@astrox/authentication 0.0.20 → 0.0.24
Sign up to get free protection for your applications and to get access to all the features.
- package/package.json +5 -5
- package/lib/cjs/index.d.ts +0 -73
- package/lib/cjs/index.js +0 -132
- package/lib/cjs/index.js.map +0 -1
- package/lib/esm/index.d.ts +0 -73
- package/lib/esm/index.js +0 -124
- package/lib/esm/index.js.map +0 -1
- package/lib/tsconfig-cjs.tsbuildinfo +0 -2446
- package/lib/tsconfig.tsbuildinfo +0 -2445
package/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"name": "@astrox/authentication",
|
3
|
-
"version": "0.0.
|
3
|
+
"version": "0.0.24",
|
4
4
|
"author": "DFINITY Stiftung <sdk@astrox.org>",
|
5
5
|
"license": "Apache-2.0",
|
6
6
|
"description": "JavaScript and TypeScript library to manage identity and authentication with the Internet Computer",
|
@@ -40,9 +40,9 @@
|
|
40
40
|
"test:coverage": "jest --verbose --collectCoverage"
|
41
41
|
},
|
42
42
|
"devDependencies": {
|
43
|
-
"@astrox/agent": "^0.0.
|
44
|
-
"@astrox/identity": "^0.0.
|
45
|
-
"@astrox/principal": "^0.0.
|
43
|
+
"@astrox/agent": "^0.0.24",
|
44
|
+
"@astrox/identity": "^0.0.24",
|
45
|
+
"@astrox/principal": "^0.0.24",
|
46
46
|
"@trust/webcrypto": "^0.9.2",
|
47
47
|
"@types/jest": "^24.9.1",
|
48
48
|
"@typescript-eslint/eslint-plugin": "^4.14.2",
|
@@ -59,5 +59,5 @@
|
|
59
59
|
"typescript": "^4.2.3",
|
60
60
|
"whatwg-fetch": "^3.0.0"
|
61
61
|
},
|
62
|
-
"gitHead": "
|
62
|
+
"gitHead": "d30a12d7f9c700aff21fea4a3e9909fbf86dbce2"
|
63
63
|
}
|
package/lib/cjs/index.d.ts
DELETED
@@ -1,73 +0,0 @@
|
|
1
|
-
import { PublicKey } from '@astrox/agent';
|
2
|
-
import { DelegationChain } from '@astrox/identity';
|
3
|
-
import { Principal } from '@astrox/principal';
|
4
|
-
/**
|
5
|
-
* Options for {@link createAuthenticationRequestUrl}. All these options may be limited
|
6
|
-
* further by the identity provider, or an error can happen.
|
7
|
-
*/
|
8
|
-
export interface CreateUrlOptions {
|
9
|
-
/**
|
10
|
-
* The public key to delegate to. This should be the public key of the session key.
|
11
|
-
*/
|
12
|
-
publicKey: PublicKey;
|
13
|
-
/**
|
14
|
-
* The scope of the delegation. This must contain at least one key and a maximum
|
15
|
-
* of four. This is validated in {@link createAuthenticationRequestUrl} but also
|
16
|
-
* will be validated as part of the identity provider.
|
17
|
-
*/
|
18
|
-
scope: Array<string | Principal>;
|
19
|
-
/**
|
20
|
-
* The URI to redirect to, after authentication. By default, `window.location.origin`.
|
21
|
-
*/
|
22
|
-
redirectUri?: string;
|
23
|
-
/**
|
24
|
-
* The URL base to use for the identity provider.
|
25
|
-
* By default, this is "https://auth.ic0.app/authorize".
|
26
|
-
*/
|
27
|
-
identityProvider?: URL | string;
|
28
|
-
}
|
29
|
-
/**
|
30
|
-
* List of things to check for a delegation chain validity.
|
31
|
-
*/
|
32
|
-
export interface DelegationValidChecks {
|
33
|
-
/**
|
34
|
-
* Check that the scope is amongst the scopes that this delegation has access to.
