npm - @dfns/sdk - Versions diffs - 0.1.0-alpha.1 → 0.1.0-alpha.2 - Mend

@dfns/sdk 0.1.0-alpha.1 → 0.1.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/baseAuthApi.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
-import { AllowCredential, FirstFactorAssertion, SecondFactorAssertion } from './signer';
+import { FirstFactorAttestation, RecoveryFactorAttestation, SecondFactorAttestation, UserRegistrationChallenge } from './store';
+import { AllowCredential, CredentialKind, FirstFactorAssertion, SecondFactorAssertion } from './signer';
 import { HttpMethod } from './utils/fetch';
 export type DfnsBaseApiOptions = {
     appId: string;
@@ -12,7 +13,6 @@ export type CreateUserActionChallengeRequest = {
     userActionHttpPath: string;
     userActionServerKind: 'Api';
 };
-export type CredentialKind = 'Key' | 'Fido2' | 'Password' | 'Totp';
 export type CredentialFactor = 'first' | 'second' | 'either';
 export type UserActionChallengeResponse = {
     supportedCredentialKinds: {
@@ -41,13 +41,38 @@ export type CreateUserLoginChallengeRequest = {
     orgId: string;
 };
 export type UserLoginChallengeResponse = UserActionChallengeResponse;
-export type SignUserLoginChallengeRequest = SignUserActionChallengeRequest;
+export type CreateUserLoginRequest = SignUserActionChallengeRequest;
 export type UserLoginResponse = {
     token: string;
 };
+export type CreateUserRegistrationChallengeRequest = {
+    orgId: string;
+    username: string;
+    registrationCode: string;
+};
+export type UserRegistrationChallengeResponse = UserRegistrationChallenge;
+export type CreateUserRegistrationRequest = {
+    firstFactorCredential: FirstFactorAttestation;
+    secondFactorCredential?: SecondFactorAttestation;
+    recoveryCredential?: RecoveryFactorAttestation;
+};
+export type UserRegistrationResponse = {
+    credential: {
+        uuid: string;
+        kind: CredentialKind;
+        name: string;
+    };
+    user: {
+        id: string;
+        username: string;
+        orgId: string;
+    };
+};
 export declare class BaseAuthApi {
     static createUserActionChallenge(request: CreateUserActionChallengeRequest, options: DfnsBaseApiOptions): Promise<UserActionChallengeResponse>;
     static signUserActionChallenge(request: SignUserActionChallengeRequest, options: DfnsBaseApiOptions): Promise<UserActionResponse>;
     static createUserLoginChallenge(request: CreateUserLoginChallengeRequest, options: DfnsBaseApiOptions): Promise<UserLoginChallengeResponse>;
-    static signUserLoginChallenge(request: SignUserLoginChallengeRequest, options: DfnsBaseApiOptions): Promise<UserLoginResponse>;
+    static createUserLogin(request: CreateUserLoginRequest, options: DfnsBaseApiOptions): Promise<UserLoginResponse>;
+    static createUserRegistrationChallenge(request: CreateUserRegistrationChallengeRequest, options: DfnsBaseApiOptions): Promise<UserRegistrationChallengeResponse>;
+    static createUserRegistration(request: CreateUserRegistrationRequest, options: DfnsBaseApiOptions): Promise<UserRegistrationResponse>;
 }

package/baseAuthApi.js CHANGED Viewed

@@ -27,7 +27,7 @@ class BaseAuthApi {
         });
         return response.json();
     }
-    static async signUserLoginChallenge(request, options) {
+    static async createUserLogin(request, options) {
         const response = await (0, fetch_1.simpleFetch)('/auth/login', {
             method: 'POST',
             body: request,
@@ -35,5 +35,21 @@ class BaseAuthApi {
         });
         return response.json();
     }
+    static async createUserRegistrationChallenge(request, options) {
+        const response = await (0, fetch_1.simpleFetch)('/auth/registration/init', {
+            method: 'POST',
+            body: request,
+            apiOptions: options,
+        });
+        return response.json();
+    }
+    static async createUserRegistration(request, options) {
+        const response = await (0, fetch_1.simpleFetch)('/auth/registration', {
+            method: 'POST',
+            body: request,
+            apiOptions: options,
+        });
+        return response.json();
+    }
 }
 exports.BaseAuthApi = BaseAuthApi;

package/dfnsApiClient.d.ts CHANGED Viewed

@@ -8,9 +8,9 @@ import { PolicyExecutionClient } from './codegen/PolicyExecution';
 import { PolicyManagementClient } from './codegen/PolicyManagement';
 import { PublicKeysClient } from './codegen/PublicKeys';
 import { WalletsClient } from './codegen/Wallets';
-import { Signer } from './signer';
+import { CredentialSigner } from './signer';
 export type DfnsApiClientOptions = DfnsBaseApiOptions & {
-    signer: Signer;
+    signer: CredentialSigner;
 };
 export declare class DfnsApiClient {
     private apiOptions;

