UNPKG

@e280/authlocal

Version:

User-sovereign login system for everybody

github.com/e280/authlocal

e280/authlocal

41 lines (29 loc) 1.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import {decodeToken} from "../token/decode.js" import {verifyToken} from "../token/verify.js" import {verifyProof} from "../session/proof.js" import {ProofPayload} from "../session/types.js" import {ClaimPayload, VerifyClaimOptions} from "./types.js" export async function verifyClaim<C>({claimToken, appOrigins, allowedAudiences, atTime}: VerifyClaimOptions) { const claimPayload = decodeToken<ClaimPayload<C>>(claimToken).payload const {proofToken} = claimPayload.data const proofPayload = decodeToken<ProofPayload>(proofToken).payload if (!claimPayload.iss) throw new Error(`claim token is lacking "iss" field`) if (!proofPayload.aud) throw new Error(`proof token is lacking "aud" field`) if (claimPayload.iss !== proofPayload.aud) throw new Error(`claim token iss "${claimPayload.iss}" does not match proof token aud "${proofPayload.aud}"`) const proof = await verifyProof({proofToken, appOrigins, atTime}) const {data: {claim}} = await verifyToken<ClaimPayload<C>>( proof.sessionId, claimToken, { atTime, // claim must have been issued by your app allowedIssuers: appOrigins, // claim could include aud allowedAudiences, }, ) return {claim, proof, proofToken} }