auth-parser
HTTP Authentication and Authorization Authorization field parser and
serializer.
Compliant with RFC 9110, 11.6.2. Authorization.
Parsing
Parse string into Authorization.
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
const result = parseAuthorization("Basic token68");
assertEquals(parseAuthorization("Basic token68"), {
authScheme: "Basic",
params: "token68",
});
assertEquals(
parseAuthorization(`Bearer realm="example", error="invalid_token"`),
{
authScheme: "Bearer",
params: {
realm: `"example"`,
error: `"invalid_token"`,
},
},
);Throwing error
In the following cases, throws an error.
- Syntax error
- Semantic error
Syntax error
If field value has an invalid syntax, it may throw a SyntaxError.
The syntax follows Authorization ABNF.
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => parseAuthorization("<invalid>"));Semantic error
In case of semantic errors, throw an Error.
- If there is a duplicate key(case insensitive) in auth-param
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() =>
parseAuthorization("scheme duplicate=value, Duplicate=value")
);Serialization
Serialize Authorization into string.
import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
assertEquals(
stringifyAuthorization({ authScheme: "Basic", params: "token68==" }),
"Basic token68",
);
assertEquals(
stringifyAuthorization({
authScheme: "Bearer",
params: { realm: `"Secure area"`, error: `"invalid_token"` },
}),
`Bearer realm="Secure area", error="invalid_token"`,
);Error
Throws an error in the following cases:
authSchemeis invalid auth-schemeparamsis invalid token68paramskey is invalid tokenparamsvalue is invalid token or quoted-string- There is a duplication in
paramskeys(case-insensitive)
import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() =>
stringifyAuthorization({ authScheme: "<invalid:auth-scheme>" })
);
assertThrows(() =>
stringifyAuthorization({ authScheme: "<valid>", params: "<invalid:token68>" })
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<invalid:token>": "<valid>" },
})
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<valid>": "<invalid:token|quoted-string>" },
})
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<duplicate>": "<valid>", "<DUPLICATE>": "<valid>" },
})
);Authorization
Authorization is following structure:
| Name | Type | Description |
|---|---|---|
| authScheme | string |
Authentication scheme. |
| params | Token68 | AuthParams | null |
token68 or auth-param. |
Token68
It is the same as string.
The token68 syntax allows the 66 unreserved URI characters, plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding, with or without padding, but excluding whitespace.
AuthParams
It is name/value pairs.
interface AuthParams {
readonly [k: string]: string;
}API
All APIs can be found in the deno doc.
License
Copyright © 2023-present httpland.
Released under the MIT license