{"id":15715348,"url":"https://github.com/cloudflare/privacypass-issuer","last_synced_at":"2025-10-20T04:30:28.174Z","repository":{"id":215478699,"uuid":"707693779","full_name":"cloudflare/privacypass-issuer","owner":"cloudflare","description":"A TypeScript Issuer for the Privacy Pass Authentication Protocol","archived":false,"fork":false,"pushed_at":"2024-10-03T06:24:51.000Z","size":242,"stargazers_count":9,"open_issues_count":3,"forks_count":4,"subscribers_count":14,"default_branch":"main","last_synced_at":"2024-10-03T21:41:17.962Z","etag":null,"topics":["authentication","cryptography","privacy-pass","token","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudflare.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-20T13:01:26.000Z","updated_at":"2024-10-03T06:24:55.000Z","dependencies_parsed_at":"2024-04-23T17:32:17.636Z","dependency_job_id":"6dd65a90-89f6-47c4-a3c8-e231b5c0ba70","html_url":"https://github.com/cloudflare/privacypass-issuer","commit_stats":null,"previous_names":["cloudflare/pp-issuer"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fprivacypass-issuer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fprivacypass-issuer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fprivacypass-issuer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fprivacypass-issuer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudflare","download_url":"https://codeload.github.com/cloudflare/privacypass-issuer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219869309,"owners_count":16555579,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cryptography","privacy-pass","token","typescript"],"created_at":"2024-10-03T21:41:03.061Z","updated_at":"2025-10-20T04:30:28.164Z","avatar_url":"https://github.com/cloudflare.png","language":"TypeScript","funding_links":[],"categories":["Security \u0026 Privacy"],"sub_categories":["Privacy"],"readme":"# privacypass-issuer\n\nPrivacy Pass Issuer ([Draft 16](https://www.ietf.org/archive/id/draft-ietf-privacypass-protocol-16.html)) within Cloudflare Workers. Keys are stored in [R2](https://developers.cloudflare.com/r2).\n\n## Deploy\n\n```bash\nnpm run deploy:production\n```\n\n## Token type\n\nSupport:\n* Public-Verifiable tokens (Blind-RSA)\n\n## Authentication\n\nAll endpoints are public by default. Authentication should be a second layer. Internally, Cloudflare uses [Access](https://developers.cloudflare.com/cloudflare-one/policies/access/) to protect `/admin` and `/token-request` endpoints.\n\n## Test token issuance\n\nOne can test token issuance locally using `npm run test:e2e -- \u003cissuer-name\u003e` target. If the issuer uses mTLS (Mutual TLS), you can use `npm run test:e2e -- --cert \u003cpath\u003e --key \u003cpath\u003e \u003cissuer-name\u003e`.\n\n## Key Rotation\n\nKey rotation can be either manual, by calling `POST /admin/rotate` or automated\nby defining the `ROTATION_CRON_STRING` variable with a valid cron string and\nadding that same cron string value to the `triggers.crons` list.\n\nRotation of keys works by generating a new pair of private/public keys until it\ncan find one whose token id doesn't conflict with a key pair already stored in\nthe keys R2 Bucket. When it succeeds in generating that, it stores the new key\npair in R2.\n\nKeys become available as soon as they are stored in R2. The\n`/.well-known/private-token-issuer-directory` path directory immediately returns\nthe new keys.\n\n**Note:** Rotation does not delete any keys, and because the maximum amount of\nkeys is 256 and the algorithm for generating them picks an id at random, if\nthere are more than half of the maximum amount of keys, the time it takes to\nrotate increases. It's important that keys are cleared regularly, see `Key Clearing`.\n\n## Key Clearing\n\nAny cron string defined in `triggers.crons` that isn't equal to\n`ROTATION_CRON_STRING` or `BACKUPS_CRON_STRING` will trigger a key deletion.\nAfter these keys are deleted they can no longer be used by clients.\n\n## License\n\nThe project is licensed under the [Apache-2.0 License](./LICENSE.txt).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudflare%2Fprivacypass-issuer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudflare%2Fprivacypass-issuer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudflare%2Fprivacypass-issuer/lists"}