@ave-id/sdk 0.2.0 → 0.2.1

package/dist/client.d.ts

@@ -0,0 +1,6 @@
+export declare function startPkceLogin(params: {
+    clientId: string;
+    redirectUri: string;
+    scope?: string;
+    issuer?: string;
+}): Promise<void>;

package/dist/client.js

@@ -0,0 +1,19 @@
+import { buildAuthorizeUrl, generateCodeChallenge, generateCodeVerifier, generateNonce } from "./index";
+export async function startPkceLogin(params) {
+    const verifier = generateCodeVerifier();
+    const challenge = await generateCodeChallenge(verifier);
+    const nonce = generateNonce();
+    sessionStorage.setItem("ave_code_verifier", verifier);
+    sessionStorage.setItem("ave_nonce", nonce);
+    const url = buildAuthorizeUrl({
+        clientId: params.clientId,
+        redirectUri: params.redirectUri,
+        issuer: params.issuer,
+    }, {
+        scope: (params.scope || "openid profile email").split(" "),
+        nonce,
+        codeChallenge: challenge,
+        codeChallengeMethod: "S256",
+    });
+    window.location.href = url;
+}

package/dist/index.d.ts

@@ -0,0 +1,91 @@
+export type Scope = "openid" | "profile" | "email" | "offline_access" | "user_id";
+export interface AveConfig {
+    clientId: string;
+    redirectUri: string;
+    issuer?: string;
+}
+export declare function generateCodeVerifier(): string;
+export declare function generateCodeChallenge(verifier: string): Promise<string>;
+export declare function generateNonce(): string;
+export declare function buildAuthorizeUrl(config: AveConfig, params?: {
+    scope?: Scope[];
+    state?: string;
+    nonce?: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: "S256" | "plain";
+    extraParams?: Record<string, string>;
+}): string;
+export declare function exchangeCode(config: AveConfig, payload: {
+    code: string;
+    codeVerifier?: string;
+}): Promise<import("./types").TokenResponse>;
+export declare function refreshToken(config: AveConfig, payload: {
+    refreshToken: string;
+}): Promise<import("./types").TokenResponse>;
+export declare function fetchUserInfo(config: AveConfig, accessToken: string): Promise<import("./types").UserInfo>;
+export declare function getApiBase(issuer?: string): string;
+export interface SigningConfig {
+    clientId: string;
+    clientSecret: string;
+    issuer?: string;
+}
+/**
+ * Create a signature request for a user identity
+ * This is called from your server with client credentials
+ */
+export declare function createSignatureRequest(config: SigningConfig, params: {
+    identityId: string;
+    payload: string;
+    metadata?: Record<string, unknown>;
+    expiresInSeconds?: number;
+}): Promise<import("./types").SignatureRequest>;
+/**
+ * Check the status of a signature request
+ */
+export declare function getSignatureStatus(config: {
+    clientId: string;
+    issuer?: string;
+}, requestId: string): Promise<import("./types").SignatureResult>;
+/**
+ * Get the public signing key for an identity by handle
+ */
+export declare function getPublicKey(config: {
+    issuer?: string;
+}, handle: string): Promise<{
+    handle: string;
+    publicKey: string;
+    createdAt: string;
+}>;
+/**
+ * Verify a signature using the Ave API
+ */
+export declare function verifySignature(config: {
+    issuer?: string;
+}, params: {
+    message: string;
+    signature: string;
+    publicKey: string;
+}): Promise<{
+    valid: boolean;
+    error?: string;
+}>;
+/**
+ * Build the URL to redirect a user for signing
+ * Use this for browser-based signing flows
+ */
+export declare function buildSigningUrl(config: {
+    issuer?: string;
+}, requestId: string, options?: {
+    embed?: boolean;
+}): string;
+/**
+ * Open a popup window for signing
+ * Returns a promise that resolves when the user signs or denies
+ */
+export declare function openSigningPopup(config: {
+    issuer?: string;
+}, requestId: string): Promise<{
+    signed: boolean;
+    signature?: string;
+    publicKey?: string;
+}>;