|
35
|
-
*/
|
36
|
-
scope?: Principal | string | Array<Principal | string>;
|
37
|
-
}
|
38
|
-
/**
|
39
|
-
* A parsed access token.
|
40
|
-
*/
|
41
|
-
export declare type AccessToken = string & {
|
42
|
-
_BRAND: 'access_token';
|
43
|
-
};
|
44
|
-
/**
|
45
|
-
* Create a URL that can be used to redirect the browser to request authentication (e.g. using
|
46
|
-
* the authentication provider). Will throw if some options are invalid.
|
47
|
-
* @param options An option with all options for the authentication request.
|
48
|
-
*/
|
49
|
-
export declare function createAuthenticationRequestUrl(options: CreateUrlOptions): URL;
|
50
|
-
/**
|
51
|
-
* Returns an AccessToken from the Window object. This cannot be used in Node, instead use
|
52
|
-
* the {@link getAccessTokenFromURL} function.
|
53
|
-
*
|
54
|
-
* An access token is needed to create a DelegationChain object.
|
55
|
-
*/
|
56
|
-
export declare function getAccessTokenFromWindow(): AccessToken | null;
|
57
|
-
/**
|
58
|
-
* Analyze a URL and try to extract an AccessToken from it.
|
59
|
-
* @param url The URL to look into.
|
60
|
-
*/
|
61
|
-
export declare function getAccessTokenFromURL(url: URL | string): AccessToken | null;
|
62
|
-
/**
|
63
|
-
* Create a DelegationChain from an AccessToken extracted from a redirect URL.
|
64
|
-
* @param accessToken The access token extracted from a redirect URL.
|
65
|
-
*/
|
66
|
-
export declare function createDelegationChainFromAccessToken(accessToken: AccessToken): DelegationChain;
|
67
|
-
/**
|
68
|
-
* Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
|
69
|
-
* scope.
|
70
|
-
* @param chain The chain to validate.
|
71
|
-
* @param checks Various checks to validate on the chain.
|
72
|
-
*/
|
73
|
-
export declare function isDelegationValid(chain: DelegationChain, checks?: DelegationValidChecks): boolean;
|
package/lib/cjs/index.js
DELETED
@@ -1,132 +0,0 @@
|
|
1
|
-
"use strict";
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
-
exports.isDelegationValid = exports.createDelegationChainFromAccessToken = exports.getAccessTokenFromURL = exports.getAccessTokenFromWindow = exports.createAuthenticationRequestUrl = void 0;
|
4
|
-
const identity_1 = require("@astrox/identity");
|
5
|
-
const principal_1 = require("@astrox/principal");
|
6
|
-
const DEFAULT_IDENTITY_PROVIDER_URL = 'https://auth.ic0.app/authorize';
|
7
|
-
function toHexString(bytes) {
|
8
|
-
return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
|
9
|
-
}
|
10
|
-
function _getDefaultLocation() {
|
11
|
-
if (typeof window === 'undefined') {
|
12
|
-
throw new Error('Could not find default location.');
|
13
|
-
}
|
14
|
-
return window.location.origin;
|
15
|
-
}
|
16
|
-
/**
|
17
|
-
* Create a URL that can be used to redirect the browser to request authentication (e.g. using
|
18
|
-
* the authentication provider). Will throw if some options are invalid.
|
19
|
-
* @param options An option with all options for the authentication request.
|
20
|
-
*/
|
21
|
-
function createAuthenticationRequestUrl(options) {
|
22
|
-
var _a, _b, _c;
|
23
|
-
const url = new URL((_b = (_a = options.identityProvider) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : DEFAULT_IDENTITY_PROVIDER_URL);
|
24
|
-
url.searchParams.set('response_type', 'token');
|
25
|
-
url.searchParams.set('login_hint', toHexString(options.publicKey.toDer()));
|
26
|
-
url.searchParams.set('redirect_uri', (_c = options.redirectUri) !== null && _c !== void 0 ? _c : _getDefaultLocation());
|
27
|
-
url.searchParams.set('scope', options.scope
|
28
|
-
.map(p => {
|
29
|
-
if (typeof p === 'string') {
|
30
|
-
return principal_1.Principal.fromText(p);
|
31
|
-
}
|
32
|
-
else {
|
33
|
-
return p;
|
34
|
-
}
|
35
|
-
})
|
36
|
-
.map(p => p.toString())
|
37
|
-
.join(' '));
|
38
|
-
url.searchParams.set('state', '');
|
39
|
-
return url;
|
40
|
-
}
|
41
|
-
exports.createAuthenticationRequestUrl = createAuthenticationRequestUrl;
|
42
|
-
/**
|
43
|
-
* Returns an AccessToken from the Window object. This cannot be used in Node, instead use
|
44
|
-
* the {@link getAccessTokenFromURL} function.
