react-native-dpop 0.3.0 → 1.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-dpop",
-  "version": "0.3.0",
+  "version": "1.0.0",
   "description": "React Native library for DPoP proof generation and key management.",
   "keywords": [
     "android",
@@ -18,6 +18,7 @@
   "license": "MIT",
   "author": "Pedro Cirilo <phscirilo123@gmail.com> (https://github.com/Cirilord)",
   "main": "./lib/module/index.js",
+  "react-native": "./src/index.tsx",
   "types": "./lib/typescript/src/index.d.ts",
   "exports": {
     ".": {
@@ -47,8 +48,8 @@
     "!**/.*"
   ],
   "scripts": {
-    "clean": "del-cli android/build example/android/build example/android/app/build example/ios/build lib",
-    "example": "yarn workspace react-native-dpop-example",
+    "clean": "del-cli android/build examples/v0.83/android/build examples/v0.83/android/app/build examples/v0.83/ios/build lib",
+    "example": "yarn workspace react-native-dpop-example-v0.83",
     "lint": "eslint \"**/*.{js,ts,tsx}\"",
     "prepare": "bob build",
     "release": "release-it",
@@ -71,12 +72,14 @@
     "@react-native/babel-preset": "0.83.0",
     "@react-native/eslint-config": "0.83.0",
     "@release-it/conventional-changelog": "^10.0.1",
+    "@tsconfig/strictest": "^2.0.8",
     "@types/jest": "^29.5.14",
     "@types/react": "^19.2.0",
     "commitlint": "^19.8.1",
     "del-cli": "^6.0.0",
     "eslint": "^9.35.0",
     "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-import": "^2.32.0",
     "eslint-plugin-prettier": "^5.5.4",
     "jest": "^29.7.0",
     "lefthook": "^2.0.3",
@@ -89,7 +92,8 @@
     "typescript": "^5.9.2"
   },
   "workspaces": [
-    "example"
+    "examples/v0.75",
+    "examples/v0.83"
   ],
   "packageManager": "yarn@4.11.0",
   "react-native-builder-bob": {

package/src/NativeReactNativeDPoP.ts

@@ -4,16 +4,7 @@ import type { UnsafeObject } from 'react-native/Libraries/Types/CodegenTypes';
 
 export interface Spec extends TurboModule {
   assertHardwareBacked(alias: string | null): Promise<void>;
-  calculateThumbprint(alias: string | null): Promise<string>;
   deleteKeyPair(alias: string | null): Promise<void>;
-  getKeyInfo(alias: string | null): Promise<UnsafeObject>;
-  getPublicKeyDer(alias: string | null): Promise<string>;
-  getPublicKeyJwk(alias: string | null): Promise<UnsafeObject>;
-  getPublicKeyRaw(alias: string | null): Promise<string>;
-  hasKeyPair(alias: string | null): Promise<boolean>;
-  isBoundToAlias(proof: string, alias: string | null): Promise<boolean>;
-  rotateKeyPair(alias: string | null): Promise<void>;
-  signWithDpopPrivateKey(payload: string, alias: string | null): Promise<string>;
   generateProof(
     htu: string,
     htm: string,
@@ -23,11 +14,22 @@ export interface Spec extends TurboModule {
     kid: string | null,
     jti: string | null,
     iat: number | null,
-    alias: string | null
+    alias: string | null,
+    requireHardwareBacked: boolean
   ): Promise<UnsafeObject>;
+  getKeyInfo(alias: string | null): Promise<UnsafeObject>;
+  getPublicKeyDer(alias: string | null): Promise<string>;
+  getPublicKeyJwk(alias: string | null): Promise<UnsafeObject>;
+  getPublicKeyRaw(alias: string | null): Promise<string>;
+  getPublicKeyThumbprint(alias: string | null): Promise<string>;
+  hasKeyPair(alias: string | null): Promise<boolean>;
+  isBoundToAlias(proof: string, alias: string | null): Promise<boolean>;
+  rotateKeyPair(alias: string | null): Promise<void>;
+  signWithDPoPPrivateKey(payload: string, alias: string | null): Promise<string>;
 }
 
