Class: AuthScheme<C>

@divine/uri.AuthScheme

The base class for all authentication scheme subclasses. The subclasses can be constructed manually, but usually aren't. Instead, this class provides the static methods create to create a authentication scheme from an authentication header or by the registered authentication name.

Below is a list of all known authentication schemes:

Authentication name	AuthScheme class
Basic	BasicAuthScheme
Bearer	BearerAuthScheme

Type parameters

Name	Type	Description
C	extends Credentials	The type of credentials this authentication scheme uses.

Hierarchy

• AuthScheme

  ↳ UnknownAuthScheme

  ↳ BasicAuthScheme

  ↳ BearerAuthScheme

Constructors

constructor

• Protected new AuthScheme<C>(scheme)

Constructs a new AuthScheme instance.

Type parameters

Name	Type
C	extends Credentials

Parameters

Name	Type	Description
scheme	string	The canonical name of the scheme this instance handles.

Defined in

uri/src/auth-schemes.ts:149

Properties

proxy

• proxy: boolean

Specifies wheter or not this scheme provides proxy auhentication. Usually false.

Defined in

uri/src/auth-schemes.ts:141

---

realm

• Optional realm: string

The realm or domain this instance is handling.

Defined in

uri/src/auth-schemes.ts:138

---

scheme

• scheme: string

The canonical name of the scheme this instance handles.

Defined in

uri/src/auth-schemes.ts:149

Methods

_assertCompatibleAuthHeader

▸ Protected _assertCompatibleAuthHeader<H>(header): H

Asserts that an authentication header is compatible with this AuthScheme.

Throws

AuthSchemeError If the header is incompatible with this AuthScheme.

Type parameters

Name	Type
H	extends undefined | AuthHeader

Parameters

Name	Type	Description
header	H	The header to check, or undefined to do nothing.

Returns

H

The provided header.

Defined in

uri/src/auth-schemes.ts:296

---

_assertCompatibleCredentials

▸ Protected _assertCompatibleCredentials<C>(credentials): C

Asserts that some credentials are compatible with this AuthScheme.

Throws

AuthSchemeError If the credentials are incompatible with this AuthScheme.

Type parameters

Name	Type	Description
C	extends undefined | Credentials	The type of credentials that the scheme uses.

Parameters

Name	Type	Description
credentials	C	The credentials to check, or undefined to do nothing.

Returns

C

The provided credentials.

Defined in

uri/src/auth-schemes.ts:313

---

_createChallenge

▸ Protected _createChallenge(authorization?): Promise<WWWAuthenticate>

Creates a new challenge for the client.

Parameters

Name	Type	Description
authorization?	Authorization	The authentication the client provided.

Returns

Promise<WWWAuthenticate>

A new challenge.

Defined in

uri/src/auth-schemes.ts:241

---

_getCredentials

▸ Protected _getCredentials(options): Promise<undefined | C>

Asks the credentials provider for credentials.

Throws

AuthSchemeError If the authentication, challenge or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Parameters

Name	Type	Description
options	CredentialsProviderOptions<C>	Options to pass to the credentials provider.

Returns

Promise<undefined | C>

Valid credentials or undefined if no credentials could be provided.

Defined in

uri/src/auth-schemes.ts:255

---

_isCompatibleCredentials

▸ Protected Abstract _isCompatibleCredentials(credentials): boolean

Checks if the provided credentials are compatible with this AuthScheme.

Throws

AuthSchemeError If the credentials provided are incompatibe with this AuthScheme.

Parameters

Name	Type	Description
credentials	Credentials	The credentials to check for compatibility.

Returns

boolean

true if the provided credentials are usable by this AuthScheme.

Defined in

uri/src/auth-schemes.ts:233

---

createAuthorization

▸ Abstract createAuthorization(challenge?, request?, payload?): Promise<undefined | Authorization>

Generates an Authorization header for an outgoing request.

Throws

AuthSchemeError If the challenge or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Parameters

Name	Type	Description
challenge?	WWWAuthenticate	An optional challenge sent by the remote server.
request?	AuthSchemeRequest	The request that is to be authenticated.
payload?	Uint8Array	The request payload that will be sent.

