@opentdf/sdk 0.13.0 → 0.14.0-rc.133
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -10
- package/dist/cjs/src/access/access-rpc.js +6 -5
- package/dist/cjs/src/access.js +18 -5
- package/dist/cjs/src/auth/interceptors.js +186 -0
- package/dist/cjs/src/auth/oidc.js +5 -3
- package/dist/cjs/src/auth/token-providers.js +247 -0
- package/dist/cjs/src/index.js +16 -2
- package/dist/cjs/src/opentdf.js +40 -32
- package/dist/cjs/src/platform/authorization/entity-identifiers.js +88 -0
- package/dist/cjs/src/platform.js +3 -46
- package/dist/cjs/src/policy/api.js +9 -5
- package/dist/cjs/src/policy/discovery.js +10 -9
- package/dist/cjs/src/version.js +1 -1
- package/dist/cjs/tdf3/src/client/index.js +35 -17
- package/dist/cjs/tdf3/src/tdf.js +8 -7
- package/dist/types/src/access/access-rpc.d.ts +3 -3
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +3 -3
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/interceptors.d.ts +99 -0
- package/dist/types/src/auth/interceptors.d.ts.map +1 -0
- package/dist/types/src/auth/oidc.d.ts +1 -1
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/token-providers.d.ts +100 -0
- package/dist/types/src/auth/token-providers.d.ts.map +1 -0
- package/dist/types/src/index.d.ts +3 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +18 -15
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/platform/authorization/entity-identifiers.d.ts +41 -0
- package/dist/types/src/platform/authorization/entity-identifiers.d.ts.map +1 -0
- package/dist/types/src/platform.d.ts +6 -3
- package/dist/types/src/platform.d.ts.map +1 -1
- package/dist/types/src/policy/api.d.ts +3 -3
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +5 -5
- package/dist/types/src/policy/discovery.d.ts.map +1 -1
- package/dist/types/src/version.d.ts +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +10 -1
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +5 -2
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/web/src/access/access-rpc.js +6 -5
- package/dist/web/src/access.js +18 -5
- package/dist/web/src/auth/interceptors.js +142 -0
- package/dist/web/src/auth/oidc.js +5 -3
- package/dist/web/src/auth/token-providers.js +242 -0
- package/dist/web/src/index.js +4 -1
- package/dist/web/src/opentdf.js +40 -32
- package/dist/web/src/platform/authorization/entity-identifiers.js +81 -0
- package/dist/web/src/platform.js +3 -46
- package/dist/web/src/policy/api.js +9 -5
- package/dist/web/src/policy/discovery.js +10 -9
- package/dist/web/src/version.js +1 -1
- package/dist/web/tdf3/src/client/index.js +35 -17
- package/dist/web/tdf3/src/tdf.js +8 -7
- package/package.json +1 -1
- package/src/access/access-rpc.ts +5 -5
- package/src/access.ts +29 -13
- package/src/auth/interceptors.ts +197 -0
- package/src/auth/oidc.ts +5 -3
- package/src/auth/token-providers.ts +303 -0
- package/src/index.ts +25 -0
- package/src/opentdf.ts +54 -34
- package/src/platform/authorization/entity-identifiers.ts +102 -0
- package/src/platform.ts +8 -52
- package/src/policy/api.ts +8 -5
- package/src/policy/discovery.ts +9 -9
- package/src/version.ts +1 -1
- package/tdf3/src/client/index.ts +46 -17
- package/tdf3/src/tdf.ts +14 -11
package/tdf3/src/tdf.ts
CHANGED
|
@@ -15,6 +15,7 @@ import {
|
|
|
15
15
|
UnsignedRewrapRequest_WithKeyAccessObjectSchema,
|
|
16
16
|
} from '../../src/platform/kas/kas_pb.js';
|
|
17
17
|
import { type AuthProvider, reqSignature } from '../../src/auth/auth.js';
|
|
18
|
+
import { type AuthConfig } from '../../src/auth/interceptors.js';
|
|
18
19
|
import { handleRpcRewrapErrorString } from '../../src/access/access-rpc.js';
|
|
19
20
|
import { allPool, anyPool } from '../../src/concurrency.js';
|
|
20
21
|
import { base64, hex } from '../../src/encodings/index.js';
|
|
@@ -152,7 +153,8 @@ export type EncryptConfiguration = {
|
|
|
152
153
|
contentStream: ReadableStream<Uint8Array>;
|
|
153
154
|
mimeType?: string;
|
|
154
155
|
policy: Policy;
|
|
155
|
-
|
|
156
|
+
/** Auth configuration: AuthProvider or { interceptors }. */
|
|
157
|
+
auth?: AuthConfig;
|
|
156
158
|
byteLimit: number;
|
|
157
159
|
progressHandler?: (bytesProcessed: number) => void;
|
|
158
160
|
keyForEncryption: KeyInfo;
|
|
@@ -166,7 +168,8 @@ export type DecryptConfiguration = {
|
|
|
166
168
|
fulfillableObligations: string[];
|
|
167
169
|
allowedKases?: string[];
|
|
168
170
|
allowList?: OriginAllowList;
|
|
169
|
-
|
|
171
|
+
/** Auth configuration: AuthProvider or { interceptors }. */
|
|
172
|
+
auth?: AuthConfig;
|
|
170
173
|
cryptoService: CryptoService;
|
|
171
174
|
|
|
172
175
|
dpopKeys: KeyPair;
|
|
@@ -371,7 +374,7 @@ function isTargetSpecLegacyTDF(targetSpecVersion?: string): boolean {
|
|
|
371
374
|
}
|
|
372
375
|
|
|
373
376
|
export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedReadableStream> {
|
|
374
|
-
if (!cfg.