package/dfnsAuthenticator.d.ts CHANGED Viewed

@@ -1,11 +1,17 @@
-import { CreateUserLoginChallengeRequest, UserLoginResponse } from './baseAuthApi';
-import { DfnsApiClientOptions } from './dfnsApiClient';
+import { CredentialStore } from './store';
+import { CredentialSigner } from './signer';
+import { CreateUserLoginChallengeRequest, CreateUserRegistrationChallengeRequest, DfnsBaseApiOptions, UserLoginResponse, UserRegistrationResponse } from './baseAuthApi';
 export type LoginRequest = CreateUserLoginChallengeRequest;
 export type LoginResponse = UserLoginResponse;
-export type DfnsAuthenticatorOptions = Omit<DfnsApiClientOptions, 'accessToken'>;
+export type RegisterRequest = CreateUserRegistrationChallengeRequest;
+export type RegisterResponse = UserRegistrationResponse;
+export type DfnsAuthenticatorOptions = Omit<DfnsBaseApiOptions, 'accessToken'> & {
+    signer: CredentialSigner & Partial<CredentialStore>;
+};
 export declare class DfnsAuthenticator {
     private apiOptions;
     private api;
     constructor(apiOptions: DfnsAuthenticatorOptions);
     login(request: LoginRequest): Promise<LoginResponse>;
+    register(request: RegisterRequest): Promise<RegisterResponse>;
 }

package/dfnsAuthenticator.js CHANGED Viewed

@@ -8,11 +8,22 @@ class DfnsAuthenticator {
     }
     async login(request) {
         const { challenge, challengeIdentifier, allowCredentials } = await baseAuthApi_1.BaseAuthApi.createUserLoginChallenge(request, this.apiOptions);
-        const assertions = await this.apiOptions.signer.sign(challenge, allowCredentials);
-        return baseAuthApi_1.BaseAuthApi.signUserLoginChallenge({
+        const assertion = await this.apiOptions.signer.sign(challenge, allowCredentials);
+        return baseAuthApi_1.BaseAuthApi.createUserLogin({
             challengeIdentifier,
-            ...assertions,
+            firstFactor: assertion,
         }, this.apiOptions);
     }
+    async register(request) {
+        if (!this.apiOptions.signer.create) {
+            throw new Error(`Provided signer does not implement 'create'`);
+        }
+        const challenge = await baseAuthApi_1.BaseAuthApi.createUserRegistrationChallenge(request, this.apiOptions);
+        const attestation = await this.apiOptions.signer.create(challenge);
+        return baseAuthApi_1.BaseAuthApi.createUserRegistration({ firstFactorCredential: attestation }, {
+            ...this.apiOptions,
+            accessToken: challenge.temporaryAuthenticationToken,
+        });
+    }
 }
 exports.DfnsAuthenticator = DfnsAuthenticator;

package/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 export * from './dfnsApiClient';
 export * from './dfnsAuthenticator';
+export * from './dfnsDelegatedApiClient';
 export * from './dfnsError';

package/index.js CHANGED Viewed

@@ -16,4 +16,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./dfnsApiClient"), exports);
 __exportStar(require("./dfnsAuthenticator"), exports);
+__exportStar(require("./dfnsDelegatedApiClient"), exports);
 __exportStar(require("./dfnsError"), exports);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dfns/sdk",
-  "version": "0.1.0-alpha.1",
+  "version": "0.1.0-alpha.2",
   "dependencies": {
     "buffer": "^6.0.3",
     "cross-fetch": "^3.1.6",

package/signer.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+export type CredentialKind = 'Key' | 'Fido2' | 'Password' | 'Totp' | 'RecoveryKey';
 export type CredentialTransport = 'usb' | 'nfc' | 'ble' | 'internal';
 export type AllowCredential = {
     type: 'public-key';
@@ -5,43 +6,37 @@ export type AllowCredential = {
     transports: CredentialTransport[];
 };
 export type KeyAssertion = {
-    credId: string;
-    clientData: string;
-    signature: string;
+    kind: 'Key';
+    credentialAssertion: {
+        credId: string;
+        clientData: string;
+        signature: string;
+    };
 };
 export type Fido2Assertion = {
-    credId: string;
-    clientData: string;
-    authenticatorData: string;
-    signature: string;
-    userHandle?: string;
-};
-export type FirstFactorAssertion = {
-    kind: 'Key';
-    credentialAssertion: KeyAssertion;
-} | {
     kind: 'Fido2';
-    credentialAssertion: Fido2Assertion;
-} | {
+    credentialAssertion: {
+        credId: string;
+        clientData: string;
+        authenticatorData: string;
+        signature: string;
+        userHandle?: string;
+    };
+};
+export type PasswordAssertion = {
     kind: 'Password';
     password: string;
 };
-export type SecondFactorAssertion = {
-    kind: 'Key';
-    credentialAssertion: KeyAssertion;
-} | {
-    kind: 'Fido2';
-    credentialAssertion: Fido2Assertion;
-} | {
+export type TotpAssertion = {
     kind: 'Totp';
     otpCode: string;
 };
-export interface Signer {
+export type FirstFactorAssertion = KeyAssertion | Fido2Assertion | PasswordAssertion;
+export type SecondFactorAssertion = KeyAssertion | Fido2Assertion | TotpAssertion;
+export type CredentialAssertion = KeyAssertion | Fido2Assertion | PasswordAssertion | TotpAssertion;
+export interface CredentialSigner<T extends CredentialAssertion = FirstFactorAssertion> {
     sign(challenge: string, allowCredentials: {
         key: AllowCredential[];
         webauthn: AllowCredential[];
-    }): Promise<{
-        firstFactor: FirstFactorAssertion;
-        secondFactor?: SecondFactorAssertion;
-    }>;
+    }): Promise<T>;
 }

