@pelican-identity/vanilla 1.0.42 → 1.0.44
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +89 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -215,6 +215,95 @@ interface IdentityResult {
|
|
|
215
215
|
}
|
|
216
216
|
```
|
|
217
217
|
|
|
218
|
+
## `token`
|
|
219
|
+
|
|
220
|
+
- A **JWT (JSON Web Token)** issued by Pelican after a successful user authentication or action approval.
|
|
221
|
+
- This token represents a **verified user interaction** and can be used to confirm identity and/or intent on your backend.
|
|
222
|
+
|
|
223
|
+
---
|
|
224
|
+
|
|
225
|
+
## Verification
|
|
226
|
+
|
|
227
|
+
To verify a Pelican token, your backend must send it to the Pelican Identity API.
|
|
228
|
+
|
|
229
|
+
### Endpoint
|
|
230
|
+
|
|
231
|
+
```
|
|
232
|
+
POST https://identityapi.pelicanidentity.com/verify-session
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
---
|
|
236
|
+
|
|
237
|
+
### Headers
|
|
238
|
+
|
|
239
|
+
Include the following headers in your request:
|
|
240
|
+
|
|
241
|
+
- `x-public-key` — Your Pelican public API key
|
|
242
|
+
|
|
243
|
+
---
|
|
244
|
+
|
|
245
|
+
### Request Body
|
|
246
|
+
|
|
247
|
+
```json
|
|
248
|
+
{
|
|
249
|
+
"token": "YOUR_PELICAN_JWT_TOKEN"
|
|
250
|
+
}
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
---
|
|
254
|
+
|
|
255
|
+
### Example (Node.js)
|
|
256
|
+
|
|
257
|
+
```ts
|
|
258
|
+
const response = await fetch(
|
|
259
|
+
"https://identityapi.pelicanidentity.com/verify-session",
|
|
260
|
+
{
|
|
261
|
+
method: "POST",
|
|
262
|
+
headers: {
|
|
263
|
+
"Content-Type": "application/json",
|
|
264
|
+
"x-public-key": process.env.PELICAN_PUBLIC_KEY,
|
|
265
|
+
},
|
|
266
|
+
body: JSON.stringify({
|
|
267
|
+
token: pelicanToken,
|
|
268
|
+
}),
|
|
269
|
+
},
|
|
270
|
+
);
|
|
271
|
+
|
|
272
|
+
const data = await response.json();
|
|
273
|
+
```
|
|
274
|
+
|
|
275
|
+
---
|
|
276
|
+
|
|
277
|
+
### Response
|
|
278
|
+
|
|
279
|
+
A successful response will return a verified payload containing:
|
|
280
|
+
|
|
281
|
+
- `pelican_id ` — Pelican user identity details
|
|
282
|
+
- `verified` — Boolean indicating token validity
|
|
283
|
+
- `issued_at` — Timestamp of when the token was generated
|
|
284
|
+
- `expires_at` — Token expiration timestamp
|
|
285
|
+
|
|
286
|
+
---
|
|
287
|
+
|
|
288
|
+
### Example Response
|
|
289
|
+
|
|
290
|
+
```json
|
|
291
|
+
{
|
|
292
|
+
"verified": true,
|
|
293
|
+
"pelican_id": "4dbde492db8f64aff80b1dd61754a84bdf2dc87eed1b19fec4cd66569856b134",
|
|
294
|
+
"issued_at": 1714483200,
|
|
295
|
+
"expires_at": 1714483500
|
|
296
|
+
}
|
|
297
|
+
```
|
|
298
|
+
|
|
299
|
+
---
|
|
300
|
+
|
|
301
|
+
### Notes
|
|
302
|
+
|
|
303
|
+
- Always verify the token on your backend before trusting any user action.
|
|
304
|
+
- Tokens are **short-lived** and should not be reused.
|
|
305
|
+
- Never trust tokens directly from the client without verification.
|
|
306
|
+
|
|
218
307
|
---
|
|
219
308
|
|
|
220
309
|
## `user_id`
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pelican-identity/vanilla",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.44",
|
|
4
4
|
"description": "JavaScript components for Pelican Identity authentication",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"module": "./dist/index.mjs",
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"package.json"
|
|
20
20
|
],
|
|
21
21
|
"dependencies": {
|
|
22
|
-
"@pelican-identity/auth-core": "^1.2.
|
|
22
|
+
"@pelican-identity/auth-core": "^1.2.47"
|
|
23
23
|
},
|
|
24
24
|
"devDependencies": {
|
|
25
25
|
"tsup": "^8.0.1",
|