@darkauth/client 0.1.1

package/LICENSE

@@ -0,0 +1 @@
+MIT

package/README.md

@@ -0,0 +1,249 @@
+# @DarkAuth/client
+
+A TypeScript client library for DarkAuth - providing zero-knowledge authentication and client-side encryption capabilities for web applications.
+
+## Features
+
+- **Zero-Knowledge Authentication**: Secure OAuth2/OIDC flow with PKCE and ephemeral key exchange
+- **Client-Side Encryption**: Built-in cryptographic functions for data encryption/decryption
+- **Token Management**: Automatic token storage, validation, and refresh
+- **Data Encryption Keys (DEK)**: Support for deriving and managing data encryption keys
+- **Session Persistence**: Secure session storage with key obfuscation
+- **TypeScript Support**: Full TypeScript definitions included
+
+## Installation
+
+```bash
+npm install @DarkAuth/client
+```
+
+## Quick Start
+
+### Basic Setup
+
+```typescript
+import { setConfig, initiateLogin, handleCallback, getStoredSession } from '@DarkAuth/client';
+
+// Configure the client
+setConfig({
+  issuer: 'https://auth.example.com',
+  clientId: 'your-client-id',
+  redirectUri: 'https://app.example.com/callback',
+  zk: true // Enable zero-knowledge mode
+});
+
+// Start login flow
+await initiateLogin();
+
+// Handle OAuth callback (on your callback page)
+const session = await handleCallback();
+if (session) {
+  console.log('Logged in!', session.idToken);
+}
+
+// Get existing session
+const existingSession = getStoredSession();
+if (existingSession && isTokenValid(existingSession.idToken)) {
+  // User is authenticated
+}
+```
+
+## API Reference
+
+### Configuration
+
+#### `setConfig(config: Partial<Config>)`
+
+Configure the DarkAuth client with your authentication settings.
+
+```typescript
+setConfig({
+  issuer: 'https://auth.example.com',     // DarkAuth server URL
+  clientId: 'your-client-id',              // Your application's client ID
+  redirectUri: 'https://app.example.com/callback', // OAuth callback URL
+  zk: true                                 // Enable zero-knowledge mode (default: true)
+});
+```
+
+The client also supports environment variables for configuration:
+- `DARKAUTH_ISSUER` or `VITE_DARKAUTH_ISSUER`
+- `DARKAUTH_CLIENT_ID` or `VITE_CLIENT_ID`
+- `VITE_REDIRECT_URI`
+
+### Authentication Functions
+
+#### `initiateLogin(): Promise<void>`
+
+Starts the OAuth2/OIDC login flow with PKCE. Redirects the user to the DarkAuth authorization server.
+
+#### `handleCallback(): Promise<AuthSession | null>`
+
+Processes the OAuth callback after successful authentication. Returns an `AuthSession` object containing:
+- `idToken`: JWT ID token
+- `drk`: Derived Root Key for encryption operations
+- `refreshToken?`: Optional refresh token
+
+#### `logout(): void`
+
+Clears all authentication data from storage.
+
+#### `getStoredSession(): AuthSession | null`
+
+Retrieves the current session from storage if valid.
+
+#### `refreshSession(): Promise<AuthSession | null>`
+
+Refreshes the current session using the stored refresh token.
+
+### User Information
+
+#### `getCurrentUser(): JwtClaims | null`
+
+Returns the parsed JWT claims from the current ID token.
+
+#### `parseJwt(token: string): JwtClaims | null`
+
+Parses a JWT token and returns its claims.
+
+#### `isTokenValid(token: string): boolean`
+
+Checks if a JWT token is still valid (not expired).
+
+### Cryptographic Functions
+
+The library exports comprehensive cryptographic utilities from `./crypto`:
+
+#### Encoding/Decoding
+- `bytesToBase64Url(bytes: Uint8Array): string`
