@enbox/auth 0.6.6 → 0.6.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -34,6 +34,7 @@ var __rest = (this && this.__rest) || function (s, e) {
|
|
|
34
34
|
return t;
|
|
35
35
|
};
|
|
36
36
|
import { Convert } from '@enbox/common';
|
|
37
|
+
import { DataStream } from '@enbox/dwn-sdk-js';
|
|
37
38
|
import { DwnInterface, DwnPermissionGrant } from '@enbox/agent';
|
|
38
39
|
import { AuthSession } from '../identity-session.js';
|
|
39
40
|
import { DEFAULT_DWN_ENDPOINTS, INSECURE_DEFAULT_PASSWORD, STORAGE_KEYS } from '../types.js';
|
|
@@ -205,15 +206,15 @@ export function resolveIdentityDids(identity, storedDelegateDid) {
|
|
|
205
206
|
*/
|
|
206
207
|
export function processConnectedGrants(params) {
|
|
207
208
|
return __awaiter(this, void 0, void 0, function* () {
|
|
208
|
-
const { agent, delegateDid, grants } = params;
|
|
209
|
+
const { agent, connectedDid, delegateDid, grants } = params;
|
|
209
210
|
const connectedProtocols = new Set();
|
|
210
211
|
for (const grantMessage of grants) {
|
|
211
212
|
const grant = DwnPermissionGrant.parse(grantMessage);
|
|
212
|
-
// Store the grant as the owner of the DWN so the delegateDid
|
|
213
|
-
// can use it when impersonating the connectedDid.
|
|
214
213
|
const { encodedData } = grantMessage, rawMessage = __rest(grantMessage, ["encodedData"]);
|
|
215
214
|
const dataStream = new Blob([Convert.base64Url(encodedData).toUint8Array()]);
|
|
216
|
-
|
|
215
|
+
// Store the grant in the delegateDid's partition so the permissions
|
|
216
|
+
// API can look it up when building delegate-signed requests.
|
|
217
|
+
const { reply: delegateReply } = yield agent.processDwnRequest({
|
|
217
218
|
store: true,
|
|
218
219
|
author: delegateDid,
|
|
219
220
|
target: delegateDid,
|
|
@@ -222,8 +223,21 @@ export function processConnectedGrants(params) {
|
|
|
222
223
|
rawMessage,
|
|
223
224
|
dataStream,
|
|
224
225
|
});
|
|
225
|
-
if (
|
|
226
|
-
throw new Error(`[@enbox/auth] Failed to
|
|
226
|
+
if (delegateReply.status.code !== 202) {
|
|
227
|
+
throw new Error(`[@enbox/auth] Failed to store grant in delegate partition: ${delegateReply.status.detail}`);
|
|
228
|
+
}
|
|
229
|
+
// Also store the grant in the connectedDid's local DWN partition.
|
|
230
|
+
// When the sync engine (or any delegate-authorized operation) processes
|
|
231
|
+
// a request against the connectedDid's tenant, the DWN needs to find
|
|
232
|
+
// the grant record there to authorize the delegate.
|
|
233
|
+
//
|
|
234
|
+
// We use processRawMessage because the delegate agent does not hold the
|
|
235
|
+
// connectedDid's private keys — we cannot re-sign the message. The
|
|
236
|
+
// rawMessage already carries valid authorization from the connectedDid
|
|
237
|
+
// (the wallet signed it), so we pass it directly to the local DWN.
