Skip to main content

Class: AuthScheme<C>

@divine/uri.AuthScheme

The base class for all authentication scheme subclasses. The subclasses can be constructed manually, but usually aren't. Instead, this class provides the static methods create to create a authentication scheme from an authentication header or by the registered authentication name.

Below is a list of all known authentication schemes:

Authentication nameAuthScheme class
BasicBasicAuthScheme
BearerBearerAuthScheme

Type parameters

NameTypeDescription
Cextends CredentialsThe type of credentials this authentication scheme uses.

Hierarchy

Constructors

constructor

Protected new AuthScheme<C>(scheme)

Constructs a new AuthScheme instance.

Type parameters

NameType
Cextends Credentials

Parameters

NameTypeDescription
schemestringThe canonical name of the scheme this instance handles.

Defined in

uri/src/auth-schemes.ts:149

Properties

proxy

proxy: boolean

Specifies wheter or not this scheme provides proxy auhentication. Usually false.

Defined in

uri/src/auth-schemes.ts:141


realm

Optional realm: string

The realm or domain this instance is handling.

Defined in

uri/src/auth-schemes.ts:138


scheme

scheme: string

The canonical name of the scheme this instance handles.

Defined in

uri/src/auth-schemes.ts:149

Methods

_assertCompatibleAuthHeader

Protected _assertCompatibleAuthHeader<H>(header): H

Asserts that an authentication header is compatible with this AuthScheme.

Throws

AuthSchemeError If the header is incompatible with this AuthScheme.

Type parameters

NameType
Hextends undefined | AuthHeader

Parameters

NameTypeDescription
headerHThe header to check, or undefined to do nothing.

Returns

H

The provided header.

Defined in

uri/src/auth-schemes.ts:296


_assertCompatibleCredentials

Protected _assertCompatibleCredentials<C>(credentials): C

Asserts that some credentials are compatible with this AuthScheme.

Throws

AuthSchemeError If the credentials are incompatible with this AuthScheme.

Type parameters

NameTypeDescription
Cextends undefined | CredentialsThe type of credentials that the scheme uses.

Parameters

NameTypeDescription
credentialsCThe credentials to check, or undefined to do nothing.

Returns

C

The provided credentials.

Defined in

uri/src/auth-schemes.ts:313


_createChallenge

Protected _createChallenge(authorization?): Promise<WWWAuthenticate>

Creates a new challenge for the client.

Parameters

NameTypeDescription
authorization?AuthorizationThe authentication the client provided.

Returns

Promise<WWWAuthenticate>

A new challenge.

Defined in

uri/src/auth-schemes.ts:241


_getCredentials

Protected _getCredentials(options): Promise<undefined | C>

Asks the credentials provider for credentials.

Throws

AuthSchemeError If the authentication, challenge or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Parameters

NameTypeDescription
optionsCredentialsProviderOptions<C>Options to pass to the credentials provider.

Returns

Promise<undefined | C>

Valid credentials or undefined if no credentials could be provided.

Defined in

uri/src/auth-schemes.ts:255


_isCompatibleCredentials

Protected Abstract _isCompatibleCredentials(credentials): boolean

Checks if the provided credentials are compatible with this AuthScheme.

Throws

AuthSchemeError If the credentials provided are incompatibe with this AuthScheme.

Parameters

NameTypeDescription
credentialsCredentialsThe credentials to check for compatibility.

Returns

boolean

true if the provided credentials are usable by this AuthScheme.

Defined in

uri/src/auth-schemes.ts:233


createAuthorization

Abstract createAuthorization(challenge?, request?, payload?): Promise<undefined | Authorization>

Generates an Authorization header for an outgoing request.

Throws

AuthSchemeError If the challenge or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Parameters

NameTypeDescription
challenge?WWWAuthenticateAn optional challenge sent by the remote server.
request?AuthSchemeRequestThe request that is to be authenticated.
payload?Uint8ArrayThe request payload that will be sent.

Returns

Promise<undefined | Authorization>

An Authorization header with the provided credentials.