+- `base64UrlToBytes(base64url: string): Uint8Array`
+- `bytesToBase64(bytes: Uint8Array): string`
+- `base64ToBytes(base64: string): Uint8Array`
+
+#### Hashing
+- `sha256(bytes: Uint8Array): Promise<Uint8Array>`
+
+#### Key Derivation
+- `hkdf(key: Uint8Array, salt: Uint8Array, info: Uint8Array, length?: number): Promise<Uint8Array>`
+- `deriveDek(drk: Uint8Array, noteId: string): Promise<Uint8Array>`
+
+#### Encryption/Decryption
+- `aeadEncrypt(key: CryptoKey, plaintext: Uint8Array, additionalData: Uint8Array): Promise<{iv: Uint8Array, ciphertext: Uint8Array}>`
+- `aeadDecrypt(key: CryptoKey, payload: Uint8Array, additionalData: Uint8Array): Promise<Uint8Array>`
+- `encryptNote(drk: Uint8Array, noteId: string, content: string): Promise<string>`
+- `decryptNote(drk: Uint8Array, noteId: string, ciphertextBase64: string, aadObject: Record<string, unknown>): Promise<string>`
+
+#### Key Management
+- `wrapPrivateKey(privateKeyJwk: JsonWebKey, drk: Uint8Array): Promise<string>`
+- `unwrapPrivateKey(wrappedKey: string, drk: Uint8Array): Promise<JsonWebKey>`
+
+### Data Encryption Keys (DEK)
+
+#### `resolveDek(noteId: string, isOwner: boolean, drk: Uint8Array): Promise<Uint8Array>`
+
+Resolves a data encryption key for a specific resource. If the user is the owner, derives the DEK directly. Otherwise, fetches and decrypts the shared DEK.
+
+#### `clearKeyCache(): void`
+
+Clears the cached encryption keys.
+
+### Hooks System
+
+#### `setHooks(hooks: ClientHooks)`
+
+Configure hooks for custom data fetching:
+
+```typescript
+setHooks({
+  fetchNoteDek: async (noteId: string) => {
+    // Fetch encrypted DEK for a shared note
+    const response = await fetch(`/api/notes/${noteId}/dek`);
+    return response.text();
+  },
+  fetchWrappedEncPrivateJwk: async () => {
+    // Fetch user's wrapped private key
+    const response = await fetch('/api/user/private-key');
+    return response.text();
+  }
+});
+```
+
+## Types
+
+### `AuthSession`
+```typescript
+interface AuthSession {
+  idToken: string;
+  drk: Uint8Array;
+  refreshToken?: string;
+}
+```
+
+### `JwtClaims`
+```typescript
+interface JwtClaims {
+  sub?: string;
+  email?: string;
+  name?: string;
+  exp?: number;
+  iat?: number;
+  iss?: string;
+}
+```
+
+### `Config`
+```typescript
+type Config = {
+  issuer: string;
+  clientId: string;
+  redirectUri: string;
+  zk?: boolean;
+}
+```
+
+### `ClientHooks`
+```typescript
+type ClientHooks = {
+  fetchNoteDek?: (noteId: string) => Promise<string>;
+  fetchWrappedEncPrivateJwk?: () => Promise<string>;
+}
+```
+
+## Security Features
+
+- **PKCE (Proof Key for Code Exchange)**: Protects against authorization code interception
+- **Zero-Knowledge Mode**: Ephemeral key exchange for enhanced privacy
+- **Key Obfuscation**: DRK is obfuscated in storage for additional protection
+- **Secure Storage**: Uses sessionStorage for tokens and localStorage for persistent data
+- **AEAD Encryption**: AES-GCM with additional authenticated data for all encryption operations
+
+## Browser Compatibility
+
+This library requires a modern browser with support for:
+- Web Crypto API
+- ES2015+ features
+- SessionStorage and LocalStorage
+
+## Development
+
+```bash
+# Install dependencies
+npm install
+
+# Build the package
+npm run build
+
+# Type checking
+npm run typecheck
+
+# Linting and formatting
+npm run lint
+npm run format
+```
+
+## License
+
+MIT
+
+## Contributing
+
+Contributions are welcome! Please ensure all code passes linting and type checking before submitting a pull request.

