@flarcos/kiota-authentication-gnap 0.1.0

package/dist/types.d.ts

@@ -0,0 +1,145 @@
+/**
+ * GNAP (RFC 9635) types for grant requests, responses, and token management.
+ * @see https://www.rfc-editor.org/rfc/rfc9635.html
+ */
+export interface GnapClientKey {
+    /** JWK representation of the client's public key */
+    jwk: JsonWebKey;
+    /** Key proof method — we use "httpsig" for RFC 9421 */
+    proof: "httpsig" | "mtls" | "jwsd" | "jws";
+}
+export interface GnapClientInstance {
+    /** Client key for proving possession */
+    key: GnapClientKey;
+    /** Client identifier (e.g. wallet address URL) */
+    class_id?: string;
+    /** Display information */
+    display?: {
+        name?: string;
+        uri?: string;
+    };
+}
+export interface GnapAccessRight {
+    /** Type of resource (e.g. "incoming-payment", "outgoing-payment", "quote") */
+    type: string;
+    /** Permitted actions (e.g. ["create", "read"]) */
+    actions: string[];
+    /** Resource owner identifier (e.g. wallet address URL) */
+    identifier?: string;
+    /** Specific limits on the access */
+    limits?: Record<string, unknown>;
+}
+export interface GnapGrantRequest {
+    /** Requested access token(s) */
+    access_token: {
+        access: GnapAccessRight[];
+    };
+    /** Client instance identification */
+    client: string | GnapClientInstance;
+    /** Interaction modes */
+    interact?: {
+        start: ("redirect" | "app" | "user_code" | "user_code_uri")[];
+        finish?: {
+            method: "redirect" | "push";
+            uri: string;
+            nonce: string;
+        };
+    };
+}
+export interface GnapAccessToken {
+    /** Opaque access token value */
+    value: string;
+    /** Token management URL */
+    manage?: string;
+    /** Access rights granted */
+    access: GnapAccessRight[];
+    /** Seconds until expiration */
+    expires_in?: number;
+    /** Token flags */
+    flags?: string[];
+}
+export interface GnapGrantResponse {
+    /** Access token (for non-interactive grants or after continuation) */
+    access_token?: GnapAccessToken;
+    /** Continuation information */
+    continue?: {
+        uri: string;
+        wait?: number;
+        access_token: {
+            value: string;
+        };
+    };
+    /** Interaction information */
+    interact?: {
+        redirect?: string;
+        app?: string;
+        user_code?: string;
+        user_code_uri?: string;
+        finish?: string;
+    };
+    /** Dynamically bound instance identifier */
+    instance_id?: string;
+    /** Error response */
+    error?: {
+        code: string;
+        description?: string;
+    };
+}
+export interface StoredGnapToken {
+    /** The access token */
+    token: GnapAccessToken;
+    /** When the token was acquired (epoch ms) */
+    acquiredAt: number;
+    /** The authorization server URL this token was issued from */
+    authServerUrl: string;
+    /** The continue URI for this grant (if applicable) */
+    continueUri?: string;
+    /** The continue access token */
+    continueAccessToken?: string;
+}
+export interface InteractionResult {
+    /** The interact_ref returned by the AS after user consent */
+    interactRef: string;
+    /** The interaction hash for verification */
+    hash: string;
+}
+export interface GnapAuthenticationProviderOptions {
+    /** Authorization Server grant endpoint URL */
+    authServerUrl: string;
+    /** Client's Ed25519 private key in PEM format or as CryptoKey */
+    privateKey: CryptoKey | string;
+    /** Client's Ed25519 public key in JWK format (derived from private if not provided) */
+    publicKeyJwk?: JsonWebKey;
+    /** Client identifier (e.g. wallet address URL for Open Payments) */
+    clientIdentifier: string;
+    /** Access rights to request in the grant */
+    accessRights: GnapAccessRight[];
+    /** Interaction configuration for interactive grants */
+    interact?: {
+        start: ("redirect" | "app")[];
+        finish?: {
+            method: "redirect" | "push";
+            uri: string;
+            nonce: string;
+        };
+    };
+    /** Custom interaction handler (for redirect/polling flows) */
+    interactionHandler?: InteractionHandler;
+    /** Token store implementation (defaults to in-memory) */
+    tokenStore?: GnapTokenStore;
+    /** Allowed hosts for this auth provider */
