src/lib/utils/jwt.ts at main · gmstn.systems/gemstone-app

frontend client for gemstone. decentralised workplace app

gemstone-app / src / lib / utils / jwt.ts

at main 1.5 kB view raw

 1import type { Did, Nsid } from "@/lib/types/atproto";
 2import type { OAuthContextValue } from "@/providers/OAuthProvider";
 3
 4/**
 5 * Requests an {@link https://atproto.com/specs/xrpc#inter-service-authentication-jwt|Inter Service JWT} from the PDS of the currently logged in user.
 6 * Likely not to be used in production. Generally speaking, for production, we will use service proxying to achieve what we want.
 7 * @param {object} params - An object containing the expected parameters of this function.
 8 * @param {object} params.oauth - Required. An OAuth object from the OAuth provider (OAuthProvider, useOAuth()[0]).
 9 * @param {string} params.aud - Required. The DID of the audience. Specifically, the DID of the receiving service that will perform verification of the JWT on their end.
10 * @param {string} [params.exp] - Optional. Time in unix epoch *seconds* that the JWT expires.
11 * @param {string} [params.lxm] - Optional. Lexicon (XRPC) method to bind the requested token to. Must be a valid ATProto NSID
12 */
13export const requestInterServiceJwtFromPds = async ({
14    oauth,
15    aud,
16    exp,
17    lxm,
18}: {
19    oauth: OAuthContextValue;
20    aud: Did;
21    exp?: number;
22    lxm?: Nsid;
23}) => {
24    if (!oauth.agent)
25        throw new Error(
26            "OAuth was not intialised before attempting to request a service JWT from user's PDS.",
27        );
28
29    const res = await oauth.agent.com.atproto.server.getServiceAuth({
30        aud,
31        exp,
32        lxm,
33    });
34
35    return res.data.token;
36};