@e280/authlocal
Version:
User-sovereign login system for everybody
28 lines • 1.1 kB
JavaScript
import { Hex } from "@e280/stz";
import { signToken } from "../token/sign.js";
import { tokentime } from "../token/tokentime.js";
import { decodeToken } from "../token/decode.js";
import { verifyToken } from "../token/verify.js";
export async function signProof({ identitySecret, expiresAt, proof, appOrigin, authorityOrigin, }) {
return signToken(identitySecret, {
jti: Hex.random(32),
exp: tokentime.at(expiresAt),
sub: proof.nametag.id,
aud: appOrigin,
iss: authorityOrigin,
data: proof,
});
}
export async function verifyProof({ proofToken, appOrigins, atTime }) {
const pre = decodeToken(proofToken);
const { data: proof } = await verifyToken(pre.payload.data.nametag.id, proofToken, { atTime, allowedAudiences: appOrigins });
return proof;
}
export function getAppOriginFromProofToken(proofToken) {
const payload = decodeToken(proofToken).payload;
const appOrigin = payload.aud;
if (!appOrigin)
throw new Error(`proof token is missing audience aud`);
return appOrigin;
}
//# sourceMappingURL=proof.js.map