package/dist/crypto.d.ts

@@ -0,0 +1,19 @@
+export declare function bytesToBase64Url(bytes: Uint8Array): string;
+export declare function base64UrlToBytes(base64url: string): Uint8Array;
+export declare function bytesToBase64(bytes: Uint8Array): string;
+export declare function base64ToBytes(base64: string): Uint8Array;
+export declare function sha256(bytes: Uint8Array): Promise<Uint8Array>;
+export declare function hkdf(key: Uint8Array, salt: Uint8Array, info: Uint8Array, length?: number): Promise<Uint8Array>;
+export declare function aeadEncrypt(key: CryptoKey, plaintext: Uint8Array, additionalData: Uint8Array): Promise<{
+    iv: Uint8Array;
+    ciphertext: Uint8Array;
+}>;
+export declare function aeadDecrypt(key: CryptoKey, payload: Uint8Array, additionalData: Uint8Array): Promise<Uint8Array>;
+export declare function aeadKey(bytes: Uint8Array): Promise<CryptoKey>;
+export declare function deriveDek(drk: Uint8Array, noteId: string): Promise<Uint8Array>;
+export declare function encryptNote(drk: Uint8Array, noteId: string, content: string): Promise<string>;
+export declare function decryptNote(drk: Uint8Array, noteId: string, ciphertextBase64: string, aadObject: Record<string, unknown>): Promise<string>;
+export declare function encryptNoteWithDek(dek: Uint8Array, noteId: string, content: string): Promise<string>;
+export declare function decryptNoteWithDek(dek: Uint8Array, noteId: string, ciphertextBase64: string, aadObject: Record<string, unknown>): Promise<string>;
+export declare function wrapPrivateKey(privateKeyJwk: JsonWebKey, drk: Uint8Array): Promise<string>;
+export declare function unwrapPrivateKey(wrappedKey: string, drk: Uint8Array): Promise<JsonWebKey>;

