UNPKG

@e280/authlocal

Version:

User-sovereign login system for everybody

github.com/e280/authlocal

e280/authlocal

45 lines (38 loc) 1.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import {Hex} from "@e280/stz" import {signToken} from "../token/sign.js" import {tokentime} from "../token/tokentime.js" import {decodeToken} from "../token/decode.js" import {verifyToken} from "../token/verify.js" import {ProofPayload, SignProofOptions, VerifyProofOptions} from "./types.js" export async function signProof({ identitySecret, expiresAt, proof, appOrigin, authorityOrigin, }: SignProofOptions) { return signToken<ProofPayload>(identitySecret, { jti: Hex.random(32), exp: tokentime.at(expiresAt), sub: proof.nametag.id, aud: appOrigin, iss: authorityOrigin, data: proof, }) } export async function verifyProof({proofToken, appOrigins, atTime}: VerifyProofOptions) { const pre = decodeToken<ProofPayload>(proofToken) const {data: proof} = await verifyToken<ProofPayload>( pre.payload.data.nametag.id, proofToken, {atTime, allowedAudiences: appOrigins}, ) return proof } export function getAppOriginFromProofToken(proofToken: string) { const payload = decodeToken<ProofPayload>(proofToken).payload const appOrigin = payload.aud if (!appOrigin) throw new Error(`proof token is missing audience aud`) return appOrigin }