UNPKG

@authduo/authduo

Version:

Free User-sovereign Authentication for the World

49 lines 2.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import { Token } from "../jwt/token.js"; import { Keypair } from "../keypair.js"; /** * Login keys token -- able to sign login claims for the user * - represents a user's login, signed by the user's passport * - contains an ephemeral login keypair, used for signing claims on behalf of the user * - you may save this token into your app's local storage, to maintain the user's login * - NEVER distribute these login keys anywhere offsite * - don't even send these login keys to your own services * - instead, you can distribute the login proof token, available as `loginKeys.proof.token` * - another good idea is to use the login to sign claim tokens via `login.signClaimToken(~)` * - you can put any information into the claim token that you like * - you can send a `claimToken` along with a `proofToken` and your services can verify them with `Claim.verify(~)` */ export class Keys { proof; token; payload; constructor(proof, token, payload) { this.proof = proof; this.token = token; this.payload = payload; } get name() { return this.payload.data.name; } get thumbprint() { return this.proof.thumbprint; } get expiresAt() { return Token.toJsTime(this.payload.exp); } isExpired() { return Date.now() > this.expiresAt; } static decode(token) { return Token.decode(token); } static async verify(proof, keysToken, options) { const passportPubkey = await proof.getPassportPubkey(); await passportPubkey.verify(keysToken, options); const { payload } = this.decode(keysToken); return new this(proof, keysToken, payload); } async signClaimToken({ data, ...requirements }) { const sub = this.thumbprint; const loginKeypair = await Keypair.fromData(this.payload.data.loginKeypair); return await loginKeypair.sign({ ...Token.params(requirements), sub, data, }); } } //# sourceMappingURL=keys.js.map