authorization-parser
HTTP Authentication and Authorization Authorization
field parser and
serializer.
Compliant with RFC 9110, 11.6.2. Authorization.
Parsing
Parse string into Authorization.
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
const result = parseAuthorization("Basic token68");
assertEquals(parseAuthorization("Basic token68"), {
authScheme: "Basic",
params: "token68",
});
assertEquals(
parseAuthorization(`Bearer realm="example", error="invalid_token"`),
{
authScheme: "Bearer",
params: {
realm: `"example"`,
error: `"invalid_token"`,
},
},
);
Throwing error
In the following cases, throws an error.
- Syntax error
- Semantic error
Syntax error
If field value has an invalid syntax, it may throw a SyntaxError
.
The syntax follows Authorization ABNF.
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => parseAuthorization("<invalid>"));
Semantic error
In case of semantic errors, throw an Error
.
- If there is a duplicate key(case insensitive) in auth-param
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() =>
parseAuthorization("scheme duplicate=value, Duplicate=value")
);
Serialization
Serialize Authorization into string.
import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
assertEquals(
stringifyAuthorization({ authScheme: "Basic", params: "token68==" }),
"Basic token68",
);
assertEquals(
stringifyAuthorization({
authScheme: "Bearer",
params: { realm: `"Secure area"`, error: `"invalid_token"` },
}),
`Bearer realm="Secure area", error="invalid_token"`,
);
Error
Throws an error in the following cases:
authScheme
is invalid auth-schemeparams
is invalid token68params
key is invalid tokenparams
value is invalid token or quoted-string- There is a duplication in
params
keys(case-insensitive)
import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() =>
stringifyAuthorization({ authScheme: "<invalid:auth-scheme>" })
);
assertThrows(() =>
stringifyAuthorization({ authScheme: "<valid>", params: "<invalid:token68>" })
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<invalid:token>": "<valid>" },
})
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<valid>": "<invalid:token|quoted-string>" },
})
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<duplicate>": "<valid>", "<DUPLICATE>": "<valid>" },
})
);
Authorization
Authorization
is following structure:
Name | Type | Description |
---|---|---|
authScheme | string |
Authentication scheme. |
params | Token68 | AuthParams | null |
token68 or auth-param. |
Token68
It is the same as string
.
The token68 syntax allows the 66 unreserved URI characters, plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding, with or without padding, but excluding whitespace.
AuthParams
It is name/value pairs.
interface AuthParams {
readonly [k: string]: string;
}
Compatibility
parser is compatible with RFC 9110, 11.3. Challenge and Response and RFC 9110, 11.4. Credentials syntax and can be used in the same way.
API
All APIs can be found in the deno doc.
License
Copyright © 2023-present httpland.
Released under the MIT license