package/dist/crypto.js

@@ -0,0 +1,109 @@
+export function bytesToBase64Url(bytes) {
+    let binaryString = "";
+    for (const byte of bytes)
+        binaryString += String.fromCharCode(byte);
+    return btoa(binaryString).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+export function base64UrlToBytes(base64url) {
+    const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+    const padding = base64.length % 4 === 2 ? "==" : base64.length % 4 === 3 ? "=" : "";
+    return Uint8Array.from(atob(base64 + padding), (c) => c.charCodeAt(0));
+}
+export function bytesToBase64(bytes) {
+    let binaryString = "";
+    for (const byte of bytes)
+        binaryString += String.fromCharCode(byte);
+    return btoa(binaryString);
+}
+export function base64ToBytes(base64) {
+    return Uint8Array.from(atob(base64), (c) => c.charCodeAt(0));
+}
+export async function sha256(bytes) {
+    const buf = bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
+    const digest = await crypto.subtle.digest("SHA-256", buf);
+    return new Uint8Array(digest);
+}
+export async function hkdf(key, salt, info, length = 32) {
+    const toAB = (u) => u.buffer.slice(u.byteOffset, u.byteOffset + u.byteLength);
+    const importedKey = await crypto.subtle.importKey("raw", toAB(key), "HKDF", false, [
+        "deriveBits",
+    ]);
+    const bits = await crypto.subtle.deriveBits({ name: "HKDF", hash: "SHA-256", salt: toAB(salt), info: toAB(info) }, importedKey, length * 8);
+    return new Uint8Array(bits);
+}
+export async function aeadEncrypt(key, plaintext, additionalData) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const toAB = (u) => u.buffer.slice(u.byteOffset, u.byteOffset + u.byteLength);
+    const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv, additionalData: toAB(additionalData) }, key, toAB(plaintext));
+    return { iv, ciphertext: new Uint8Array(ciphertext) };
+}
+export async function aeadDecrypt(key, payload, additionalData) {
+    const iv = payload.slice(0, 12);
+    const ciphertext = payload.slice(12);
+    const toAB = (u) => u.buffer.slice(u.byteOffset, u.byteOffset + u.byteLength);
+    const plaintext = await crypto.subtle.decrypt({ name: "AES-GCM", iv, additionalData: toAB(additionalData) }, key, toAB(ciphertext));
+    return new Uint8Array(plaintext);
+}
+export async function aeadKey(bytes) {
+    const toAB = (u) => u.buffer.slice(u.byteOffset, u.byteOffset + u.byteLength);
+    return crypto.subtle.importKey("raw", toAB(bytes), { name: "AES-GCM" }, false, [
+        "encrypt",
+        "decrypt",
+    ]);
+}
+export async function deriveDek(drk, noteId) {
+    const salt = new TextEncoder().encode("DarkAuth|demo-notes");
+    const info = new TextEncoder().encode(`note:${noteId}`);
+    return hkdf(drk, salt, info, 32);
+}
+export async function encryptNote(drk, noteId, content) {
+    const dek = await deriveDek(drk, noteId);
+    return encryptNoteWithDek(dek, noteId, content);
+}
+export async function decryptNote(drk, noteId, ciphertextBase64, aadObject) {
+    const dek = await deriveDek(drk, noteId);
+    return decryptNoteWithDek(dek, noteId, ciphertextBase64, aadObject);
+}
+export async function encryptNoteWithDek(dek, noteId, content) {
+    const key = await aeadKey(dek);
+    const plaintext = new TextEncoder().encode(content);
+    const aad = new TextEncoder().encode(JSON.stringify({ note_id: noteId }));
+    const { iv, ciphertext } = await aeadEncrypt(key, plaintext, aad);
+    const payload = new Uint8Array(iv.length + ciphertext.length);
+    payload.set(iv, 0);
+    payload.set(ciphertext, iv.length);
+    return bytesToBase64(payload);
+}
+export async function decryptNoteWithDek(dek, noteId, ciphertextBase64, aadObject) {
+    if (noteId === "") {
+        // touch param to satisfy TS noUnusedParameters
+    }
+    const key = await aeadKey(dek);
+    const aad = new TextEncoder().encode(JSON.stringify(aadObject));
+    const payload = base64ToBytes(ciphertextBase64);
+    const plaintext = await aeadDecrypt(key, payload, aad);
+    return new TextDecoder().decode(plaintext);
+}
+export async function wrapPrivateKey(privateKeyJwk, drk) {
+    const salt = new TextEncoder().encode("DarkAuth|user-keys");
+    const info = new TextEncoder().encode("private-key-wrap");
+    const wrapKey = await hkdf(drk, salt, info, 32);
+    const key = await aeadKey(wrapKey);
+    const plaintext = new TextEncoder().encode(JSON.stringify(privateKeyJwk));
+    const aad = new TextEncoder().encode("user-private-key");
+    const { iv, ciphertext } = await aeadEncrypt(key, plaintext, aad);
+    const payload = new Uint8Array(iv.length + ciphertext.length);
+    payload.set(iv, 0);
+    payload.set(ciphertext, iv.length);
+    return bytesToBase64Url(payload);
+}
+export async function unwrapPrivateKey(wrappedKey, drk) {
+    const salt = new TextEncoder().encode("DarkAuth|user-keys");
+    const info = new TextEncoder().encode("private-key-wrap");
+    const wrapKey = await hkdf(drk, salt, info, 32);
+    const key = await aeadKey(wrapKey);
+    const payload = base64UrlToBytes(wrappedKey);
+    const aad = new TextEncoder().encode("user-private-key");
+    const plaintext = await aeadDecrypt(key, payload, aad);
+    return JSON.parse(new TextDecoder().decode(plaintext));
+}

package/dist/dek.d.ts

@@ -0,0 +1,2 @@
+export declare function resolveDek(noteId: string, isOwner: boolean, drk: Uint8Array): Promise<Uint8Array>;
+export declare function clearKeyCache(): void;

package/dist/dek.js

@@ -0,0 +1,40 @@
+import { compactDecrypt, importJWK } from "jose";
+import { deriveDek, unwrapPrivateKey } from "./crypto";
+import { getHooks } from "./hooks";
+let cachedPrivKey = null;
+let cachedPrivKeyPromise = null;
+async function getUserEncPrivateKey(drk) {
+    if (cachedPrivKey)
+        return cachedPrivKey;
+    if (cachedPrivKeyPromise)
+        return cachedPrivKeyPromise;
+    const hooks = getHooks();
+    if (!hooks.fetchWrappedEncPrivateJwk)
+        throw new Error("fetchWrappedEncPrivateJwk hook not set");
+    cachedPrivKeyPromise = (async () => {
+        const fetchWrapped = hooks.fetchWrappedEncPrivateJwk;
+        if (!fetchWrapped)
+            throw new Error("fetchWrappedEncPrivateJwk hook not set");
+        const wrapped = await fetchWrapped();
+        const jwk = await unwrapPrivateKey(wrapped, drk);
+        const key = await importJWK(jwk, "ECDH-ES");
+        cachedPrivKey = key;
+        return cachedPrivKey;
+    })();
+    return cachedPrivKeyPromise;
+}
+export async function resolveDek(noteId, isOwner, drk) {
+    if (isOwner)
+        return deriveDek(drk, noteId);
+    const hooks = getHooks();
+    if (!hooks.fetchNoteDek)
+        throw new Error("fetchNoteDek hook not set");
+    const jwe = await hooks.fetchNoteDek(noteId);
+    const priv = await getUserEncPrivateKey(drk);
+    const { plaintext } = await compactDecrypt(jwe, priv);
+    return new Uint8Array(plaintext);
+}
+export function clearKeyCache() {
+    cachedPrivKey = null;
+    cachedPrivKeyPromise = null;
+}

