@verisure-italy/aaa-types

Domain contracts for authentication and authorization: users, clients, tokens, grant types, and roles.

Installation

pnpm add @verisure-italy/aaa-types

Main Exports

• grantTypeSchema, grantTypes, type GrantType
• userRoleSchema, userRoles, type UserRole
• clientSchema, clientDetailsSchema
• userSchema, userDetailsSchema
• infoTokenSchema
• accessTokenSchema

What This Package Gives You

• strongly typed client and user records
• a shared role catalog reused by ACL middleware
• a token payload for authenticated request contexts
• an access-token persistence model for DynamoDB-backed auth flows

Schema Inventory

| Schema | Type alias | Kind | Purpose | | --- | --- | --- | --- | | grantTypeSchema | GrantType | enum | OAuth-like grant catalog | | userRoleSchema | UserRole | enum | Cross-domain role catalog | | clientSchema | Client | object schema | Client model | | clientDetailsSchema | ClientDetails | object schema | Client model with timestamps | | userSchema | User | object schema | User model | | userDetailsSchema | UserDetails | object schema | User model with timestamps | | infoTokenSchema | InfoToken | object schema | Authenticated request token payload | | accessTokenSchema | AccessToken | object schema | Persisted bearer-token record |

Enum Reference

grantTypeSchema

Values:

• authorization_code
• client_credentials
• refresh_token
• password

userRoleSchema

| Domain | Values | | --- | --- | | AAA | ROLE_AAA_ADMIN, ROLE_AAA_READER | | ALIS | ROLE_ALIS_ADMIN, ROLE_ALIS_READER, ROLE_ALIS_CUSTOMER | | Transmitter | ROLE_TRANSMITTER_ADMIN, ROLE_TRANSMITTER_READER | | Overbooking | ROLE_OVERBOOKING_ADMIN, ROLE_OVERBOOKING_READER | | Funnel | ROLE_FUNNEL_ADMIN, ROLE_FUNNEL_READER | | ZIP code | ROLE_ZIP_CODE_ADMIN, ROLE_ZIP_CODE_READER | | Settings | ROLE_SETTINGS_ADMIN, ROLE_SETTINGS_READER | | Coupon code | ROLE_COUPON_CODE_ADMIN, ROLE_COUPON_CODE_READER | | Other | ROLE_ALTITUDE_ADMIN, ROLE_FILEMAKER_ADMIN, ROLE_WEBHOOK_READER, ROLE_WEBHOOK_ADMIN, ROLE_LANDING_PAGE_READER, ROLE_LANDING_PAGE_ADMIN |

Schema Reference

clientSchema

| Field | Type | Required | Notes | | --- | --- | --- | --- | | id | string | Yes | Client identifier | | grants | GrantType[] | Yes | At least one grant | | refreshTokenLifetime | number \| null | Yes (nullable) | Positive when present | | accessTokenLifetime | number \| null | Yes (nullable) | Positive when present | | redirectUris | string[] | Yes | Every entry must be a valid URL |

clientDetailsSchema

clientDetailsSchema = clientSchema + createdAt + updatedAt.

userSchema

| Field | Type | Required | Notes | | --- | --- | --- | --- | | id | string | Yes | User identifier | | roles | UserRole[] | Yes | At least one role | | username | string | Yes | Non-empty |

userDetailsSchema

userDetailsSchema = userSchema + createdAt + updatedAt.

infoTokenSchema

| Field | Type | Required | Notes | | --- | --- | --- | --- | | accessToken | string | Yes | Raw bearer token | | accessTokenExpiresAt | string | Yes | Must be parseable as a date | | scope | string | No | Optional space-delimited scope string | | client.id | string | Yes | Client id only | | user | User | Yes | Embedded user object |

accessTokenSchema

| Field | Type | Required | Notes | | --- | --- | --- | --- | | id | string | Yes | Token record id | | token | string | Yes | Bearer token value | | client.id | string | Yes | Client id only | | user | string | Yes | User reference, usually the user id | | scope | string | No | Optional space-delimited scope string | | expires | number | Yes | Positive Unix timestamp |

Example

import {
  accessTokenSchema,
  userSchema,
  type AccessToken,
  type User,
} from '@verisure-italy/aaa-types'

const user: User = userSchema.parse({
  id: 'user-1',
  username: 'admin',
  roles: ['ROLE_AAA_ADMIN'],
})

const token: AccessToken = accessTokenSchema.parse({
  id: 'token-1',
  token: 'secret',
  client: { id: 'client-1' },
  user: user.id,
  scope: 'profile admin',
  expires: 1_900_000_000,
})