0.3.2 • Published 6 years ago

decentraland-auth-protocol v0.3.2

Weekly downloads
4
License
Apache-2.0
Repository
github
Last release
6 years ago

auth-ts

Authentication protocol library implementation in TypeScript

Credentials generation

The only supported credential type for the time being, are the 'third-party' credentials.

Third Party credentials

This type of credential require the intervention of a third party (authentication server) in order to authenticate the user against a service provider

 const timeToLive = 10 // In seconds
 const k = SimpleCredential.generateNewKey(timeToLive)

Request credentials generation

const messageToSend = MessageInput.fromMessage(messageContent) // messageContent is a buffer
const timeToLive = 10 // In seconds
const k = SimpleCredential.generateNewKey(timeToLive)
const messageCredentials = k.makeMessageCredentials(messageToSend, accessToken) // Access Token given by the third party. To generate one you will need to send the ecdsa public key generated as part of the credential generation process

// If the message is an http request
const method = 'POST'
const url = 'www.decentraland.org/something'
const body = Buffer.from(
    JSON.stringify({ param1: 'data1', param2: 'data2' }),
    'utf8'
  )
const httpMessage = MessageInput.fromHttpRequest(method, url, body)
const messageCredentials = k.makeMessageCredentials(httpMessage, accessToken) // Access Token given by the third 
messageCredentials.set('Content-Type', 'application/json') //And the rest of your headers
const response = await fetch(path, {
    method: 'post',
    headers: headers,
    body
})
Generated Credentials
HeaderMeaning
x-signatureThis is the signed request information (http method + url + body + timestamp) with the generated ephemeral key. This is vital to prevent replay attacks.
x-timestampRequest timestamp, in Unix time.
x-auth-typeIndicates the type of credential, in this case “third-party”
x-identityThe users ephemeral public key used in the access token creation and the user ID
x-access-tokenAccess token. Contains the public ephemeral key and it is signed by the granting authority with its own private key.

Request validation

The service providers will need to authenticate the users based on the information present in the request headers.

Authentication Strategies

We define three basic Authentication strategies

Third party strategy

The service provider will need to know the entity who signs the access token, otherwise, the request will be rejected.

const timeToLive = 10 // In seconds
const authServicePubKey = ... // Pem encoded public key of the trusted auth service
const authn = AuthenticationFactory.createThirdPartyStrategy(timeToLive, authServicePubKey})

const authProvider = new AuthProvider(authn, new AuthorizeAllStrategy())

const req: AuthRequest = ...

const result: Result = authProvider.validateRequest(req)

Allow All

const authn = new AuthenticateAllStrategy()
const authz = new AuthorizeAllStrategy()

Copyright info

This repository is protected with a standard Apache 2 licence. See the terms and conditions in the LICENSE file.

0.3.2

6 years ago

0.3.1

6 years ago

0.3.0

6 years ago

0.2.4

6 years ago

0.2.3

6 years ago

0.2.1

6 years ago

0.2.0

6 years ago

0.1.2

6 years ago

0.1.1

6 years ago

0.1.0

6 years ago