|
|
238
|
+
const connectedReply = yield agent.dwn.processRawMessage(connectedDid, rawMessage, { dataStream: DataStream.fromBytes(Convert.base64Url(encodedData).toUint8Array()) });
|
|
239
|
+
if (connectedReply.status.code !== 202 && connectedReply.status.code !== 409) {
|
|
240
|
+
throw new Error(`[@enbox/auth] Failed to store grant in connected partition: ${connectedReply.status.detail}`);
|
|
227
241
|
}
|
|
228
242
|
const protocol = grant.scope.protocol;
|
|
229
243
|
if (protocol) {
|
|
@@ -261,6 +275,7 @@ export function importDelegateAndSetupSync(params) {
|
|
|
261
275
|
});
|
|
262
276
|
const connectedProtocols = yield processConnectedGrants({
|
|
263
277
|
agent: userAgent,
|
|
278
|
+
connectedDid,
|
|
264
279
|
delegateDid: delegatePortableDid.uri,
|
|
265
280
|
grants: delegateGrants,
|
|
266
281
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lifecycle.js","sourceRoot":"","sources":["../../../src/connect/lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;AASH,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"lifecycle.js","sourceRoot":"","sources":["../../../src/connect/lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;AASH,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAGxC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAEhE,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAyB7F,oEAAoE;AAEpE;;;;;;;;;;;;GAYG;AACH,MAAM,UAAgB,eAAe,CACnC,GAA8D,EAC9D,QAA4B,EAC5B,aAAsB;;QAEtB,IAAI,QAAQ,GAAG,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,GAAG,CAAC,eAAe,CAAC;QAE/C,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,GAAG,CAAC,gBAAgB,CAAC,WAAW,CAAC;oBAChD,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;iBAC5C,CAAC,CAAC;YACL,CAAC;YAAC,WAAM,CAAC;gBACP,sDAAsD;YACxD,CAAC;QACH,CAAC;QAED,QAAQ,aAAR,QAAQ,cAAR,QAAQ,IAAR,QAAQ,GAAK,yBAAyB,EAAC;QAEvC,IAAI,QAAQ,KAAK,yBAAyB,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CACV,2EAA2E;gBAC3E,+EAA+E;gBAC/E,iCAAiC,CAClC,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CAAA;AAED,oEAAoE;AAEpE;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAgB,gBAAgB,CAAC,MAOtC;;QACC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QAC/D,IAAI,cAAkC,CAAC;QAEvC,IAAI,aAAa,EAAE,CAAC;YAClB,cAAc,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC;gBAC1C,QAAQ;gBACR,cAAc,EAAG,MAAM,CAAC,cAAc;gBACtC,YAAY,EAAK,MAAM,CAAC,YAAY;aACrC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAEnC,OAAO,cAAc,CAAC;IACxB,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAChC,SAAyB,EACzB,IAA4B;IAE5B,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACnB,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACtD,MAAM,YAAY,GAAG,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEjE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;SACjE,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;QACtB,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACP,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;GAQG;AACH,MAAM,UAAgB,qBAAqB;yDACzC,SAAyB,EACzB,eAAyB,qBAAqB,EAC9C,IAAI,GAAG,SAAS;QAEhB,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC/B,SAAS,EAAI,KAAK;YAClB,QAAQ,EAAK,EAAE,IAAI,EAAE;YACrB,UAAU,EAAG;gBACX,QAAQ,EAAE;oBACR;wBACE,EAAE,EAAgB,KAAK;wBACvB,IAAI,EAAc,sBAAsB;wBACxC,eAAe,EAAG,YAAY;qBAC/B;iBACF;gBACD,mBAAmB,EAAE;oBACnB;wBACE,SAAS,EAAG,SAAS;wBACrB,EAAE,EAAU,KAAK;wBACjB,QAAQ,EAAI,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;qBAClD;oBACD;wBACE,SAAS,EAAG,QAAQ;wBACpB,EAAE,EAAU,KAAK;wBACjB,QAAQ,EAAI,CAAC,cAAc,CAAC;qBAC7B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAwB,EACxB,iBAA0B;;IAK1B,MAAM,YAAY,GAAG,MAAA,QAAQ,CAAC,QAAQ,CAAC,YAAY,mCAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;IACxE,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY;QAChD,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG;QAClB,CAAC,CAAC,CAAC,iBAAiB,aAAjB,iBAAiB,cAAjB,iBAAiB,GAAI,SAAS,CAAC,CAAC;IACrC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;AACvC,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;GAQG;AACH,MAAM,UAAgB,sBAAsB,CAAC,MAK5C;;QACC,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAC5D,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;QAE7C,KAAK,MAAM,YAAY,IAAI,MAAM,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAErD,MAAM,EAAE,WAAW,KAAoB,YAAY,EAA3B,UAAU,UAAK,YAAY,EAA7C,eAA8B,CAAe,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,YAAY,EAAc,CAAC,CAAC,CAAC;YAEzF,oEAAoE;YACpE,6DAA6D;YAC7D,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,KAAK,CAAC,iBAAiB,CAAC;gBAC7D,KAAK,EAAS,IAAI;gBAClB,MAAM,EAAQ,WAAW;gBACzB,MAAM,EAAQ,WAAW;gBACzB,WAAW,EAAG,YAAY,CAAC,YAAY;gBACvC,WAAW,EAAG,IAAI;gBAClB,UAAU;gBACV,UAAU;aACX,CAAC,CAAC;YAEH,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;gBACtC,MAAM,IAAI,KAAK,CACb,8DAA8D,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,CAC5F,CAAC;YACJ,CAAC;YAED,kEAAkE;YAClE,wEAAwE;YACxE,qEAAqE;YACrE,oDAAoD;YACpD,EAAE;YACF,wEAAwE;YACxE,oEAAoE;YACpE,uEAAuE;YACvE,mEAAmE;YACnE,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,iBAAiB,CACtD,YAAY,EACZ,UAA4B,EAC5B,EAAE,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,YAAY,EAAE,CAAC,EAAE,CACpF,CAAC;YAEF,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;gBAC7E,MAAM,IAAI,KAAK,CACb,+DAA+D,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,CAC9F,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAI,KAAK,CAAC,KAAgE,CAAC,QAAQ,CAAC;YAClG,IAAI,QAAQ,EAAE,CAAC;gBACb,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,kBAAkB,CAAC,CAAC;IACjC,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;;;;GAQG;AACH,MAAM,UAAgB,0BAA0B,CAAC,MAMhD;;QACC,MAAM,EAAE,SAAS,EAAE,mBAAmB,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAE1F,IAAI,QAAoC,CAAC;QACzC,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACzC,gBAAgB,EAAE;oBAChB,WAAW,EAAG,mBAAmB;oBACjC,QAAQ,EAAM;wBACZ,YAAY;wBACZ,IAAI,EAAK,SAAS;wBAClB,GAAG,EAAM,mBAAmB,CAAC,GAAG;wBAChC,MAAM,EAAG,SAAS,CAAC,QAAQ,CAAC,GAAG;qBAChC;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,kBAAkB,GAAG,MAAM,sBAAsB,CAAC;gBACtD,KAAK,EAAS,SAAS;gBACvB,YAAY;gBACZ,WAAW,EAAG,mBAAmB,CAAC,GAAG;gBACrC,MAAM,EAAQ,cAAc;aAC7B,CAAC,CAAC;YAEH,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC;gBACpC,GAAG,EAAO,YAAY;gBACtB,OAAO,EAAG;oBACR,WAAW,EAAG,mBAAmB,CAAC,GAAG;oBACrC,SAAS,EAAK,kBAAkB;iBACjC;aACF,CAAC,CAAC;YAEH,qEAAqE;YACrE,oEAAoE;YACpE,mEAAmE;YACnE,yCAAyC;YAEzC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC;oBACH,MAAM,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC;wBACzB,MAAM,EAAM,QAAQ,CAAC,GAAG,CAAC,GAAG;wBAC5B,MAAM,EAAM,QAAQ,CAAC,QAAQ,CAAC,MAAM;wBACpC,SAAS,EAAG,IAAI;qBACjB,CAAC,CAAC;gBACL,CAAC;gBAAC,QAAQ,iBAAiB,IAAnB,CAAC,CAAC,iBAAiB,CAAC,CAAC;gBAE7B,IAAI,CAAC;oBACH,MAAM,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;gBAChE,CAAC;gBAAC,QAAQ,iBAAiB,IAAnB,CAAC,CAAC,iBAAiB,CAAC,CAAC;YAC/B,CAAC;YAED,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,YAAY,OAAO,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;;GAMG;AACH,MAAM,UAAgB,uBAAuB,CAAC,MAQ7C;;QACC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;QAE1F,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAEpC,OAAO,eAAe,CAAC;YACrB,SAAS;YACT,OAAO;YACP,OAAO;YACP,YAAY;YACZ,WAAW;YACX,YAAY,EAAW,QAAQ,CAAC,QAAQ,CAAC,IAAI;YAC7C,oBAAoB,EAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY;YACrD,gBAAgB,EAAO;gBACrB,CAAC,YAAY,CAAC,YAAY,CAAC,EAAI,WAAW;gBAC1C,CAAC,YAAY,CAAC,aAAa,CAAC,EAAG,YAAY;aAC5C;SACF,CAAC,CAAC;IACL,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAgB,eAAe,CAAC,MAWrC;;QACC,MAAM,EACJ,SAAS,EACT,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,iBAAiB,GAAG,IAAI,EACxB,gBAAgB,GACjB,GAAG,MAAM,CAAC;QAEX,2BAA2B;QAC3B,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAE9D,IAAI,gBAAgB,EAAE,CAAC;YACrB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC5D,MAAM,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,0DAA0D;QAC1D,MAAM,YAAY,GAAiB;YACjC,MAAM,EAAS,YAAY;YAC3B,IAAI,EAAW,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,OAAO;YACtC,YAAY,EAAG,oBAAoB;SACpC,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC;YAC9B,KAAK,EAAM,SAAS;YACpB,GAAG,EAAQ,YAAY;YACvB,WAAW;YACX,cAAc;YACd,QAAQ,EAAG,YAAY;SACxB,CAAC,CAAC;QAEH,IAAI,iBAAiB,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE;YAC5B,OAAO,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;SACpE,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;CAAA"}
|
|
@@ -130,6 +130,7 @@ export declare function resolveIdentityDids(identity: BearerIdentity, storedDele
|
|
|
130
130
|
*/
|
|
131
131
|
export declare function processConnectedGrants(params: {
|
|
132
132
|
agent: EnboxUserAgent;
|
|
133
|
+
connectedDid: string;
|
|
133
134
|
delegateDid: string;
|
|
134
135
|
grants: DwnDataEncodedRecordsWriteMessage[];
|
|
135
136
|
}): Promise<string[]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../../src/connect/lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,cAAc,EAAE,iCAAiC,EAAyD,cAAc,EAAE,MAAM,cAAc,CAAC;AAE7J,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAgB,mBAAmB,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../../src/connect/lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,cAAc,EAAE,iCAAiC,EAAyD,cAAc,EAAE,MAAM,cAAc,CAAC;AAE7J,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAgB,mBAAmB,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAQjG,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAKrD;;;;;;;;;GASG;AACH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,IAAI,CAAC,WAAW,EAAE,iBAAiB,GAAG,kBAAkB,CAAC,EAC9D,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,MAAM,CAAC,CAwBjB;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE;IAC7C,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgB9B;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,cAAc,EACzB,IAAI,EAAE,UAAU,GAAG,SAAS,GAC3B,IAAI,CAYN;AAID;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,cAAc,EACzB,YAAY,GAAE,MAAM,EAA0B,EAC9C,IAAI,SAAY,GACf,OAAO,CAAC,cAAc,CAAC,CA0BzB;AAID;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,MAAM,GACzB;IACD,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;CACjC,CAMA;AAID;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,KAAK,EAAE,cAAc,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,iCAAiC,EAAE,CAAC;CAC7C,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAwDpB;AAID;;;;;;;;GAQG;AACH,wBAAsB,0BAA0B,CAAC,MAAM,EAAE;IACvD,SAAS,EAAE,cAAc,CAAC;IAC1B,mBAAmB,EAAE,WAAW,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,iCAAiC,EAAE,CAAC;IACpD,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,OAAO,CAAC,cAAc,CAAC,CAwD1B;AAID;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,EAAE;IACpD,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,QAAQ,EAAE,cAAc,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,UAAU,GAAG,SAAS,CAAC;CAC9B,GAAG,OAAO,CAAC,WAAW,CAAC,CAkBvB;AAID;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,eAAe,CAAC,MAAM,EAAE;IAC5C,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C,GAAG,OAAO,CAAC,WAAW,CAAC,CAiDvB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@enbox/auth",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.8",
|
|
4
4
|
"description": "Headless authentication and identity management SDK for Enbox",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/esm/index.js",
|
|
@@ -56,7 +56,7 @@
|
|
|
56
56
|
"bun": ">=1.0.0"
|
|
57
57
|
},
|
|
58
58
|
"dependencies": {
|
|
59
|
-
"@enbox/agent": "0.5.