Returns

Promise<undefined | Authorization>

An Authorization header with the provided credentials.

Defined in

uri/src/auth-schemes.ts:196

---

setCredentialsProvider

▸ setCredentialsProvider(cp?): AuthScheme<C>

Attaches a CredentialsProvider for retrieving or verifying credentials.

Parameters

Name	Type	Description
cp?	C | CredentialsProvider<C>	The CredentialsProvider to register.

Returns

AuthScheme<C>

This AuthScheme.

Defined in

uri/src/auth-schemes.ts:181

---

setProxyMode

▸ setProxyMode(proxy): AuthScheme<C>

Sets the proxy mode.

Parameters

Name	Type	Description
proxy	boolean	true if proxy mode, else false.

Returns

AuthScheme<C>

This AuthScheme.

Defined in

uri/src/auth-schemes.ts:159

---

setRealm

▸ setRealm(realm): AuthScheme<C>

Sets the realm/domain.

Parameters

Name	Type	Description
realm	string	The realm this instance handles.

Returns

AuthScheme<C>

This AuthScheme.

Defined in

uri/src/auth-schemes.ts:170

---

verifyAuthenticationInfo

▸ Abstract verifyAuthenticationInfo<T>(authentication, request?, payload?): Promise<T>

Verifies an AuthenticationInfo or ServerAuthorization header received from a server response.

Not all protocols supports verification of responses. In that case, this method does nothing.

Throws

AuthSchemeError If the authentication or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Type parameters

Name	Type	Description
T	extends undefined | AuthenticationInfo | ServerAuthorization	The type of the header to validate.

Parameters

Name	Type	Description
authentication	T	The authentication provided by the remote server.
request?	AuthSchemeRequest	The response to a request that is to be authenticated.
payload?	Uint8Array	The response payload received from the remote server.

Returns

Promise<T>

The validated AuthenticationInfo/ServerAuthorization header.

Defined in

uri/src/auth-schemes.ts:224

---

verifyAuthorization

▸ Abstract verifyAuthorization<T>(authorization, request?, payload?): Promise<T>

Verifies an Authorization header from an incoming request.

Throws

AuthSchemeError If the authentication or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Type parameters

Name	Type	Description
T	extends undefined | Authorization	The type of the header to validate.

Parameters

Name	Type	Description
authorization	T	The authentication provided by the remote client.
request?	AuthSchemeRequest	The request that is to be authenticated.
payload?	Uint8Array	The request payload that was sent.

Returns

Promise<T>

The validated Authorization header.

Defined in

uri/src/auth-schemes.ts:209

---

create

▸ Static create(from, proxy?): AuthScheme<Credentials>

Creates an authentication scheme class from an authentication header or authentication name.

If the authentication scheme is unknown, an instance of UnknownAuthScheme will be returned.

Parameters

Name	Type	Description
from	string | RegExp | AuthHeader	The type of authentication scheme to create.
proxy?	boolean	Set to true to force proxy mode. Defaults to AuthHeader.isProxyHeader or false.

Returns

AuthScheme<Credentials>

An AuthScheme instance that provides authentication for the requested scheme.

Defined in

uri/src/auth-schemes.ts:117

---

register

▸ Static register<C>(scheme, authScheme): typeof AuthScheme

Registers a new authentication scheme. All subclasses must register their authentication type support with this method.

Type parameters

Name	Type	Description
C	extends Credentials	The type of credentials this authentication scheme uses.

Parameters

Name	Type	Description
scheme	string	The name of the authentication scheme to be registered.
authScheme	Constructor<AuthScheme<C>>	The AuthScheme subclass to register.

Returns

typeof AuthScheme

The AuthScheme base class (for method chaining).

Defined in

uri/src/auth-schemes.ts:103

---

safeCompare

▸ Static safeCompare(untrusted, trusted): boolean

Utility method to compare two secrets in a time-constant manner.

Parameters

Name	Type	Description
untrusted	string | number[]	The untrusted secret that should be verified.
trusted	string | number[]	The trusted secret that the untrusted secret should be compared against.

Returns

boolean

true if the secrets are equal, else false.

Defined in

uri/src/auth-schemes.ts:269