|
45
|
-
*
|
46
|
-
* An access token is needed to create a DelegationChain object.
|
47
|
-
*/
|
48
|
-
function getAccessTokenFromWindow() {
|
49
|
-
if (typeof window === 'undefined') {
|
50
|
-
return null;
|
51
|
-
}
|
52
|
-
return getAccessTokenFromURL(new URL(window.location.href));
|
53
|
-
}
|
54
|
-
exports.getAccessTokenFromWindow = getAccessTokenFromWindow;
|
55
|
-
/**
|
56
|
-
* Analyze a URL and try to extract an AccessToken from it.
|
57
|
-
* @param url The URL to look into.
|
58
|
-
*/
|
59
|
-
function getAccessTokenFromURL(url) {
|
60
|
-
// Remove the `#` at the start.
|
61
|
-
const hashParams = new URLSearchParams(new URL(url.toString()).hash.substr(1));
|
62
|
-
return hashParams.get('access_token');
|
63
|
-
}
|
64
|
-
exports.getAccessTokenFromURL = getAccessTokenFromURL;
|
65
|
-
/**
|
66
|
-
* Create a DelegationChain from an AccessToken extracted from a redirect URL.
|
67
|
-
* @param accessToken The access token extracted from a redirect URL.
|
68
|
-
*/
|
69
|
-
function createDelegationChainFromAccessToken(accessToken) {
|
70
|
-
// Transform the HEXADECIMAL string into the JSON it represents.
|
71
|
-
if (/[^0-9a-fA-F]/.test(accessToken) || accessToken.length % 2) {
|
72
|
-
throw new Error('Invalid hexadecimal string for accessToken.');
|
73
|
-
}
|
74
|
-
const chainJson = [...accessToken]
|
75
|
-
.reduce((acc, curr, i) => {
|
76
|
-
// tslint:disable-next-line:no-bitwise
|
77
|
-
acc[(i / 2) | 0] = (acc[(i / 2) | 0] || '') + curr;
|
78
|
-
return acc;
|
79
|
-
}, [])
|
80
|
-
.map(x => Number.parseInt(x, 16))
|
81
|
-
.map(x => String.fromCharCode(x))
|
82
|
-
.join('');
|
83
|
-
return identity_1.DelegationChain.fromJSON(chainJson);
|
84
|
-
}
|
85
|
-
exports.createDelegationChainFromAccessToken = createDelegationChainFromAccessToken;
|
86
|
-
/**
|
87
|
-
* Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
|
88
|
-
* scope.
|
89
|
-
* @param chain The chain to validate.
|
90
|
-
* @param checks Various checks to validate on the chain.
|
91
|
-
*/
|
92
|
-
function isDelegationValid(chain, checks) {
|
93
|
-
// Verify that the no delegation is expired. If any are in the chain, returns false.
|
94
|
-
for (const { delegation } of chain.delegations) {
|
95
|
-
// prettier-ignore
|
96
|
-
if (+new Date(Number(delegation.expiration / BigInt(1000000))) <= +Date.now()) {
|
97
|
-
return false;
|
98
|
-
}
|
99
|
-
}
|
100
|
-
// Check the scopes.