|
|
59
|
+
"@enbox/agent": "0.5.5",
|
|
60
60
|
"@enbox/common": "0.1.0",
|
|
61
61
|
"@enbox/crypto": "0.1.0",
|
|
62
62
|
"@enbox/dids": "0.1.0",
|
package/src/connect/lifecycle.ts
CHANGED
|
@@ -22,6 +22,9 @@ import type { PasswordProvider } from '../password-provider.js';
|
|
|
22
22
|
import type { IdentityInfo, RegistrationOptions, StorageAdapter, SyncOption } from '../types.js';
|
|
23
23
|
|
|
24
24
|
import { Convert } from '@enbox/common';
|
|
25
|
+
import type { GenericMessage } from '@enbox/dwn-sdk-js';
|
|
26
|
+
|
|
27
|
+
import { DataStream } from '@enbox/dwn-sdk-js';
|
|
25
28
|
import { DwnInterface, DwnPermissionGrant } from '@enbox/agent';
|
|
26
29
|
|
|
27
30
|
import { AuthSession } from '../identity-session.js';
|
|
@@ -256,21 +259,22 @@ export function resolveIdentityDids(
|
|
|
256
259
|
*/
|
|
257
260
|
export async function processConnectedGrants(params: {
|
|
258
261
|
agent: EnboxUserAgent;
|
|
262
|
+
connectedDid: string;
|
|
259
263
|
delegateDid: string;
|
|
260
264
|
grants: DwnDataEncodedRecordsWriteMessage[];
|
|
261
265
|
}): Promise<string[]> {
|
|
262
|
-
const { agent, delegateDid, grants } = params;
|
|
266
|
+
const { agent, connectedDid, delegateDid, grants } = params;
|
|
263
267
|
const connectedProtocols = new Set<string>();
|
|
264
268
|
|
|
265
269
|
for (const grantMessage of grants) {
|
|
266
270
|
const grant = DwnPermissionGrant.parse(grantMessage);
|
|
267
271
|
|
|
268
|
-
// Store the grant as the owner of the DWN so the delegateDid
|
|
269
|
-
// can use it when impersonating the connectedDid.
|
|
270
272
|
const { encodedData, ...rawMessage } = grantMessage;
|
|
271
273
|
const dataStream = new Blob([Convert.base64Url(encodedData).toUint8Array() as BlobPart]);
|
|
272
274
|
|
|
273
|
-
|
|
275
|
+
// Store the grant in the delegateDid's partition so the permissions
|
|
276
|
+
// API can look it up when building delegate-signed requests.
|
|
277
|
+
const { reply: delegateReply } = await agent.processDwnRequest({
|
|
274
278
|
store : true,
|
|
275
279
|
author : delegateDid,
|
|
276
280
|
target : delegateDid,
|
|
@@ -280,9 +284,30 @@ export async function processConnectedGrants(params: {
|
|
|
280
284
|
dataStream,
|
|
281
285
|
});
|
|
282
286
|
|
|
283
|
-
if (
|
|
287
|
+
if (delegateReply.status.code !== 202) {
|
|
288
|
+
throw new Error(
|
|
289
|
+
`[@enbox/auth] Failed to store grant in delegate partition: ${delegateReply.status.detail}`
|
|
290
|
+
);
|
|
291
|
+
}
|
|
292
|
+
|
|
293
|
+
// Also store the grant in the connectedDid's local DWN partition.
|
|
294
|
+
// When the sync engine (or any delegate-authorized operation) processes
|
|
295
|
+
// a request against the connectedDid's tenant, the DWN needs to find
|
|
296
|
+
// the grant record there to authorize the delegate.
|
|
297
|
+
//
|
|
298
|
+
// We use processRawMessage because the delegate agent does not hold the
|
|
299
|
+
// connectedDid's private keys — we cannot re-sign the message. The
|
|
300
|
+
// rawMessage already carries valid authorization from the connectedDid
|
|
301
|
+
// (the wallet signed it), so we pass it directly to the local DWN.
|
|
302
|
+
const connectedReply = await agent.dwn.processRawMessage(
|
|
303
|
+
connectedDid,
|
|
304
|
+
rawMessage as GenericMessage,
|
|
305
|
+
{ dataStream: DataStream.fromBytes(Convert.base64Url(encodedData).toUint8Array()) },
|
|
306
|
+
);
|
|
307
|
+
|
|
308
|
+
if (connectedReply.status.code !== 202 && connectedReply.status.code !== 409) {
|
|
284
309
|
throw new Error(
|
|
285
|
-
`[@enbox/auth] Failed to
|
|
310
|
+
`[@enbox/auth] Failed to store grant in connected partition: ${connectedReply.status.detail}`
|
|
286
311
|
);
|
|
287
312
|
}
|
|
288
313
|
|
|
@@ -331,6 +356,7 @@ export async function importDelegateAndSetupSync(params: {
|
|
|
331
356
|
|
|
332
357
|
const connectedProtocols = await processConnectedGrants({
|
|
333
358
|
agent : userAgent,
|
|
359
|
+
connectedDid,
|
|
334
360
|
delegateDid : delegatePortableDid.uri,
|
|
335
361
|
grants : delegateGrants,
|
|
336
362
|
});
|