-const nativeDpopModule =
-  TurboModuleRegistry.get<Spec>('ReactNativeDPoP') ?? (NativeModules.ReactNativeDPoP as Spec | undefined);
+const nativeDPoPModule =
+  // eslint-disable-next-line dot-notation -- required by noPropertyAccessFromIndexSignature from @tsconfig/strictest
+  TurboModuleRegistry.get<Spec>('ReactNativeDPoP') ?? (NativeModules['ReactNativeDPoP'] as Spec | undefined);
 
-export default nativeDpopModule as Spec;
+export default nativeDPoPModule as Spec;

package/src/index.tsx

@@ -3,8 +3,8 @@ import NativeReactNativeDPoP from './NativeReactNativeDPoP';
 type AdditionalClaims = Record<string, unknown>;
 
 export type PublicJwk = {
-  kty: 'EC';
   crv: 'P-256';
+  kty: 'EC';
   x: string;
   y: string;
 };
@@ -12,50 +12,60 @@ export type PublicJwk = {
 export type PublicKeyFormat = 'JWK' | 'DER' | 'RAW';
 
 export type SecureHardwareFallbackReason = 'UNAVAILABLE' | 'PROVIDER_ERROR' | 'POLICY_REJECTED' | 'UNKNOWN';
+export type AndroidSecurityLevelName = 'SOFTWARE' | 'TRUSTED_ENVIRONMENT' | 'STRONGBOX';
+export type IOSSecurityLevelName = 'SOFTWARE' | 'SECURE_ENCLAVE';
 
 export type DPoPKeyInfo = {
-  alias: string;
-  hasKeyPair: boolean;
   algorithm?: string;
+  alias: string;
   curve?: string;
-  insideSecureHardware?: boolean;
   hardware?: {
     android?: {
+      securityLevel?: number;
+      securityLevelName?: AndroidSecurityLevelName;
       strongBoxAvailable: boolean;
       strongBoxBacked: boolean;
-      securityLevel?: number;
       strongBoxFallbackReason?: SecureHardwareFallbackReason | null;
     };
     ios?: {
       secureEnclaveAvailable: boolean;
       secureEnclaveBacked: boolean;
-      securityLevel?: number | null;
       secureEnclaveFallbackReason?: SecureHardwareFallbackReason | null;
+      securityLevel?: number | null;
+      securityLevelName?: IOSSecurityLevelName;
     };
   };
+  hasKeyPair: boolean;
+  insideSecureHardware?: boolean;
 };
 
 export type GenerateProofInput = {
-  htu: string;
-  htm: string;
-  nonce?: string;
   accessToken?: string;
   additional?: AdditionalClaims;
-  kid?: string;
-  jti?: string;
-  iat?: number;
   alias?: string;
+  htm: string;
+  htu: string;
+  iat?: number;
+  jti?: string;
+  kid?: string;
+  nonce?: string;
+  requireHardwareBacked?: boolean;
+};
+
+export type DPoPHeaders = {
+  Authorization?: string;
+  DPoP: string;
 };
 
 export type DPoPProofContext = {
-  htu: string;
-  htm: string;
-  nonce: string | null;
-  ath: string | null;
   additional: AdditionalClaims | null;
-  kid: string | null;
-  jti: string;
+  ath: string | null;
+  htm: string;
+  htu: string;
   iat: number;
+  jti: string;
+  kid: string | null;
+  nonce: string | null;
 };
 
 type GenerateProofResult = {
@@ -64,8 +74,8 @@ type GenerateProofResult = {
 };
 
 export class DPoP {
+  public readonly alias: string | undefined;
   public readonly proof: string;
-  public readonly alias?: string;
   public readonly proofContext: DPoPProofContext;
 
   private constructor(proof: string, proofContext: DPoPProofContext, alias?: string) {
@@ -74,27 +84,21 @@ export class DPoP {
     this.alias = alias;
   }
 