|
|
377
|
+
if (!cfg.auth) {
|
|
375
378
|
throw new ConfigurationError('No authorization middleware defined');
|
|
376
379
|
}
|
|
377
380
|
if (!cfg.contentStream) {
|
|
@@ -737,7 +740,7 @@ type RewrapResponseData = {
|
|
|
737
740
|
async function unwrapKey({
|
|
738
741
|
manifest,
|
|
739
742
|
allowedKases,
|
|
740
|
-
|
|
743
|
+
auth,
|
|
741
744
|
dpopKeys,
|
|
742
745
|
concurrencyLimit,
|
|
743
746
|
cryptoService,
|
|
@@ -746,18 +749,18 @@ async function unwrapKey({
|
|
|
746
749
|
}: {
|
|
747
750
|
manifest: Manifest;
|
|
748
751
|
allowedKases: OriginAllowList;
|
|
749
|
-
|
|
752
|
+
/** Auth configuration: AuthProvider or { interceptors }. */
|
|
753
|
+
auth?: AuthConfig;
|
|
750
754
|
concurrencyLimit?: number;
|
|
751
755
|
dpopKeys: KeyPair;
|
|
752
756
|
cryptoService: CryptoService;
|
|
753
757
|
wrappingKeyAlgorithm?: KasPublicKeyAlgorithm;
|
|
754
758
|
fulfillableObligations: string[];
|
|
755
759
|
}) {
|
|
756
|
-
if (
|
|
757
|
-
throw new ConfigurationError(
|
|
758
|
-
'rewrap requires auth provider; must be configured in client constructor'
|
|
759
|
-
);
|
|
760
|
+
if (!auth) {
|
|
761
|
+
throw new ConfigurationError('rewrap requires auth; must be configured in client constructor');
|
|
760
762
|
}
|
|
763
|
+
const resolvedAuth: AuthConfig = auth;
|
|
761
764
|
const { keyAccess } = manifest.encryptionInformation;
|
|
762
765
|
const splitPotentials = splitLookupTableFactory(keyAccess, allowedKases);
|
|
763
766
|
|
|
@@ -829,7 +832,7 @@ async function unwrapKey({
|
|
|
829
832
|
const rewrapResp = await fetchWrappedKey(
|
|
830
833
|
url,
|
|
831
834
|
signedRequestToken,
|
|
832
|
-
|
|
835
|
+
resolvedAuth,
|
|
833
836
|
fulfillableObligations
|
|
834
837
|
);
|
|
835
838
|
// Upgrade V1 response to V2 format if needed
|
|
@@ -1143,7 +1146,7 @@ export async function decryptStreamFrom(
|
|
|
1143
1146
|
const { metadata, reconstructedKey, requiredObligations } = await unwrapKey({
|
|
1144
1147
|
fulfillableObligations: cfg.fulfillableObligations,
|
|
1145
1148
|
manifest,
|
|
1146
|
-
|
|
1149
|
+
auth: cfg.auth,
|
|
1147
1150
|
allowedKases: allowList,
|
|
1148
1151
|
dpopKeys: cfg.dpopKeys,
|
|
1149
1152
|
cryptoService: cfg.cryptoService,
|