Add support for multiple issuers (OIDC providers with different JWKS URIs) on a single endpoint (#14)

* add `multiIssuerBearerTokenMiddleware` and `verifyMultiIssuer`
* update all packages, apply latest ts-toolkit
* move @makerx/node-common to dev deps, since we're only using referencing the type

Author: cuzzlor

.eslintignore

@@ -4,6 +4,7 @@ logs
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+pnpm-debug.log*
 lerna-debug.log*
 
 # Dependency directories
@@ -21,8 +22,18 @@ node_modules/
 # Stores VSCode versions used for testing VSCode extensions
 .vscode-test
 
+# Editor/OS directories and files
+.DS_Store
+*.suo
+
 # Jetbrains
-.idea
+.idea/shelf/
+.idea/workspace.xml
+# Editor-based HTTP Client requests
+.idea/httpRequests/
+# Datasource local storage ignored files
+.idea/dataSources/
+.idea/dataSources.local.xml
 
 # yarn v2
 .yarn/cache
@@ -33,10 +44,21 @@ node_modules/
 
 # Compiled code
 dist/
+build/
 
 # Coverage report
 coverage
 
+# Test results
+test-results.xml
+
 # Website & Code docs generation
 code-docs/
 out/
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local

.eslintrc.js

@@ -1,7 +1,2 @@
 {
-  "1092330": {
-    "active": true,
-    "notes": "The latest version of word-wrap was published 6 years ago",
-    "expiry": "2023-11-01"
-  }
-}
+}

.gitignore

@@ -0,0 +1,3 @@
+module.exports = {
+  ...require('@makerx/prettier-config'),
+}

.nsprc

@@ -0,0 +1,11 @@
+import type { TsToolkitConfig } from "@makerx/ts-toolkit";
+
+const config: TsToolkitConfig = {
+  packageConfig: {
+    srcDir: 'src',
+    outDir: 'dist',
+    moduleType: 'commonjs',
+    main: 'index.ts',
+  }
+}
+export default config

.prettierrc

@@ -2,6 +2,6 @@
   "editor.formatOnSave": true,
   "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": true
+    "source.fixAll.eslint": "explicit"
   }
-}
+}

.prettierrc.cjs

@@ -68,6 +68,39 @@ To specify per-host config, provide a \*`BearerConfigCallback` in the form of `(
 
 Note: the callback will only be called once per host (config is cached).
 
+### Apps accepting bearer tokens from multiple issuers
+
+If your app needs to accept bearer tokens from multiple issuers (OIDC endpoints) **each with different JWKS URIs** on a single endpoint (not varied by host), `multiIssuerBearerTokenMiddleware` supports this with a different approach. It will:
+
+- decode the token without verifying it
+- use the `iss` claim to access the issuer-specific config `IssuerOptions` (or return unauthorized, if not found)
+- verify the token using the issuer-specific config (caching JwksClient instances per JWKS URI)
+
+#### Multi-issuer options
+
+```ts
+import { IssuerOptions, multiIssuerBearerTokenMiddleware, MultiIssuerBearerAuthOptions } from '@makerxstudio/express-bearer'
+
+const app = express()
+const issuerOptions: Record<string, IssuerOptions> = {
+  'https://example.com/oidc': {
+    jwksUri: 'https://example.com/oidc/jwks',
+    verifyOptions: {
+      audience: 'https://api.example.com',
+    },
+  },
+  'https://login.microsoftonline.com/<tenant ID>/v2.0': {
+    jwksUri: 'https://login.microsoftonline.com/<tenant ID>/discovery/v2.0/keys',
+    verifyOptions: {
+      audience: '<audience ID>',
+    },
+  },
+}
+
+// add the multi issuer bearer token middleware (to all routes)
+app.use(multiIssuerBearerTokenMiddleware({ issuerOptions, tokenIsRequired: true }))
+```
+
 ## Logging
 
 Set the logger implementation to an object that fulfills the `Logger` definition:

.tstoolkitrc.ts

@@ -0,0 +1,33 @@
+import globals from "globals";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import js from "@eslint/js";
+import { FlatCompat } from "@eslint/eslintrc";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const compat = new FlatCompat({
+    baseDirectory: __dirname,
+    recommendedConfig: js.configs.recommended,
+    allConfig: js.configs.all
+});
+
+export default [{
+    ignores: [
+        "**/.eslintrc.js",
+        "**/node_modules",
+        "**/dist",
+        "**/build",
+        "**/coverage",
+        "**/generated/types.d.ts",
+        "**/generated/types.ts",
+        "**/.idea",
+        "**/.vscode",
+    ],
+}, ...compat.extends("@makerx/eslint-config"), {
+    languageOptions: {
+        globals: {
+            ...globals.node,
+        },
+    },
+}];