Defined in

uri/src/auth-schemes.ts:196


setCredentialsProvider

setCredentialsProvider(cp?): AuthScheme<C>

Attaches a CredentialsProvider for retrieving or verifying credentials.

Parameters

NameTypeDescription
cp?C | CredentialsProvider<C>The CredentialsProvider to register.

Returns

AuthScheme<C>

This AuthScheme.

Defined in

uri/src/auth-schemes.ts:181


setProxyMode

setProxyMode(proxy): AuthScheme<C>

Sets the proxy mode.

Parameters

NameTypeDescription
proxybooleantrue if proxy mode, else false.

Returns

AuthScheme<C>

This AuthScheme.

Defined in

uri/src/auth-schemes.ts:159


setRealm

setRealm(realm): AuthScheme<C>

Sets the realm/domain.

Parameters

NameTypeDescription
realmstringThe realm this instance handles.

Returns

AuthScheme<C>

This AuthScheme.

Defined in

uri/src/auth-schemes.ts:170


verifyAuthenticationInfo

Abstract verifyAuthenticationInfo<T>(authentication, request?, payload?): Promise<T>

Verifies an AuthenticationInfo or ServerAuthorization header received from a server response.

Not all protocols supports verification of responses. In that case, this method does nothing.

Throws

AuthSchemeError If the authentication or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Type parameters

NameTypeDescription
Textends undefined | AuthenticationInfo | ServerAuthorizationThe type of the header to validate.

Parameters

NameTypeDescription
authenticationTThe authentication provided by the remote server.
request?AuthSchemeRequestThe response to a request that is to be authenticated.
payload?Uint8ArrayThe response payload received from the remote server.

Returns

Promise<T>

The validated AuthenticationInfo/ServerAuthorization header.

Defined in

uri/src/auth-schemes.ts:224


verifyAuthorization

Abstract verifyAuthorization<T>(authorization, request?, payload?): Promise<T>

Verifies an Authorization header from an incoming request.

Throws

AuthSchemeError If the authentication or the credentials provided via setCredentialsProvider are incompatibe with this AuthScheme.

Type parameters

NameTypeDescription
Textends undefined | AuthorizationThe type of the header to validate.

Parameters

NameTypeDescription
authorizationTThe authentication provided by the remote client.
request?AuthSchemeRequestThe request that is to be authenticated.
payload?Uint8ArrayThe request payload that was sent.

Returns

Promise<T>

The validated Authorization header.

Defined in

uri/src/auth-schemes.ts:209


create

Static create(from, proxy?): AuthScheme<Credentials>

Creates an authentication scheme class from an authentication header or authentication name.

If the authentication scheme is unknown, an instance of UnknownAuthScheme will be returned.

Parameters

NameTypeDescription
fromstring | RegExp | AuthHeaderThe type of authentication scheme to create.
proxy?booleanSet to true to force proxy mode. Defaults to AuthHeader.isProxyHeader or false.

Returns

AuthScheme<Credentials>

An AuthScheme instance that provides authentication for the requested scheme.

Defined in

uri/src/auth-schemes.ts:117


register

Static register<C>(scheme, authScheme): typeof AuthScheme

Registers a new authentication scheme. All subclasses must register their authentication type support with this method.

Type parameters

NameTypeDescription
Cextends CredentialsThe type of credentials this authentication scheme uses.

Parameters

NameTypeDescription
schemestringThe name of the authentication scheme to be registered.
authSchemeConstructor<AuthScheme<C>>The AuthScheme subclass to register.

Returns

typeof AuthScheme

The AuthScheme base class (for method chaining).

Defined in

uri/src/auth-schemes.ts:103


safeCompare

Static safeCompare(untrusted, trusted): boolean

Utility method to compare two secrets in a time-constant manner.

Parameters

NameTypeDescription
untrustedstring | number[]The untrusted secret that should be verified.
trustedstring | number[]The trusted secret that the untrusted secret should be compared against.

Returns

boolean

true if the secrets are equal, else false.

Defined in

uri/src/auth-schemes.ts:269