package/dist/hooks.d.ts

@@ -0,0 +1,6 @@
+export type ClientHooks = {
+    fetchNoteDek?: (noteId: string) => Promise<string>;
+    fetchWrappedEncPrivateJwk?: () => Promise<string>;
+};
+export declare function setHooks(next: ClientHooks): void;
+export declare function getHooks(): ClientHooks;

package/dist/hooks.js

@@ -0,0 +1,7 @@
+let hooks = {};
+export function setHooks(next) {
+    hooks = { ...hooks, ...next };
+}
+export function getHooks() {
+    return hooks;
+}

package/dist/index.d.ts

@@ -0,0 +1,31 @@
+export * from "./crypto";
+export * from "./dek";
+export { setHooks } from "./hooks";
+type Config = {
+    issuer: string;
+    clientId: string;
+    redirectUri: string;
+    zk?: boolean;
+};
+export interface AuthSession {
+    idToken: string;
+    drk: Uint8Array;
+    refreshToken?: string;
+}
+export interface JwtClaims {
+    sub?: string;
+    email?: string;
+    name?: string;
+    exp?: number;
+    iat?: number;
+    iss?: string;
+}
+export declare function setConfig(next: Partial<Config>): void;
+export declare function parseJwt(token: string): JwtClaims | null;
+export declare function isTokenValid(token: string): boolean;
+export declare function initiateLogin(): Promise<void>;
+export declare function handleCallback(): Promise<AuthSession | null>;
+export declare function getStoredSession(): AuthSession | null;
+export declare function refreshSession(): Promise<AuthSession | null>;
+export declare function logout(): void;
+export declare function getCurrentUser(): JwtClaims | null;