package/dist/index.js

@@ -0,0 +1,210 @@
+export function generateCodeVerifier() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    return base64UrlEncode(bytes);
+}
+export async function generateCodeChallenge(verifier) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(verifier);
+    const hash = await crypto.subtle.digest("SHA-256", data);
+    return base64UrlEncode(new Uint8Array(hash));
+}
+export function generateNonce() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    return base64UrlEncode(bytes).slice(0, 32);
+}
+export function buildAuthorizeUrl(config, params = {}) {
+    const issuer = config.issuer || "https://aveid.net";
+    const search = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: config.redirectUri,
+        scope: (params.scope || ["openid", "profile", "email"]).join(" "),
+        state: params.state || "",
+        nonce: params.nonce || "",
+        ...params.extraParams,
+    });
+    if (params.codeChallenge) {
+        search.set("code_challenge", params.codeChallenge);
+        search.set("code_challenge_method", params.codeChallengeMethod || "S256");
+    }
+    return `${issuer}/signin?${search.toString()}`;
+}
+export async function exchangeCode(config, payload) {
+    const apiBase = getApiBase(config.issuer);
+    const response = await fetch(`${apiBase}/api/oauth/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            grantType: "authorization_code",
+            code: payload.code,
+            redirectUri: config.redirectUri,
+            clientId: config.clientId,
+            codeVerifier: payload.codeVerifier,
+        }),
+    });
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to exchange token");
+    }
+    return response.json();
+}
+export async function refreshToken(config, payload) {
+    const apiBase = getApiBase(config.issuer);
+    const response = await fetch(`${apiBase}/api/oauth/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            grantType: "refresh_token",
+            refreshToken: payload.refreshToken,
+            clientId: config.clientId,
+        }),
+    });
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to refresh token");
+    }
+    return response.json();
+}
+export async function fetchUserInfo(config, accessToken) {
+    const apiBase = getApiBase(config.issuer);
+    const response = await fetch(`${apiBase}/api/oauth/userinfo`, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to fetch user info");
+    }
+    return response.json();
+}
+export function getApiBase(issuer) {
+    const base = issuer || "https://aveid.net";
+    return base.replace("https://aveid.net", "https://api.aveid.net");
+}
+function base64UrlEncode(bytes) {
+    return btoa(String.fromCharCode(...bytes))
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+/**
+ * Create a signature request for a user identity
+ * This is called from your server with client credentials
+ */
+export async function createSignatureRequest(config, params) {
+    const apiBase = getApiBase(config.issuer);
+    const response = await fetch(`${apiBase}/api/signing/request`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            clientId: config.clientId,
+            clientSecret: config.clientSecret,
+            identityId: params.identityId,
+            payload: params.payload,
+            metadata: params.metadata,
+            expiresInSeconds: params.expiresInSeconds || 300,
+        }),
+    });
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to create signature request");
+    }
+    return response.json();
+}
+/**
+ * Check the status of a signature request
+ */
+export async function getSignatureStatus(config, requestId) {
+    const apiBase = getApiBase(config.issuer);
+    const response = await fetch(`${apiBase}/api/signing/request/${requestId}/status?clientId=${encodeURIComponent(config.clientId)}`);
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to get signature status");
+    }
+    return response.json();
+}
+/**
+ * Get the public signing key for an identity by handle
+ */
+export async function getPublicKey(config, handle) {
+    const apiBase = getApiBase(config.issuer);
+    const response = await fetch(`${apiBase}/api/signing/public-key/${encodeURIComponent(handle)}`);
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to get public key");
+    }
+    return response.json();
+}
+/**
+ * Verify a signature using the Ave API
+ */
+export async function verifySignature(config, params) {
+    const apiBase = getApiBase(config.issuer);
+    const response = await fetch(`${apiBase}/api/signing/verify`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(params),
+    });
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to verify signature");
+    }
+    return response.json();
+}
+/**
+ * Build the URL to redirect a user for signing
+ * Use this for browser-based signing flows
+ */
+export function buildSigningUrl(config, requestId, options) {
+    const issuer = config.issuer || "https://aveid.net";
+    const params = new URLSearchParams({ requestId });
+    if (options?.embed) {
+        params.set("embed", "1");
+    }
+    return `${issuer}/sign?${params.toString()}`;
+}
+/**
+ * Open a popup window for signing
+ * Returns a promise that resolves when the user signs or denies
+ */
+export function openSigningPopup(config, requestId) {
+    return new Promise((resolve, reject) => {
+        const url = buildSigningUrl(config, requestId);
+        const width = 500;
+        const height = 600;
+        const left = window.screenX + (window.outerWidth - width) / 2;
+        const top = window.screenY + (window.outerHeight - height) / 2;
+        const popup = window.open(url, "ave-signing", `width=${width},height=${height},left=${left},top=${top},popup=yes`);
+        if (!popup) {
+            reject(new Error("Failed to open popup - blocked by browser?"));
+            return;
+        }
+        const handleMessage = (event) => {
+            if (event.origin !== (config.issuer || "https://aveid.net"))
+                return;
+            if (event.data?.type === "ave:signed") {
+                window.removeEventListener("message", handleMessage);
+                popup.close();
+                resolve({
+                    signed: true,
+                    signature: event.data.payload.signature,
+                    publicKey: event.data.payload.publicKey,
+                });
+            }
+            else if (event.data?.type === "ave:denied") {
+                window.removeEventListener("message", handleMessage);
+                popup.close();
+                resolve({ signed: false });
+            }
+        };
+        window.addEventListener("message", handleMessage);
+        // Check if popup was closed without action
+        const checkClosed = setInterval(() => {
+            if (popup.closed) {
+                clearInterval(checkClosed);
+                window.removeEventListener("message", handleMessage);
+                resolve({ signed: false });
+            }
+        }, 500);
+    });
+}

