (codegen) | TS-only typed view over the same spec |
Codegen workflow
prebuild chains 4 emitter scripts (auth-scopes / auth-error-codes /
auth-failures / jwt-claims) before tsc -b, so pnpm -r build regenerates
transparently. Generated files (*.g.ts) are committed to git.
JwtClaimTypes AND JwtPayload both emit from
contracts/jwt-claims/jwt-claims.spec.json (one generator, two outputs; sources committed):
JwtClaimTypes— string-constant catalog (every claim's wire name).JwtPayload— TS interface typed on everystandard+d2-customclaim with stable per-field types;inside-actclaims live nested insideactand are not surfaced as top-level fields. A trailingraw: Readonly<Record<string, unknown>>escape hatch carries the raw decoded claims for downstream consumers needing access to non-spec'd claims.
The .NET side consumes the same spec for JwtClaimTypes constants;
.NET reads claim values via ClaimsPrincipal so a typed payload is not
needed there. Cross-language drift on the constant catalog is
structurally impossible (single source).
Header constants
Wire-protocol header catalogs live in the per-transport packages (
@dcsv-io/d2-headers-http,@dcsv-io/d2-headers-grpc,@dcsv-io/d2-headers-amqp,@dcsv-io/d2-headers-common).
Dependencies
@dcsv-io/d2-result—D2Resultshape returned byAuthFailures.*factories.
Usage example
import {
Scopes,
AuthFailures,
AuthErrorCodes,
JwtClaimTypes,
} from "@dcsv-io/d2-auth-abstractions";
import { HttpHeaders } from "@dcsv-io/d2-headers-http";
// Scope check.
if (!ctx.scopes.has(Scopes.auth.user.impersonate.consent)) {
return AuthFailures.scopeInsufficient(ctx.traceId);
}
// Header read.
const idempotency = req.headers[HttpHeaders.IDEMPOTENCY_KEY];
// Claim read.
const sub = jwtPayload[JwtClaimTypes.SUB];
// Error-code discrimination.
if (result.errorCode === AuthErrorCodes.AUTH_JWT_EXPIRED) {
// refresh the token and retry
}Parity with .NET
Mirrors DcsvIo.D2.Auth.Abstractions + DcsvIo.D2.Auth.Errors:
Scopestree — same dot-segmented spec names emitted as nested constants (e.g.Scopes.auth.user.impersonate.consent).AuthErrorCodes— same string values (every constant is its own name).AuthFailures— every factory returnsD2Result.fail(...)with matchingerrorCode+statusCode+ defaultmessageKey.JwtClaimTypes— codegen-emitted fromcontracts/jwt-claims/jwt-claims.spec.json; same constant names + values on both sides.JwtPayload— TS-only typed view emitted from the same spec; .NET reads claims viaClaimsPrincipalrather than a typed shape.
Edge cases
getAuthErrorHttpStatusreturns 500 for unknown codes — defensive default, every shippedAUTH_*code IS in the table.Scopesmay include_selfkeys at branch nodes when an entry is both a leaf scope AND has children (rare; edge case for forward-compat).- Generated files (
*.g.ts) are committed to git.