package/store.d.ts ADDED Viewed

@@ -0,0 +1,79 @@
+import { AllowCredential, CredentialKind } from './signer';
+export type AuthenticatorAttachment = 'platform' | 'cross-platform';
+export type ResidentKeyRequirement = 'required' | 'preferred' | 'discouraged';
+export type UserVerificationRequirement = 'required' | 'preferred' | 'discouraged';
+export type AttestationConveyancePreference = 'none' | 'indirect' | 'direct' | 'enterprise';
+export type UserRegistrationChallenge = {
+    temporaryAuthenticationToken: string;
+    rp: {
+        id: string;
+        name: string;
+    };
+    user: {
+        id: string;
+        name: string;
+        displayName: string;
+    };
+    supportedCredentialKinds: {
+        firstFactor: CredentialKind[];
+        secondFactor: CredentialKind[];
+    };
+    otpUrl: string;
+    challenge: string;
+    authenticatorSelection: {
+        authenticatorAttachment?: AuthenticatorAttachment;
+        requireResidentKey: boolean;
+        residentKey: ResidentKeyRequirement;
+        userVerification: UserVerificationRequirement;
+    };
+    attestation: AttestationConveyancePreference;
+    pubKeyCredParams: {
+        type: 'public-key';
+        alg: number;
+    }[];
+    excludeCredentials: AllowCredential[];
+};
+export type KeyAttestation = {
+    credentialKind: 'Key';
+    credentialInfo: {
+        credId: string;
+        clientData: string;
+        attestationData: string;
+    };
+};
+export type Fido2Attestation = {
+    credentialKind: 'Fido2';
+    credentialInfo: {
+        credId: string;
+        clientData: string;
+        attestationData: string;
+    };
+};
+export type PasswordAttestation = {
+    credentialKind: 'Password';
+    credentialInfo: {
+        password: string;
+    };
+};
+export type TotpAttestation = {
+    credentialKind: 'Totp';
+    credentialInfo: {
+        otpCode: string;
+    };
+};
+export type FirstFactorAttestation = KeyAttestation | Fido2Attestation | PasswordAttestation;
+export type SecondFactorAttestation = KeyAttestation | Fido2Attestation | TotpAttestation;
+export type RecoveryKeyAttestation = {
+    credentialKind: 'RecoveryKey';
+    credentialInfo: {
+        credId: string;
+        clientData: string;
+        attestationData: string;
+    };
+    encryptedPrivateKey?: string;
+};
+export type RecoveryFactorAttestation = RecoveryKeyAttestation;
+export type CredentialAttestation = KeyAttestation | Fido2Attestation | PasswordAttestation | TotpAttestation | RecoveryKeyAttestation;
+export interface CredentialStore<T extends CredentialAttestation = FirstFactorAttestation> {
+    create(challenge: UserRegistrationChallenge): Promise<T>;
+}

package/store.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/utils/fetch.js CHANGED Viewed

@@ -33,7 +33,7 @@ const errorHandler = (fetch) => {
         }
         else {
             const body = await response.json();
-            throw new dfnsError_1.DfnsError(response.status, body.message, body);
+            throw new dfnsError_1.DfnsError(response.status, body.error.message, body.error);
         }
     };
 };
@@ -72,10 +72,10 @@ const userAction = (fetch) => {
                 userActionServerKind: 'Api',
             }, options.apiOptions);
             const { signer } = options.apiOptions;
-            const assertions = await signer.sign(challenge, allowCredentials);
+            const assertion = await signer.sign(challenge, allowCredentials);
             const { userAction } = await baseAuthApi_1.BaseAuthApi.signUserActionChallenge({
                 challengeIdentifier,
-                ...assertions,
+                firstFactor: assertion,
             }, options.apiOptions);
             options.headers = {
                 'x-dfns-useraction': userAction,