@authduo/authduo/x/auth/tokens/proof.js

Free User-sovereign Authentication for the World

import { Keys } from "./keys.js";
import { Claim } from "./claim.js";
import { Pubkey } from "../pubkey.js";
import { Token } from "../jwt/token.js";
/**
 * Login proof token -- proof that a user is logged in
 *  - proves that a user is logged in, signed by the user's passport
 *  - can verify LoginKeys tokens and LoginClaim tokens
 *  - contains user info, the passport public key, and the login public key
 *  - you can send this around freely to any services that need to know if the user is logged in, or any service that needs to verify any claims you sign with the login keys
 */
export class Proof {
    token;
    payload;
    constructor(token, payload) {
        this.token = token;
        this.payload = payload;
    }
    get audience() { return this.payload.aud; }
    get expiresAt() { return Token.toJsTime(this.payload.exp); }
    get thumbprint() { return this.payload.data.passportPubkey.thumbprint; }
    async getPassportPubkey() {
        return await Pubkey.fromData(this.payload.data.passportPubkey);
    }
    async getLoginPubkey() {
        return await Pubkey.fromData(this.payload.data.loginPubkey);
    }
    isExpired() {
        return Date.now() > this.expiresAt;
    }
    async verifyLogin(loginToken) {
        return Keys.verify(this, loginToken);
    }
    async verifyClaim(claimToken) {
        return Claim.verify(this, claimToken);
    }
    static decode(token) {
        return Token.decode(token);
    }
    static async verify(token, options) {
        const { payload } = this.decode(token);
        const proof = new this(token, payload);
        const passportPubkey = await proof.getPassportPubkey();
        await passportPubkey.verify(token, options);
        return proof;
    }
}
//# sourceMappingURL=proof.js.map