-  public async calculateThumbprint(): Promise<string> {
-    return NativeReactNativeDPoP.calculateThumbprint(this.alias ?? null);
+  public static async assertHardwareBacked(alias?: string): Promise<void> {
+    await NativeReactNativeDPoP.assertHardwareBacked(alias ?? null);
   }
 
-  public async getPublicKey(format: PublicKeyFormat): Promise<PublicJwk | string> {
-    if (format === 'DER') {
-      return NativeReactNativeDPoP.getPublicKeyDer(this.alias ?? null);
-    }
-    if (format === 'RAW') {
-      return NativeReactNativeDPoP.getPublicKeyRaw(this.alias ?? null);
-    }
-
-    return NativeReactNativeDPoP.getPublicKeyJwk(this.alias ?? null) as Promise<PublicJwk>;
-  }
+  public static async buildDPoPHeaders(input: GenerateProofInput): Promise<DPoPHeaders> {
+    const dPoP = await DPoP.generateProof(input);
 
-  public async signWithDpopPrivateKey(payload: string): Promise<string> {
-    return NativeReactNativeDPoP.signWithDpopPrivateKey(payload, this.alias ?? null);
+    return {
+      DPoP: dPoP.proof,
+      ...(input.accessToken ? { Authorization: `DPoP ${input.accessToken}` } : {}),
+    };
   }
 
-  public async isBoundToAlias(alias?: string): Promise<boolean> {
-    return NativeReactNativeDPoP.isBoundToAlias(this.proof, alias ?? this.alias ?? null);
+  public static async deleteKeyPair(alias?: string): Promise<void> {
+    await NativeReactNativeDPoP.deleteKeyPair(alias ?? null);
   }
 
   public static async generateProof(input: GenerateProofInput): Promise<DPoP> {
@@ -106,21 +110,15 @@ export class DPoP {
       input.additional ?? null,
       input.kid ?? null,
       input.jti ?? null,
-      input.iat ?? null,
-      input.alias ?? null
+      // RN 0.75 Android bridge can crash when a nullable Double arrives as null.
+      input.iat ?? Math.floor(Date.now() / 1000),
+      input.alias ?? null,
+      input.requireHardwareBacked ?? false
     )) as GenerateProofResult;
 
     return new DPoP(result.proof, result.proofContext, input.alias);
   }
 
-  public static async assertHardwareBacked(alias?: string): Promise<void> {
-    await NativeReactNativeDPoP.assertHardwareBacked(alias ?? null);
-  }
-
-  public static async deleteKeyPair(alias?: string): Promise<void> {
-    await NativeReactNativeDPoP.deleteKeyPair(alias ?? null);
-  }
-
   public static async getKeyInfo(alias?: string): Promise<DPoPKeyInfo> {
     return NativeReactNativeDPoP.getKeyInfo(alias ?? null) as Promise<DPoPKeyInfo>;
   }
@@ -132,4 +130,27 @@ export class DPoP {
   public static async rotateKeyPair(alias?: string): Promise<void> {
     await NativeReactNativeDPoP.rotateKeyPair(alias ?? null);
   }
+
+  public async getPublicKey(format: PublicKeyFormat): Promise<PublicJwk | string> {
+    if (format === 'DER') {
+      return NativeReactNativeDPoP.getPublicKeyDer(this.alias ?? null);
+    }
+    if (format === 'RAW') {
+      return NativeReactNativeDPoP.getPublicKeyRaw(this.alias ?? null);
+    }
+
+    return NativeReactNativeDPoP.getPublicKeyJwk(this.alias ?? null) as Promise<PublicJwk>;
+  }
+
+  public async getPublicKeyThumbprint(): Promise<string> {
+    return NativeReactNativeDPoP.getPublicKeyThumbprint(this.alias ?? null);
+  }
+
+  public async isBoundToAlias(alias?: string): Promise<boolean> {
+    return NativeReactNativeDPoP.isBoundToAlias(this.proof, alias ?? this.alias ?? null);
+  }
+
+  public async signWithDPoPPrivateKey(payload: string): Promise<string> {
+    return NativeReactNativeDPoP.signWithDPoPPrivateKey(payload, this.alias ?? null);
+  }
 }