+    allowedHosts?: string[];
+}
+export interface InteractionHandler {
+    /** Handle redirect-based interaction. Called when the AS returns a redirect URL. */
+    handleRedirect(redirectUrl: string, nonce: string): Promise<InteractionResult>;
+}
+export interface GnapTokenStore {
+    /** Get a cached token for the given key (typically auth server URL) */
+    get(key: string): Promise<StoredGnapToken | undefined>;
+    /** Store a token */
+    set(key: string, token: StoredGnapToken): Promise<void>;
+    /** Delete a token */
+    delete(key: string): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,WAAW,aAAa;IAC5B,oDAAoD;IACpD,GAAG,EAAE,UAAU,CAAC;IAChB,uDAAuD;IACvD,KAAK,EAAE,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC;CAC5C;AAED,MAAM,WAAW,kBAAkB;IACjC,wCAAwC;IACxC,GAAG,EAAE,aAAa,CAAC;IACnB,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAID,MAAM,WAAW,eAAe;IAC9B,8EAA8E;IAC9E,IAAI,EAAE,MAAM,CAAC;IACb,kDAAkD;IAClD,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,0DAA0D;IAC1D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAID,MAAM,WAAW,gBAAgB;IAC/B,gCAAgC;IAChC,YAAY,EAAE;QACZ,MAAM,EAAE,eAAe,EAAE,CAAC;KAC3B,CAAC;IACF,qCAAqC;IACrC,MAAM,EAAE,MAAM,GAAG,kBAAkB,CAAC;IACpC,wBAAwB;IACxB,QAAQ,CAAC,EAAE;QACT,KAAK,EAAE,CAAC,UAAU,GAAG,KAAK,GAAG,WAAW,GAAG,eAAe,CAAC,EAAE,CAAC;QAC9D,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,UAAU,GAAG,MAAM,CAAC;YAC5B,GAAG,EAAE,MAAM,CAAC;YACZ,KAAK,EAAE,MAAM,CAAC;SACf,CAAC;KACH,CAAC;CACH;AAID,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB;IAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,sEAAsE;IACtE,YAAY,CAAC,EAAE,eAAe,CAAC;IAC/B,+BAA+B;IAC/B,QAAQ,CAAC,EAAE;QACT,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,YAAY,EAAE;YACZ,KAAK,EAAE,MAAM,CAAC;SACf,CAAC;KACH,CAAC;IACF,8BAA8B;IAC9B,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qBAAqB;IACrB,KAAK,CAAC,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAID,MAAM,WAAW,eAAe;IAC9B,uBAAuB;IACvB,KAAK,EAAE,eAAe,CAAC;IACvB,6CAA6C;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,aAAa,EAAE,MAAM,CAAC;IACtB,sDAAsD;IACtD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gCAAgC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAID,MAAM,WAAW,iBAAiB;IAChC,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;CACd;AAID,MAAM,WAAW,iCAAiC;IAChD,8CAA8C;IAC9C,aAAa,EAAE,MAAM,CAAC;IACtB,iEAAiE;IACjE,UAAU,EAAE,SAAS,GAAG,MAAM,CAAC;IAC/B,uFAAuF;IACvF,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,oEAAoE;IACpE,gBAAgB,EAAE,MAAM,CAAC;IACzB,4CAA4C;IAC5C,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,uDAAuD;IACvD,QAAQ,CAAC,EAAE;QACT,KAAK,EAAE,CAAC,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,UAAU,GAAG,MAAM,CAAC;YAC5B,GAAG,EAAE,MAAM,CAAC;YACZ,KAAK,EAAE,MAAM,CAAC;SACf,CAAC;KACH,CAAC;IACF,8DAA8D;IAC9D,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,yDAAyD;IACzD,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAID,MAAM,WAAW,kBAAkB;IACjC,oFAAoF;IACpF,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;CAChF;AAED,MAAM,WAAW,cAAc;IAC7B,uEAAuE;IACvE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC,CAAC;IACvD,oBAAoB;IACpB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,qBAAqB;IACrB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC"}

package/dist/types.js

@@ -0,0 +1,6 @@
+/**
+ * GNAP (RFC 9635) types for grant requests, responses, and token management.
+ * @see https://www.rfc-editor.org/rfc/rfc9635.html
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@flarcos/kiota-authentication-gnap",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "GNAP (RFC 9635) authentication provider for Kiota-generated API clients with RFC 9421 HTTP Message Signatures",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "eslint src/",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "kiota",
+    "gnap",
+    "rfc9635",
+    "rfc9421",
+    "http-message-signatures",
+    "open-payments",
+    "interledger",
+    "authentication"
+  ],
+  "author": "flarcos",
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@microsoft/kiota-abstractions": "^1.0.0-preview.68",
+    "http-message-signatures": "^1.0.4",
+    "jose": "^5.9.0"
+  },
+  "devDependencies": {
+    "@interledger/http-signature-utils": "^2.0.3",
+    "@types/node": "^22.0.0",
+    "typescript": "^5.5.0",
+    "vitest": "^2.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}