package/dist/index.js

@@ -0,0 +1,233 @@
+import { compactDecrypt } from "jose";
+export * from "./crypto";
+export * from "./dek";
+export { setHooks } from "./hooks";
+function viteEnvGet(key) {
+    try {
+        const im = import.meta || undefined;
+        return im?.env?.[key];
+    }
+    catch {
+        return undefined;
+    }
+}
+let cfg = {
+    issuer: (typeof window !== "undefined" && window.__APP_CONFIG__?.issuer) ||
+        viteEnvGet("VITE_DARKAUTH_ISSUER") ||
+        (typeof process !== "undefined" ? process.env.DARKAUTH_ISSUER : undefined) ||
+        "http://localhost:9080",
+    clientId: (typeof window !== "undefined" && window.__APP_CONFIG__?.clientId) ||
+        viteEnvGet("VITE_CLIENT_ID") ||
+        (typeof process !== "undefined" ? process.env.DARKAUTH_CLIENT_ID : undefined) ||
+        "app-web",
+    redirectUri: (typeof window !== "undefined" && window.__APP_CONFIG__?.redirectUri) ||
+        viteEnvGet("VITE_REDIRECT_URI") ||
+        (typeof window !== "undefined"
+            ? `${window.location.origin}/callback`
+            : "http://localhost:5173/callback"),
+    zk: true,
+};
+const OBFUSCATION_KEY = "DarkAuth-Storage-Protection-2025";
+export function setConfig(next) {
+    cfg = { ...cfg, ...next };
+}
+function bytesToBase64Url(bytes) {
+    let s = "";
+    for (const b of bytes)
+        s += String.fromCharCode(b);
+    return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function base64UrlToBytes(base64url) {
+    const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+    const padding = base64.length % 4 === 2 ? "==" : base64.length % 4 === 3 ? "=" : "";
+    return Uint8Array.from(atob(base64 + padding), (c) => c.charCodeAt(0));
+}
+async function sha256(bytes) {
+    const buf = bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
+    const d = await crypto.subtle.digest("SHA-256", buf);
+    return new Uint8Array(d);
+}
+function parseFragmentParams(hash) {
+    const res = {};
+    const h = hash.startsWith("#") ? hash.slice(1) : hash;
+    for (const part of h.split("&")) {
+        const i = part.indexOf("=");
+        if (i === -1)
+            continue;
+        const k = decodeURIComponent(part.slice(0, i));
+        const v = decodeURIComponent(part.slice(i + 1));
+        res[k] = v;
+    }
+    return res;
+}
+function obfuscateKey(drk) {
+    const obfKey = new TextEncoder().encode(OBFUSCATION_KEY);
+    const out = new Uint8Array(drk.length);
+    for (let i = 0; i < drk.length; i++) {
+        const a = drk[i] ?? 0;
+        const b = obfKey[i % obfKey.length] ?? 0;
+        out[i] = a ^ b;
+    }
+    return out;
+}
+function deobfuscateKey(obfuscated) {
+    return obfuscateKey(obfuscated);
+}
+export function parseJwt(token) {
+    try {
+        const parts = token.split(".");
+        if (parts.length !== 3)
+            return null;
+        const mid = parts[1];
+        const payload = JSON.parse(atob(mid.replace(/-/g, "+").replace(/_/g, "/")));
+        return payload;
+    }
+    catch {
+        return null;
+    }
+}
+export function isTokenValid(token) {
+    const claims = parseJwt(token);
+    if (!claims?.exp)
+        return false;
+    return claims.exp * 1000 > Date.now() + 5000;
+}
+export async function initiateLogin() {
+    const keyPair = await crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, [
+        "deriveKey",
+        "deriveBits",
+    ]);
+    const publicJwk = await crypto.subtle.exportKey("jwk", keyPair.publicKey);
+    const privateJwk = await crypto.subtle.exportKey("jwk", keyPair.privateKey);
+    sessionStorage.setItem("zk_eph_priv_jwk", JSON.stringify(privateJwk));
+    const zkPubParam = bytesToBase64Url(new TextEncoder().encode(JSON.stringify(publicJwk)));
+    const state = crypto.randomUUID();
+    const verifier = bytesToBase64Url(crypto.getRandomValues(new Uint8Array(32)));
+    sessionStorage.setItem("pkce_verifier", verifier);
+    const challenge = bytesToBase64Url(await sha256(new TextEncoder().encode(verifier)));
+    const authUrl = new URL("/authorize", cfg.issuer);
+    authUrl.searchParams.set("client_id", cfg.clientId);
+    authUrl.searchParams.set("redirect_uri", cfg.redirectUri);
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("scope", "openid profile");
+    authUrl.searchParams.set("state", state);
+    authUrl.searchParams.set("code_challenge", challenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    if (cfg.zk !== false)
+        authUrl.searchParams.set("zk_pub", zkPubParam);
+    location.assign(authUrl.toString());
+}
+export async function handleCallback() {
+    if (!location.search.includes("code="))
+        return null;
+    const params = new URLSearchParams(location.search);
+    const code = params.get("code");
+    if (!code)
+        return null;