package/dist/server.d.ts

@@ -0,0 +1,20 @@
+export interface ServerConfig {
+    issuer?: string;
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+}
+export interface TokenResponse {
+    access_token: string;
+    access_token_jwt: string;
+    id_token?: string;
+    refresh_token?: string;
+    expires_in: number;
+    scope: string;
+}
+export declare function exchangeCodeServer(config: ServerConfig, payload: {
+    code: string;
+}): Promise<TokenResponse>;
+export declare function refreshTokenServer(config: ServerConfig, payload: {
+    refreshToken: string;
+}): Promise<TokenResponse>;

package/dist/server.js

@@ -0,0 +1,39 @@
+export async function exchangeCodeServer(config, payload) {
+    const issuer = config.issuer || "https://aveid.net";
+    const apiBase = issuer.replace("https://aveid.net", "https://api.aveid.net");
+    const response = await fetch(`${apiBase}/api/oauth/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            grantType: "authorization_code",
+            code: payload.code,
+            redirectUri: config.redirectUri,
+            clientId: config.clientId,
+            clientSecret: config.clientSecret,
+        }),
+    });
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to exchange token");
+    }
+    return response.json();
+}
+export async function refreshTokenServer(config, payload) {
+    const issuer = config.issuer || "https://aveid.net";
+    const apiBase = issuer.replace("https://aveid.net", "https://api.aveid.net");
+    const response = await fetch(`${apiBase}/api/oauth/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            grantType: "refresh_token",
+            refreshToken: payload.refreshToken,
+            clientId: config.clientId,
+            clientSecret: config.clientSecret,
+        }),
+    });
+    if (!response.ok) {
+        const data = await response.json();
+        throw new Error(data.error || "Failed to refresh token");
+    }
+    return response.json();
+}

package/dist/types.d.ts

@@ -0,0 +1,42 @@
+export type Scope = "openid" | "profile" | "email" | "offline_access" | "user_id";
+export interface TokenResponse {
+    access_token: string;
+    access_token_jwt: string;
+    id_token?: string;
+    refresh_token?: string;
+    expires_in: number;
+    scope: string;
+    user?: {
+        id: string;
+        handle: string;
+        displayName: string;
+        email?: string;
+        avatarUrl?: string;
+    };
+    encrypted_app_key?: string;
+    user_id?: string;
+}
+export interface UserInfo {
+    sub: string;
+    name?: string;
+    preferred_username?: string;
+    email?: string;
+    picture?: string;
+    iss?: string;
+    user_id?: string;
+}
+export interface SignatureRequest {
+    requestId: string;
+    expiresAt: string;
+    publicKey: string;
+}
+export interface SignatureResult {
+    status: "signed" | "denied" | "expired" | "pending";
+    signature?: string;
+    resolvedAt?: string;
+}
+export interface SigningConfig {
+    clientId: string;
+    clientSecret: string;
+    issuer?: string;
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ave-id/sdk",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "type": "module",
   "main": "dist/index.js",
   "module": "dist/index.js",