/authorization-parser

HTTP Authorization field parser and serializer

Primary LanguageTypeScriptMIT LicenseMIT

authorization-parser

deno land deno doc GitHub release (latest by date) codecov GitHub

test NPM

HTTP Authorization field parser and serializer.

Compliant with RFC 9110, 11.6.2. Authorization.

Parsing

Parse string into Authorization.

import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";

const result = parseAuthorization("Basic token68");

assertEquals(parseAuthorization("Basic token68"), {
  authScheme: "Basic",
  params: "token68",
});
assertEquals(
  parseAuthorization(`Bearer realm="example", error="invalid_token"`),
  {
    authScheme: "Bearer",
    params: {
      realm: `"example"`,
      error: `"invalid_token"`,
    },
  },
);

Throwing error

In the following cases, throws an error.

  • Syntax error
  • Semantic error

Syntax error

If field value has an invalid syntax, it may throw a SyntaxError.

The syntax follows Authorization ABNF.

import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() => parseAuthorization("<invalid>"));

Semantic error

In case of semantic errors, throw an Error.

  • If there is a duplicate key(case insensitive) in auth-param
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() =>
  parseAuthorization("scheme duplicate=value, Duplicate=value")
);

Serialization

Serialize Authorization into string.

import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";

assertEquals(
  stringifyAuthorization({ authScheme: "Basic", params: "token68==" }),
  "Basic token68",
);
assertEquals(
  stringifyAuthorization({
    authScheme: "Bearer",
    params: { realm: `"Secure area"`, error: `"invalid_token"` },
  }),
  `Bearer realm="Secure area", error="invalid_token"`,
);

Error

Throws an error in the following cases:

import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() =>
  stringifyAuthorization({ authScheme: "<invalid:auth-scheme>" })
);
assertThrows(() =>
  stringifyAuthorization({ authScheme: "<valid>", params: "<invalid:token68>" })
);
assertThrows(() =>
  stringifyAuthorization({
    authScheme: "<valid>",
    params: { "<invalid:token>": "<valid>" },
  })
);
assertThrows(() =>
  stringifyAuthorization({
    authScheme: "<valid>",
    params: { "<valid>": "<invalid:token|quoted-string>" },
  })
);
assertThrows(() =>
  stringifyAuthorization({
    authScheme: "<valid>",
    params: { "<duplicate>": "<valid>", "<DUPLICATE>": "<valid>" },
  })
);

Authorization

Authorization is following structure:

Name Type Description
authScheme string Authentication scheme.
params Token68 | AuthParams | null token68 or auth-param.

Token68

It is the same as string.

The token68 syntax allows the 66 unreserved URI characters, plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding, with or without padding, but excluding whitespace.

AuthParams

It is name/value pairs.

interface AuthParams {
  readonly [k: string]: string;
}

Compatibility

parser and serializer are compatible with RFC 9110, 11.3. Challenge and Response and RFC 9110, 11.4. Credentials syntax and can be used in the same way.

API

All APIs can be found in the deno doc.

License

Copyright © 2023-present httpland.

Released under the MIT license