|
101
|
-
const scopes = [];
|
102
|
-
const maybeScope = checks === null || checks === void 0 ? void 0 : checks.scope;
|
103
|
-
if (maybeScope) {
|
104
|
-
if (Array.isArray(maybeScope)) {
|
105
|
-
scopes.push(...maybeScope.map(s => (typeof s === 'string' ? principal_1.Principal.fromText(s) : s)));
|
106
|
-
}
|
107
|
-
else {
|
108
|
-
scopes.push(typeof maybeScope === 'string' ? principal_1.Principal.fromText(maybeScope) : maybeScope);
|
109
|
-
}
|
110
|
-
}
|
111
|
-
for (const s of scopes) {
|
112
|
-
const scope = s.toText();
|
113
|
-
for (const { delegation } of chain.delegations) {
|
114
|
-
if (delegation.targets === undefined) {
|
115
|
-
continue;
|
116
|
-
}
|
117
|
-
let none = true;
|
118
|
-
for (const target of delegation.targets) {
|
119
|
-
if (target.toText() === scope) {
|
120
|
-
none = false;
|
121
|
-
break;
|
122
|
-
}
|
123
|
-
}
|
124
|
-
if (none) {
|
125
|
-
return false;
|
126
|
-
}
|
127
|
-
}
|
128
|
-
}
|
129
|
-
return true;
|
130
|
-
}
|
131
|
-
exports.isDelegationValid = isDelegationValid;
|
132
|
-
//# sourceMappingURL=index.js.map
|
package/lib/cjs/index.js.map
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AACA,+CAAmD;AACnD,iDAA8C;AAE9C,MAAM,6BAA6B,GAAG,gCAAgC,CAAC;AAEvE,SAAS,WAAW,CAAC,KAAkB;IACrC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AAChC,CAAC;AA8CD;;;;GAIG;AACH,SAAgB,8BAA8B,CAAC,OAAyB;;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAA,MAAA,OAAO,CAAC,gBAAgB,0CAAE,QAAQ,EAAE,mCAAI,6BAA6B,CAAC,CAAC;IAC3F,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC3E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAA,OAAO,CAAC,WAAW,mCAAI,mBAAmB,EAAE,CAAC,CAAC;IACnF,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,OAAO,EACP,OAAO,CAAC,KAAK;SACV,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;YACzB,OAAO,qBAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC9B;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;SACtB,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;IACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAElC,OAAO,GAAG,CAAC;AACb,CAAC;AArBD,wEAqBC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,qBAAqB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9D,CAAC;AALD,4DAKC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,GAAiB;IACrD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,OAAO,UAAU,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;AAC9D,CAAC;AAJD,sDAIC;AAED;;;GAGG;AACH,SAAgB,oCAAoC,CAAC,WAAwB;IAC3E,gEAAgE;IAChE,IAAI,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC9D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IACD,MAAM,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC;SAC/B,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;QACvB,sCAAsC;QACtC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAc,CAAC;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,0BAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAhBD,oFAgBC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,KAAsB,EAAE,MAA8B;IACtF,oFAAoF;IACpF,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;QAC9C,kBAAkB;QAClB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE;YAC7E,OAAO,KAAK,CAAC;SACd;KACF;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,CAAC;IACjC,IAAI,UAAU,EAAE;QACd,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,qBAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC1F;aAAM;YACL,MAAM,CAAC,IAAI,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,qBAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;SAC3F;KACF;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;QACtB,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;YAC9C,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE;gBACpC,SAAS;aACV;YAED,IAAI,IAAI,GAAG,IAAI,CAAC;YAChB,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE;gBACvC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,KAAK,EAAE;oBAC7B,IAAI,GAAG,KAAK,CAAC;oBACb,MAAM;iBACP;aACF;YACD,IAAI,IAAI,EAAE;gBACR,OAAO,KAAK,CAAC;aACd;SACF;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAzCD,8CAyCC"}
|
package/lib/esm/index.d.ts
DELETED
@@ -1,73 +0,0 @@
|
|
1
|
-
import { PublicKey } from '@astrox/agent';
|
2
|
-
import { DelegationChain } from '@astrox/identity';
|
3
|
-
import { Principal } from '@astrox/principal';
|
4
|
-
/**
|
5
|
-
* Options for {@link createAuthenticationRequestUrl}. All these options may be limited
|
6
|
-
* further by the identity provider, or an error can happen.
