From 6de5e67bbb9cdbe4ecfbff60a726e1187929cf2a Mon Sep 17 00:00:00 2001 From: Alvar San Martin Date: Tue, 27 Jan 2026 12:31:37 +0100 Subject: [PATCH] Solicitud de tokens correcta --- packages/shared/domain/JWT.ts | 10 ++-- .../aplication/JWT.service.test.ts | 7 ++- .../aplication/JWT.service.ts | 59 ++++++++++--------- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/packages/shared/domain/JWT.ts b/packages/shared/domain/JWT.ts index 0eab8ba..72017c5 100644 --- a/packages/shared/domain/JWT.ts +++ b/packages/shared/domain/JWT.ts @@ -80,24 +80,24 @@ export class JWTToken { }) { const strHeader = JSON.stringify(args.header) const base64Header = Buffer.from(strHeader).toString("base64url") - let msg = base64Header + let token = base64Header if (args.payload != undefined) { const strPayload = JSON.stringify(args.payload) const base64payload = Buffer.from(strPayload).toString("base64url") - msg += ("." + base64payload) + token += ("." + base64payload) } if (args.sigantureData != undefined) { const base64signature = signJWT({ algorythm: args.sigantureData.algorythm, privateKey: args.sigantureData.privateKey, - data: msg + data: token }).toString("base64url") - msg += ("." + base64signature) + token += ("." + base64signature) } - console.log("JWT", msg) + return token } diff --git a/packages/sim-consumidor-activaciones/aplication/JWT.service.test.ts b/packages/sim-consumidor-activaciones/aplication/JWT.service.test.ts index 35b3ffb..0c424bf 100644 --- a/packages/sim-consumidor-activaciones/aplication/JWT.service.test.ts +++ b/packages/sim-consumidor-activaciones/aplication/JWT.service.test.ts @@ -10,5 +10,10 @@ describe("Tokens Objenious", () => { test("Solicicitud normal de auth", async () => { const token = await jwtService.getAccessToken() console.log("acceso objenious", token) - }) + }), + + test("Solicicitud de refresh de auth", async () => { + const token = await jwtService.tryRefreshToken() + console.log("acceso refresh objenious", token) + }) }) diff --git a/packages/sim-consumidor-activaciones/aplication/JWT.service.ts b/packages/sim-consumidor-activaciones/aplication/JWT.service.ts index e0b70b5..f949873 100644 --- a/packages/sim-consumidor-activaciones/aplication/JWT.service.ts +++ b/packages/sim-consumidor-activaciones/aplication/JWT.service.ts @@ -7,7 +7,7 @@ import { JWTToken } from "#shared/domain/JWT" import axios, { AxiosError } from "axios"; -import { sign } from "node:crypto" + type GrantAccessRequestBody = { grant_type: string, @@ -37,6 +37,7 @@ type AuthHeaders = { exp: number, } +const PRIVATE_KEY_PATH = __dirname + "/../obj.pem" const GET_TOKEN_URL = "https://idp.docapost.io/auth/realms/GETWAY/protocol/openid-connect/token" const REFRESH_TOKEN_URL = GET_TOKEN_URL @@ -77,7 +78,6 @@ function addIATHeaders(authHeaders: Object) { * Se puede partir de tokens existentes. */ export class JWTService { - // Igual no deberia mantener estado private authToken?: JWTToken<{}> private refreshToken?: JWTToken<{}> @@ -90,47 +90,48 @@ export class JWTService { if (args?.refreshToken != undefined) this.refreshToken = new JWTToken(args.refreshToken) } - public async getAccessToken() { - if (this.authToken != undefined && !this.authToken.isExpired()) { - console.warn("Se está intentado conseguir un token sin expirar el anterior") + private buildJwtBody() { + const jwtHeaders = { + alg: "RS256", + typ: "JWT", + kid: env.OBJ_KID } - - console.log("headers", addIATHeaders(DEFAULT_HEADERS)) - console.log("body", DEFAULT_BODY) - console.log("keypath", __dirname + "/../obj.pem") - const key = fs.readFileSync(__dirname + "/../obj.pem", "utf8") - const msg = Buffer.from("test") - const signature = sign( - "sha256", - Buffer.from(msg), - key - ) - JWTToken.fromParts({ - header: { alg: "RS256", typ: "JWT", kid: "1234" }, - payload: { - "iss": "savefamily_rest_ws", - "aud": "https://idp.docapost.io/auth/realms/GETWAY", - }, + const jwtData = addIATHeaders({ + sub: env.OBJ_CLIENT_ID, + iss: env.OBJ_CLIENT_ID, + aud: "https://idp.docapost.io/auth/realms/GETWAY", + jti: Date.now().toString(), + }) + const key = fs.readFileSync(PRIVATE_KEY_PATH, "utf8") + const token = JWTToken.fromParts({ + header: jwtHeaders, + payload: jwtData, sigantureData: { algorythm: "sha256", privateKey: key } }) - console.log("signature", signature.toString("base64url")) + return token + } - return; + public async getAccessToken() { + if (this.authToken != undefined && !this.authToken.isExpired()) { + console.warn("Se está intentado conseguir un token sin expirar el anterior") + } + + const bodyWithtoken = { + ...DEFAULT_BODY, + client_assertion: this.buildJwtBody() + } const req = axios.post(GET_TOKEN_URL, - DEFAULT_BODY, + bodyWithtoken, { headers: addIATHeaders(DEFAULT_HEADERS) } ) - - let res; - try { res = (await req).data as TokensRequestResponse; this.authToken = new JWTToken(res.access_token) @@ -141,7 +142,6 @@ export class JWTService { console.error(errorString, (e as AxiosError).response?.data) throw new Error(errorString) } - } public async tryRefreshToken() { @@ -150,6 +150,7 @@ export class JWTService { const body = { ...REFRESH_BODY, + client_assertion: this.buildJwtBody(), refresh_token: this.refreshToken.rawToken }