Polykey/src/tokens/types.ts at 9a56605a3180ca771157518ce5c1a9dc6da81bd4 · MatrixAI/Polykey · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
import type { Opaque, JSONValue } from '../types.js';
import type { Signature, MAC } from '../keys/types.js';
import type { NodeIdEncoded } from '../ids/types.js';

/**
 * Token based on JWT specification.
 * All properties are "claims" and they are all optional.
 * Note that the properties here have to be strict JSON values.
 * This is because tokens are going to be JSON encoded.
 * It avoids confusion if input types are not allowed to be rich.
 */
type TokenPayload = {
  jti?: string;
  iat?: number;
  nbf?: number;
  exp?: number;
  iss?: string;
  sub?: string;
  aud?: string | Array<string>;
  // The `undefined` is a hack to include the optional reserved properties
  [key: string]: JSONValue | undefined;
};

/**
 * Encoded token payload
 * `base64url(json(TokenPayload))`
 */
type TokenPayloadEncoded = Opaque<'TokenPayloadEncoded', string>;

/**
 * Token header properties based on JWT specification
 */
type TokenProtectedHeader =
  | {
      alg: 'EdDSA';
      kid: NodeIdEncoded;
      [key: string]: JSONValue;
    }
  | {
      alg: 'BLAKE2b';
      [key: string]: JSONValue;
    };

/**
 * Encoded token header
 * `base64url(json(TokenHeader))`
 */
type TokenProtectedHeaderEncoded = Opaque<
  'TokenProtectedHeaderEncoded',
  string
>;

/**
 * Signature can either be Ed25519 signature or BLAKE2b MAC code
 */
type TokenSignature = Signature | MAC;

/**
 * Token signature in JSON
 */
type TokenSignatureJSON = {
  type: 'Buffer';
  data: Array<number>;
};

/**
 * Encoded token signature
 * `base64url(TokenSignature)`
 */
type TokenSignatureEncoded = Opaque<'TokenSignatureEncoded', string>;

/**
 * Token header and signature put together as a composite record.
 */
type TokenHeaderSignature = {
  protected: TokenProtectedHeader;
  signature: TokenSignature;
};

/**
 * Token header and signature in JSON
 */
type TokenHeaderSignatureJSON = Omit<TokenHeaderSignature, 'signature'> & {
  signature: TokenSignatureJSON;
};

/**
 * Token header and signature encoded
 */
type TokenHeaderSignatureEncoded = {
  protected: TokenProtectedHeaderEncoded;
  signature: TokenSignatureEncoded;
};

/**
 * Token that is signed
 */
type SignedToken<P extends TokenPayload = TokenPayload> = {
  payload: P;
  signatures: Array<TokenHeaderSignature>;
};

/**
 * Token that is signed in JSON
 */
type SignedTokenJSON<P extends TokenPayload = TokenPayload> = Omit<
  SignedToken<P>,
  'signatures'
> & {
  signatures: Array<TokenHeaderSignatureJSON>;
};

/**
 * Token as a General JWS JSON
 */
type SignedTokenEncoded = {
  payload: TokenPayloadEncoded;
  signatures: Array<TokenHeaderSignatureEncoded>;
};

type CompactToken = Opaque<'CompactToken', string>;

export type {
  TokenPayload,
  TokenPayloadEncoded,
  TokenProtectedHeader,
  TokenProtectedHeaderEncoded,
  TokenSignature,
  TokenSignatureJSON,
  TokenSignatureEncoded,
  TokenHeaderSignature,
  TokenHeaderSignatureJSON,
  TokenHeaderSignatureEncoded,
  SignedToken,
  SignedTokenJSON,
  SignedTokenEncoded,
  CompactToken,
};