|
7
|
-
*/
|
8
|
-
export interface CreateUrlOptions {
|
9
|
-
/**
|
10
|
-
* The public key to delegate to. This should be the public key of the session key.
|
11
|
-
*/
|
12
|
-
publicKey: PublicKey;
|
13
|
-
/**
|
14
|
-
* The scope of the delegation. This must contain at least one key and a maximum
|
15
|
-
* of four. This is validated in {@link createAuthenticationRequestUrl} but also
|
16
|
-
* will be validated as part of the identity provider.
|
17
|
-
*/
|
18
|
-
scope: Array<string | Principal>;
|
19
|
-
/**
|
20
|
-
* The URI to redirect to, after authentication. By default, `window.location.origin`.
|
21
|
-
*/
|
22
|
-
redirectUri?: string;
|
23
|
-
/**
|
24
|
-
* The URL base to use for the identity provider.
|
25
|
-
* By default, this is "https://auth.ic0.app/authorize".
|
26
|
-
*/
|
27
|
-
identityProvider?: URL | string;
|
28
|
-
}
|
29
|
-
/**
|
30
|
-
* List of things to check for a delegation chain validity.
|
31
|
-
*/
|
32
|
-
export interface DelegationValidChecks {
|
33
|
-
/**
|
34
|
-
* Check that the scope is amongst the scopes that this delegation has access to.
|
35
|
-
*/
|
36
|
-
scope?: Principal | string | Array<Principal | string>;
|
37
|
-
}
|
38
|
-
/**
|
39
|
-
* A parsed access token.
|
40
|
-
*/
|
41
|
-
export declare type AccessToken = string & {
|
42
|
-
_BRAND: 'access_token';
|
43
|
-
};
|
44
|
-
/**
|
45
|
-
* Create a URL that can be used to redirect the browser to request authentication (e.g. using
|
46
|
-
* the authentication provider). Will throw if some options are invalid.
|
47
|
-
* @param options An option with all options for the authentication request.
|
48
|
-
*/
|
49
|
-
export declare function createAuthenticationRequestUrl(options: CreateUrlOptions): URL;
|
50
|
-
/**
|
51
|
-
* Returns an AccessToken from the Window object. This cannot be used in Node, instead use
|
52
|
-
* the {@link getAccessTokenFromURL} function.
|
53
|
-
*
|
54
|
-
* An access token is needed to create a DelegationChain object.
|
55
|
-
*/
|
56
|
-
export declare function getAccessTokenFromWindow(): AccessToken | null;
|
57
|
-
/**
|
58
|
-
* Analyze a URL and try to extract an AccessToken from it.
|
59
|
-
* @param url The URL to look into.
|
60
|
-
*/
|
61
|
-
export declare function getAccessTokenFromURL(url: URL | string): AccessToken | null;
|
62
|
-
/**
|
63
|
-
* Create a DelegationChain from an AccessToken extracted from a redirect URL.
|
64
|
-
* @param accessToken The access token extracted from a redirect URL.
|
65
|
-
*/
|
66
|
-
export declare function createDelegationChainFromAccessToken(accessToken: AccessToken): DelegationChain;
|
67
|
-
/**
|
68
|
-
* Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
|
69
|
-
* scope.
|
70
|
-
* @param chain The chain to validate.
|
71
|
-
* @param checks Various checks to validate on the chain.
