UNPKG

@hellocoop/web-identity

Version:

Functions for generating and verifying JWT tokens used in the Verified Email Autocomplete protocol

github.com/dickhardt/verified-email-autocomplete

hellocoop/packages

101 lines 2.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import type { JWK, KeyLike } from 'jose'; /** * Key resolver callback for verification functions * @param kid - Key identifier from JWT header * @param issuer - Issuer identifier from JWT payload * @returns Promise resolving to JWK, KeyLike, or Uint8Array for verification */ export type KeyResolver = (kid?: string, issuer?: string) => Promise<JWK | KeyLike | Uint8Array>; /** * RequestToken payload structure (step 3.4) * Used by browsers to request verified email tokens from issuers */ export interface RequestTokenPayload { /** Audience (issuer domain) */ aud: string; /** Issued at time (optional for testing expired tokens) */ iat?: number; /** Nonce provided by the RP */ nonce: string; /** Email address to be verified */ email: string; } /** * IssuanceToken (SD-JWT) payload structure (step 4.2) * Used by issuers to provide verified email tokens to browsers */ export interface IssuanceTokenPayload { /** Issuer identifier */ iss: string; /** Issued at time (optional for testing expired tokens) */ iat?: number; /** Confirmation claim containing browser's public key */ cnf: { /** JSON Web Key (only essential public key parameters) */ jwk: JWK; }; /** Verified email address */ email: string; /** Email verification status (must be true) */ email_verified: boolean; } /** * PresentationToken payload structure (step 5.2) * Contains both SD-JWT and KB-JWT payloads */ export interface PresentationTokenPayload { /** Verified SD-JWT payload */ sdJwt: IssuanceTokenPayload; /** Key Binding JWT payload */ kbJwt: { /** Audience (RP's origin) */ aud: string; /** Nonce from original navigator.credentials.get() call */ nonce: string; /** Issued at time (optional for testing expired tokens) */ iat?: number; /** SHA-256 hash of the SD-JWT (calculated automatically if not provided) */ sd_hash?: string; }; } /** * Token generation options */ export interface TokenGenerationOptions { /** Signing algorithm (default: extracted from JWK) */ algorithm?: string; /** Token expiration time in seconds (default: 60) */ expiresIn?: number; } /** * JWT Header structure for RequestToken */ export interface RequestTokenHeader { /** Algorithm */ alg: string; /** Token type */ typ: string; /** Embedded public key */ jwk: JWK; } /** * JWT Header structure for IssuanceToken (SD-JWT) */ export interface IssuanceTokenHeader { /** Algorithm */ alg: string; /** Token type (web-identity+sd-jwt) */ typ: string; /** Key identifier */ kid: string; } /** * JWT Header structure for Key Binding JWT */ export interface KeyBindingHeader { /** Algorithm */ alg: string; /** Token type (kb+jwt) */ typ: string; } //# sourceMappingURL=types.d.ts.map