UNPKG

@indiekit/endpoint-auth

Version:

IndieAuth authentication and authorization endpoint for Indiekit. Grants and verifies access tokens and authenticates users.

getindiekit.com

getindiekit/indiekit

33 lines (28 loc) 988 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/** * Mimic a Pushed Authorization Request (PAR) * * Ordinarily a PAR would make a request to endpoint. Instead, we will use a * request URI to look up data in locals. * @see {@link https://datatracker.ietf.org/doc/html/rfc9126} * @see {@link https://www.jvt.me/posts/2020/12/09/personal-indieauth-server/#pushed-authorization-requests-par} */ /** * Create a PAR URI * @param {import("express").Request} request - Request * @returns {string} OAuth request URI */ export const createRequestUri = (request) => { const reference = crypto.randomUUID(); request.app.locals[reference] = request.query; return "urn:ietf:params:oauth:request_uri:" + reference; }; /** * Get data from PAR URI * @param {import("express").Request} request - Request * @returns {object} Saved payload */ export const getRequestUriData = (request) => { const { request_uri } = request.query; const reference = String(request_uri).split(":")[5]; return request.app.locals[reference]; };