geoffsee/open-web-agent-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c46e7b2fc3b74cd7d81d448bf0b50b71c0ac8d0
open-web-agent-rs/docs/tokens.md
geoffsee 66d3c06230 init
2025-05-23 09:48:26 -04:00

77 lines
2.4 KiB
Markdown
Raw Blame History

# Authentication System Documentation
## Overview
This document outlines the token-based authentication system used in web-agent-rs. The system uses FIPS204 signatures to
generate secure session tokens containing user data.
## Core Components
TODO: In the meantime, here's some hamfisted knowledge.
```javascript
class FIPS204KeyPair {
constructor() {
this.publicKey = "FIPS204_PUBLIC_KEY"; // Placeholder
this.privateKey = "FIPS204_PRIVATE_KEY"; // Placeholder
}
sign(data) {
// Placeholder for actual FIPS204 signing logic
return `FIPS204_${data}_SIGNED`;
}
verify(data, signature) {
// Placeholder for actual FIPS204 verification
return true;
}
}
/* NOTES:
- the public key needs to be retrievable, so it can be used to verify payload signature at the time of the request.
- the private key is disposed so it can't be used to create more signatures
- future tokens should use a completely new keypair
- The fips204 authentication scheme was selected for its performance, flexibility, and key-length.
- It would be wise to configure additional protections like ip whitelisting and rate limiting.
*/
// User object representing token payload data
const user = {
sub: "user123",
name: "John Doe",
email: "john@example.com",
roles: ["user"],
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + (60 * 60) // 1 hour from now
};
const keyPair = new FIPS204KeyPair();
const signature = keyPair.sign(JSON.stringify(user));
function createToken(payload, signature) {
const encodedPayload = Buffer.from(JSON.stringify(payload)).toString('base64');
const encodedSignature = Buffer.from(signature).toString('base64');
return `${encodedPayload}.${encodedSignature}`;
}
const token = createToken(user, signature);
async function createStreamRequest(eventHost = "https://agent.example.com") {
const requestParams = {
// will automagically include the session token as a cookie, where it will be parsed by the agent server
credentials: "include"
}
const response = await fetch(eventHost, requestParams);
const {streamId} = await response.json();
// This stream id is then supplied as a path parameter to stream, the token is validated to ensure the stream belongs to the user, and the stream is returned.
return streamId;
}
```
Reference in New Issue View Git Blame Copy Permalink