@authduo/authduo/x/auth/tokens/claim.js

Free User-sovereign Authentication for the World

import { Token } from "../jwt/token.js";
/**
 * Login claim token -- make any verifiable claim on behalf of your user
 *  - contains any arbitrary data, signed by the user's login
 *  - verification of a claim token requires a proof token
 *  - you can send this to any of your services, along with the proof token for verification
 */
export class Claim {
    proof;
    token;
    payload;
    constructor(proof, token, payload) {
        this.proof = proof;
        this.token = token;
        this.payload = payload;
    }
    get thumbprint() { return this.payload.sub; }
    get expiresAt() { return Token.toJsTime(this.payload.exp); }
    get data() { return this.payload.data; }
    isExpired() {
        return Date.now() > this.expiresAt;
    }
    static decode(claimToken) {
        return Token.decode(claimToken);
    }
    static async verify(proof, claimToken, options = {}) {
        const { payload } = this.decode(claimToken);
        const claim = new this(proof, claimToken, payload);
        if (claim.thumbprint !== proof.thumbprint)
            throw new Error(`thumbprint mismatch between claim and proof`);
        const loginPubkey = await proof.getLoginPubkey();
        await loginPubkey.verify(claimToken, options);
        return claim;
    }
}
//# sourceMappingURL=claim.js.map