Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cloudflare/privacypass-origin

A TypeScript Origin for the Privacy Pass Authentication Protocol
https://github.com/cloudflare/privacypass-origin

authentication cryptography privacy-pass token typescript

Last synced: about 1 month ago
JSON representation

A TypeScript Origin for the Privacy Pass Authentication Protocol

Host: GitHub
URL: https://github.com/cloudflare/privacypass-origin
Owner: cloudflare
License: other
Created: 2023-10-20T13:00:47.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-10-01T16:36:16.000Z (about 2 months ago)
Last Synced: 2024-10-04T21:41:29.771Z (about 1 month ago)
Topics: authentication, cryptography, privacy-pass, token, typescript
Language: TypeScript
Homepage:
Size: 81.1 KB
Stars: 6
Watchers: 11
Forks: 1
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # privacypass-origin

This Worker implements the [challenge](https://ietf-wg-privacypass.github.io/base-drafts/draft-ietf-privacypass-auth-scheme.html#name-token-challenge) and [redemption](https://ietf-wg-privacypass.github.io/base-drafts/draft-ietf-privacypass-auth-scheme.html#name-token-redemption) protocols in Privacy Pass. A live demonstration of this worker can be found [here](https://demo-pat.research.cloudflare.com/login). 

## Overview

The test server has two HTTP endpoints:

- `GET /login`: This API will return a static HTML page representing the application, which is a simple (and non-functional) login form. It also returns a `WWW-Authenticate: PrivateToken` challenge as defined by [Privacy Pass authentication](https://datatracker.ietf.org/doc/draft-ietf-privacypass-auth-scheme/).

- `GET /login (+Authorization: PrivateToken)`: This API is used by the application for performing a "login" request. Clients will interact with this API upon submitting the login form details. 

    - If the login request contains a Privacy Pass token, the token is validated before accepting the request.

    - If not, it's the request above.

When verifying Privacy Pass tokens, the server will first fetch the token verification key from the issuer (as identified by `ISSUER_NAME`).

That's it!

## Configuration

To deploy and interact with this test server, you need to configure the following Cloudflare Worker variables:

- ISSUER_NAME: This is the name of the Privacy Pass issuer server that the origin trusts for issuing tokens. This is a public variable.

## Dependencies

The test server uses existing APIs for creating Privacy Pass token challenges and verifying the resulting tokens. For example, when verifying a token, one can use [standard WebCrypto APIs](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify) for verifying the Token signature against the Issuer's public key.