Web Bot Authentication defined by draft-meunier-web-bot-auth-architecture.
- JWK Thumbprint pre-compute
- JWK Thumbprint when passing a hash and encoding function
- TypeScript types
This section provides examples usage for signing and verifying web-bot-auth material. More concrete examples are provided on cloudflareresearch/web-bot-auth/examples.
import { Algorithm, signatureHeaders } from "web-bot-auth";
import { signerFromJWK } from "web-bot-auth/crypto";
// The following simple request ios going to be signed
const request = new Request("https://example.com");
// available at https://github.com/cloudflareresearch/web-bot-auth/blob/main/examples/rfc9421-keys/ed25519.json
const RFC_9421_ED25519_TEST_KEY = {
kty: "OKP",
crv: "Ed25519",
kid: "test-key-ed25519",
d: "n4Ni-HpISpVObnQMW0wOhCKROaIKqKtW_2ZYb2p9KcU",
x: "JrQLj5P_89iXES9-vFgrIy29clF9CC_oPPsw3c5D0bs",
};
const headers = signatureHeaders(
request,
await signerFromJWK(RFC_9421_ED25519_TEST_KEY),
{
created: now,
expires: new Date(now.getTime() + 300_000), // now + 5 min
}
);
// Et voila! Here is our signed request
const signedRequest = new Request("https://example.com", {
headers: {
Signature: headers["Signature"],
"Signature-Input": headers["Signature-Input"],
},
});import { verify } from "web-bot-auth";
import { verifierFromJWK } from "web-bot-auth/crypto";
// available at https://github.com/cloudflareresearch/web-bot-auth/blob/main/examples/rfc9421-keys/ed25519.json
const RFC_9421_ED25519_TEST_KEY = {
kty: "OKP",
crv: "Ed25519",
kid: "test-key-ed25519",
x: "JrQLj5P_89iXES9-vFgrIy29clF9CC_oPPsw3c5D0bs",
};
// Reusing the incoming request signed in the above section
const signedRequest = new Request("https://example.com", {
headers: {
Signature: headers["Signature"],
"Signature-Input": headers["Signature-Input"],
},
});
await verify(signedRequest, await verifierFromJWK(RFC_9421_ED25519_TEST_KEY));This software has not been audited. Please use at your sole discretion.
This project is under the Apache-2.0 license.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be Apache-2.0 licensed as above, without any additional terms or conditions.