|
72
|
-
*/
|
73
|
-
export declare function isDelegationValid(chain: DelegationChain, checks?: DelegationValidChecks): boolean;
|
package/lib/esm/index.js
DELETED
@@ -1,124 +0,0 @@
|
|
1
|
-
import { DelegationChain } from '@astrox/identity';
|
2
|
-
import { Principal } from '@astrox/principal';
|
3
|
-
const DEFAULT_IDENTITY_PROVIDER_URL = 'https://auth.ic0.app/authorize';
|
4
|
-
function toHexString(bytes) {
|
5
|
-
return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
|
6
|
-
}
|
7
|
-
function _getDefaultLocation() {
|
8
|
-
if (typeof window === 'undefined') {
|
9
|
-
throw new Error('Could not find default location.');
|
10
|
-
}
|
11
|
-
return window.location.origin;
|
12
|
-
}
|
13
|
-
/**
|
14
|
-
* Create a URL that can be used to redirect the browser to request authentication (e.g. using
|
15
|
-
* the authentication provider). Will throw if some options are invalid.
|
16
|
-
* @param options An option with all options for the authentication request.
|
17
|
-
*/
|
18
|
-
export function createAuthenticationRequestUrl(options) {
|
19
|
-
var _a, _b, _c;
|
20
|
-
const url = new URL((_b = (_a = options.identityProvider) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : DEFAULT_IDENTITY_PROVIDER_URL);
|
21
|
-
url.searchParams.set('response_type', 'token');
|
22
|
-
url.searchParams.set('login_hint', toHexString(options.publicKey.toDer()));
|
23
|
-
url.searchParams.set('redirect_uri', (_c = options.redirectUri) !== null && _c !== void 0 ? _c : _getDefaultLocation());
|
24
|
-
url.searchParams.set('scope', options.scope
|
25
|
-
.map(p => {
|
26
|
-
if (typeof p === 'string') {
|
27
|
-
return Principal.fromText(p);
|
28
|
-
}
|
29
|
-
else {
|
30
|
-
return p;
|
31
|
-
}
|
32
|
-
})
|
33
|
-
.map(p => p.toString())
|
34
|
-
.join(' '));
|
35
|
-
url.searchParams.set('state', '');
|
36
|
-
return url;
|
37
|
-
}
|
38
|
-
/**
|
39
|
-
* Returns an AccessToken from the Window object. This cannot be used in Node, instead use
|
40
|
-
* the {@link getAccessTokenFromURL} function.
|
41
|
-
*
|
42
|
-
* An access token is needed to create a DelegationChain object.
|
43
|
-
*/
|
44
|
-
export function getAccessTokenFromWindow() {
|
45
|
-
if (typeof window === 'undefined') {
|
46
|
-
return null;
|
47
|
-
}
|
48
|
-
return getAccessTokenFromURL(new URL(window.location.href));
|
49
|
-
}
|
50
|
-
/**
|
51
|
-
* Analyze a URL and try to extract an AccessToken from it.
|
52
|
-
* @param url The URL to look into.
|
53
|
-
*/
|
54
|
-
export function getAccessTokenFromURL(url) {
|
55
|
-
// Remove the `#` at the start.
|
56
|
-
const hashParams = new URLSearchParams(new URL(url.toString()).hash.substr(1));
|
57
|
-
return hashParams.get('access_token');
|
58
|
-
}
|
59
|
-
/**
|
60
|
-
* Create a DelegationChain from an AccessToken extracted from a redirect URL.
|
61
|
-
* @param accessToken The access token extracted from a redirect URL.
|
62
|
-
*/
|
63
|
-
export function createDelegationChainFromAccessToken(accessToken) {
|
64
|
-
// Transform the HEXADECIMAL string into the JSON it represents.
|
65
|
-
if (/[^0-9a-fA-F]/.test(accessToken) || accessToken.length % 2) {
|
66
|
-
throw new Error('Invalid hexadecimal string for accessToken.');
|
67
|
-
}
|
68
|
-
const chainJson = [...accessToken]
|
69
|
-
.reduce((acc, curr, i) => {
|
70
|
-
// tslint:disable-next-line:no-bitwise
|
71
|
-
acc[(i / 2) | 0] = (acc[(i / 2) | 0] || '') + curr;
|
72
|
-
return acc;
|
73
|
-
}, [])
|
74
|
-
.map(x => Number.parseInt(x, 16))
|
75
|
-
.map(x => String.fromCharCode(x))
|
76
|
-
.join('');
|
77
|
-
return DelegationChain.fromJSON(chainJson);
|
78
|
-
}
|
79
|
-
/**
|
80
|
-
* Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
|
81
|
-
* scope.
