auth-ts
Authentication protocol library implementation in TypeScript
Credentials generation
The only supported credential type for the time being, are the 'third-party' credentials.
Third Party credentials
This type of credential require the intervention of a third party (authentication server) in order to authenticate the user against a service provider
const timeToLive = 10 // In seconds const k = SimpleCredential
Request credentials generation
const messageToSend = MessageInput // messageContent is a bufferconst timeToLive = 10 // In secondsconst k = SimpleCredentialconst messageCredentials = k // Access Token given by the third party. To generate one you will need to send the ecdsa public key generated as part of the credential generation process // If the message is an http requestconst method = 'POST'const url = 'www.decentraland.org/something'const body = Bufferconst httpMessage = MessageInputconst messageCredentials = k // Access Token given by the third messageCredentials //And the rest of your headersconst response = await
Generated Credentials
Header | Meaning |
---|---|
x-signature | This is the signed request information (http method + url + body + timestamp) with the generated ephemeral key. This is vital to prevent replay attacks. |
x-timestamp | Request timestamp, in Unix time. |
x-auth-type | Indicates the type of credential, in this case “third-party” |
x-identity | The users ephemeral public key used in the access token creation and the user ID |
x-access-token | Access token. Contains the public ephemeral key and it is signed by the granting authority with its own private key. |
Request validation
The service providers will need to authenticate the users based on the information present in the request headers.
Authentication Strategies
We define three basic Authentication strategies
Third party strategy
The service provider will need to know the entity who signs the access token, otherwise, the request will be rejected.
const timeToLive = 10 // In secondsconst authServicePubKey = ... // Pem encoded public key of the trusted auth serviceconst authn = AuthenticationFactory const authProvider = authn const req: AuthRequest = ... const result: Result = authProvider
Allow All
const authn = const authz =
Copyright info
This repository is protected with a standard Apache 2 licence. See the terms and conditions in the LICENSE file.