fix: add IMS offline token validation

[andreituicu]

Description

Add IMS offline token validation.

How Has This Been Tested?

Unit tests only.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• I have signed the Adobe Open Source CLA.
• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[codecov]

Codecov Report

Attention: Patch coverage is 86.36364% with 9 lines in your changes missing coverage. Please review.

Project coverage is 77.78%. Comparing base (6c01f9e) to head (68c8f01).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/utils/auth.js	86.36%	9 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #109      +/-   ##
==========================================
+ Coverage   77.41%   77.78%   +0.36%     
==========================================
  Files          38       38              
  Lines        1820     1886      +66     
==========================================
+ Hits         1409     1467      +58     
- Misses        411      419       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[auniverseaway]

This is great. Couple questions / comments:

1. For my own knowledge: how often do keys change for IMS?
2. Can you fix the linting errors?
3. Do you think this satisfies @jenssingler's comments / concerns?

Really looking forward to this.

[andreituicu]

1. For my own knowledge: how often do keys change for IMS?

They do not publish a schedule for this.
I checked 1 key, for the token that I currently got from IMS and the validity was 10y, but that doesn't mean that they will use it for 10y.
A key rotation can happen at any time, unannounced.
Their recommendation is to not cache for more than 24h, which I applied:

• https://github.com/adobe/da-admin/pull/109/files#diff-1883ed88ee206d2f0b1c69e5738f9c7a58a7f0a719d2514571ba0188446757c4R53
• https://github.com/adobe/da-admin/pull/109/files#diff-1883ed88ee206d2f0b1c69e5738f9c7a58a7f0a719d2514571ba0188446757c4R76

2. Can you fix the linting errors?

There are no linting errors.

npm run lint

> [email protected] lint
> eslint .

There are only codecov errors, because for some reason c8/lcov does not capture correctly the coverage data. Lines that I can see covered by tests if add console.log there, appear as uncovered in the report and I see that problem also appears in main.
I've been trying to see why that happens, but I couldn't figure it out yet. I think I would consider it a separate problem.

3. Do you think this satisfies @jenssingler's comments / concerns?

I believe that yes, it does. I used the library functionality that he suggested to cache the keys in KV for 24h and there is a cooldown period of not fetching keys from remote if too many requests come with tokens pointing to invalid keys.

I asked for his review too.

https://github.com/panva/jose/blob/main/docs/jwks/remote/variables/jwksCache.md