|
82
|
-
* @param chain The chain to validate.
|
83
|
-
* @param checks Various checks to validate on the chain.
|
84
|
-
*/
|
85
|
-
export function isDelegationValid(chain, checks) {
|
86
|
-
// Verify that the no delegation is expired. If any are in the chain, returns false.
|
87
|
-
for (const { delegation } of chain.delegations) {
|
88
|
-
// prettier-ignore
|
89
|
-
if (+new Date(Number(delegation.expiration / BigInt(1000000))) <= +Date.now()) {
|
90
|
-
return false;
|
91
|
-
}
|
92
|
-
}
|
93
|
-
// Check the scopes.
|
94
|
-
const scopes = [];
|
95
|
-
const maybeScope = checks === null || checks === void 0 ? void 0 : checks.scope;
|
96
|
-
if (maybeScope) {
|
97
|
-
if (Array.isArray(maybeScope)) {
|
98
|
-
scopes.push(...maybeScope.map(s => (typeof s === 'string' ? Principal.fromText(s) : s)));
|
99
|
-
}
|
100
|
-
else {
|
101
|
-
scopes.push(typeof maybeScope === 'string' ? Principal.fromText(maybeScope) : maybeScope);
|
102
|
-
}
|
103
|
-
}
|
104
|
-
for (const s of scopes) {
|
105
|
-
const scope = s.toText();
|
106
|
-
for (const { delegation } of chain.delegations) {
|
107
|
-
if (delegation.targets === undefined) {
|
108
|
-
continue;
|
109
|
-
}
|
110
|
-
let none = true;
|
111
|
-
for (const target of delegation.targets) {
|
112
|
-
if (target.toText() === scope) {
|
113
|
-
none = false;
|
114
|
-
break;
|
115
|
-
}
|
116
|
-
}
|
117
|
-
if (none) {
|
118
|
-
return false;
|
119
|
-
}
|
120
|
-
}
|
121
|
-
}
|
122
|
-
return true;
|
123
|
-
}
|
124
|
-
//# sourceMappingURL=index.js.map
|
package/lib/esm/index.js.map
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,6BAA6B,GAAG,gCAAgC,CAAC;AAEvE,SAAS,WAAW,CAAC,KAAkB;IACrC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AAChC,CAAC;AA8CD;;;;GAIG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAyB;;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAA,MAAA,OAAO,CAAC,gBAAgB,0CAAE,QAAQ,EAAE,mCAAI,6BAA6B,CAAC,CAAC;IAC3F,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC3E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAA,OAAO,CAAC,WAAW,mCAAI,mBAAmB,EAAE,CAAC,CAAC;IACnF,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,OAAO,EACP,OAAO,CAAC,KAAK;SACV,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;YACzB,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC9B;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;SACtB,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;IACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAElC,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,qBAAqB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAAiB;IACrD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,OAAO,UAAU,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oCAAoC,CAAC,WAAwB;IAC3E,gEAAgE;IAChE,IAAI,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC9D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IACD,MAAM,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC;SAC/B,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;QACvB,sCAAsC;QACtC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAc,CAAC;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAsB,EAAE,MAA8B;IACtF,oFAAoF;IACpF,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;QAC9C,kBAAkB;QAClB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE;YAC7E,OAAO,KAAK,CAAC;SACd;KACF;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,CAAC;IACjC,IAAI,UAAU,EAAE;QACd,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC1F;aAAM;YACL,MAAM,CAAC,IAAI,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;SAC3F;KACF;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;QACtB,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;YAC9C,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE;gBACpC,SAAS;aACV;YAED,IAAI,IAAI,GAAG,IAAI,CAAC;YAChB,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE;gBACvC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,KAAK,EAAE;oBAC7B,IAAI,GAAG,KAAK,CAAC;oBACb,MAAM;iBACP;aACF;YACD,IAAI,IAAI,EAAE;gBACR,OAAO,KAAK,CAAC;aACd;SACF;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|