+    const tokenUrl = new URL("/token", cfg.issuer);
+    const verifier = sessionStorage.getItem("pkce_verifier") || "";
+    const response = await fetch(tokenUrl.toString(), {
+        method: "POST",
+        headers: { "content-type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            client_id: cfg.clientId,
+            redirect_uri: cfg.redirectUri,
+            code_verifier: verifier,
+        }),
+    });
+    if (!response.ok) {
+        throw new Error("Token exchange failed");
+    }
+    const tokenResponse = await response.json();
+    const fragmentParams = parseFragmentParams(location.hash || "");
+    const drkJwe = fragmentParams.drk_jwe;
+    if (!drkJwe || typeof drkJwe !== "string")
+        throw new Error("Missing DRK JWE from URL fragment");
+    if (tokenResponse.zk_drk_hash) {
+        const hash = bytesToBase64Url(await sha256(new TextEncoder().encode(drkJwe)));
+        if (tokenResponse.zk_drk_hash !== hash)
+            throw new Error("DRK hash mismatch");
+    }
+    const privateJwkString = sessionStorage.getItem("zk_eph_priv_jwk");
+    if (!privateJwkString)
+        return null;
+    sessionStorage.removeItem("zk_eph_priv_jwk");
+    const privateKey = await crypto.subtle.importKey("jwk", JSON.parse(privateJwkString), { name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits", "deriveKey"]);
+    const { plaintext } = await compactDecrypt(drkJwe, privateKey);
+    const drk = new Uint8Array(plaintext);
+    const idToken = tokenResponse.id_token;
+    const refreshToken = tokenResponse.refresh_token;
+    try {
+        history.replaceState(null, "", location.origin + location.pathname);
+    }
+    catch { }
+    sessionStorage.setItem("id_token", idToken);
+    const obfuscatedDrk = obfuscateKey(drk);
+    localStorage.setItem("drk_protected", bytesToBase64Url(obfuscatedDrk));
+    if (refreshToken)
+        localStorage.setItem("refresh_token", refreshToken);
+    return { idToken, drk, refreshToken };
+}
+export function getStoredSession() {
+    const idToken = sessionStorage.getItem("id_token");
+    const obfuscatedDrkBase64 = localStorage.getItem("drk_protected");
+    if (!idToken || !obfuscatedDrkBase64)
+        return null;
+    if (!isTokenValid(idToken))
+        return null;
+    try {
+        const obfuscatedDrk = base64UrlToBytes(obfuscatedDrkBase64);
+        const drk = deobfuscateKey(obfuscatedDrk);
+        return { idToken, drk };
+    }
+    catch {
+        localStorage.removeItem("drk_protected");
+        return null;
+    }
+}
+export async function refreshSession() {
+    const refreshToken = localStorage.getItem("refresh_token");
+    if (!refreshToken)
+        return null;
+    const tokenUrl = new URL("/token", cfg.issuer);
+    const response = await fetch(tokenUrl.toString(), {
+        method: "POST",
+        headers: { "content-type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "refresh_token",
+            refresh_token: refreshToken,
+            client_id: cfg.clientId,
+        }),
+    });
+    if (!response.ok) {
+        localStorage.removeItem("refresh_token");
+        return null;
+    }
+    const tokenResponse = await response.json();
+    const idToken = tokenResponse.id_token;
+    const newRefreshToken = tokenResponse.refresh_token;
+    sessionStorage.setItem("id_token", idToken);
+    if (newRefreshToken)
+        localStorage.setItem("refresh_token", newRefreshToken);
+    const obfuscatedDrkBase64 = localStorage.getItem("drk_protected");
+    if (!obfuscatedDrkBase64)
+        return null;
+    const obfuscatedDrk = base64UrlToBytes(obfuscatedDrkBase64);
+    const drk = deobfuscateKey(obfuscatedDrk);
+    return { idToken, drk, refreshToken: newRefreshToken || refreshToken };
+}
+export function logout() {
+    sessionStorage.removeItem("id_token");
+    localStorage.removeItem("drk_protected");
+    sessionStorage.removeItem("zk_eph_priv_jwk");
+    sessionStorage.removeItem("pkce_verifier");
+    localStorage.removeItem("refresh_token");
+}
+export function getCurrentUser() {
+    const idToken = sessionStorage.getItem("id_token");
+    if (!idToken)
+        return null;
+    return parseJwt(idToken);
+}

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@darkauth/client",
+  "version": "0.1.1",
+  "license": "MIT",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepack": "npm run build",
+    "typecheck": "tsc --noEmit",
+    "prepare": "tsc",
+    "format": "biome format --write .",
+    "lint": "biome lint .",
+    "check": "biome check .",
+    "check:fix": "biome check --write .",
+    "tidy": "biome check --write . && biome lint --write ."
+  },
+  "dependencies": {
+    "jose": "^6.1.3"
+  },
+  "devDependencies": {
+    "typescript": "^5.9.3",
+    "@biomejs/biome": "^2.3.11"
+  }
+}