From 816485cdc420161ecd379357287f604423cd3363 Mon Sep 17 00:00:00 2001 From: Nicolas Mattia Date: Fri, 5 Jan 2024 13:46:04 +0100 Subject: [PATCH] Replace jose with custom Base64UrlEncode This drops the `jose` dependency in the main II codebase to instead use the browser's `btoa` base64 support with a few tweaks to URL encode in a JWT-friendly way. --- package-lock.json | 14 -------------- package.json | 1 - .../src/flows/verifiableCredentials/index.ts | 17 ++++++++++++++--- 3 files changed, 14 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index d81eeb63cd..85bf9f0ad2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,7 +18,6 @@ "buffer": "^6.0.3", "dompurify": "^3.0.6", "idb-keyval": "^6.2.1", - "jose": "^5.1.3", "lit-html": "^2.7.2", "marked": "^11.0.0", "process": "^0.11.10", @@ -8416,14 +8415,6 @@ "url": "https://github.com/chalk/supports-color?sponsor=1" } }, - "node_modules/jose": { - "version": "5.1.3", - "resolved": "https://registry.npmjs.org/jose/-/jose-5.1.3.tgz", - "integrity": "sha512-GPExOkcMsCLBTi1YetY2LmkoY559fss0+0KVa6kOfb2YFe84nAM7Nm/XzuZozah4iHgmBGrCOHL5/cy670SBRw==", - "funding": { - "url": "https://github.com/sponsors/panva" - } - }, "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -21132,11 +21123,6 @@ } } }, - "jose": { - "version": "5.1.3", - "resolved": "https://registry.npmjs.org/jose/-/jose-5.1.3.tgz", - "integrity": "sha512-GPExOkcMsCLBTi1YetY2LmkoY559fss0+0KVa6kOfb2YFe84nAM7Nm/XzuZozah4iHgmBGrCOHL5/cy670SBRw==" - }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", diff --git a/package.json b/package.json index 79ddc49a66..a15153f9dc 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,6 @@ "buffer": "^6.0.3", "dompurify": "^3.0.6", "idb-keyval": "^6.2.1", - "jose": "^5.1.3", "lit-html": "^2.7.2", "marked": "^11.0.0", "process": "^0.11.10", diff --git a/src/frontend/src/flows/verifiableCredentials/index.ts b/src/frontend/src/flows/verifiableCredentials/index.ts index d9c21f9015..8d62ad1aa2 100644 --- a/src/frontend/src/flows/verifiableCredentials/index.ts +++ b/src/frontend/src/flows/verifiableCredentials/index.ts @@ -17,7 +17,6 @@ import { ECDSAKeyIdentity, } from "@dfinity/identity"; import { isNullish, nonNullish } from "@dfinity/utils"; -import { base64url } from "jose"; import { abortedCredentials } from "./abortedCredentials"; import { allowCredentials } from "./allowCredentials"; import { VcVerifiablePresentation, vcProtocol } from "./postMessageInterface"; @@ -374,6 +373,18 @@ const authenticateForIssuer = async ({ return { ok: DelegationIdentity.fromDelegation(tempIdentity, delegations) }; }; +// Perform a "base64url" encoding, i.e. a URL-friendly variation of base64 encoding +const base64UrlEncode = (x: unknown): string => { + const json = JSON.stringify(x); + // Pretend the json is binary and use btoa (binary-to-ascii as base64) to base64 encode + const b64 = btoa(json); + // make it URL friendly: + // '=': used as padding, just remove + // '/': Base64Url as per jwt.io's playgrond replaces it with '_' + // '+': Base64Url as per jwt.io's playgrond replaces it with '-' + return b64.replace(/=+$/, "").replace("/", "_").replace("+", "-"); +}; + // Create the final presentation (to be then returned to the RP) const createPresentation = ({ issuerCanisterId, @@ -399,8 +410,8 @@ const createPresentation = ({ }, }; - const header = base64url.encode(JSON.stringify(headerObj)); - const payload = base64url.encode(JSON.stringify(payloadObj)); + const header = base64UrlEncode(headerObj); + const payload = base64UrlEncode(payloadObj); // NOTE: the JWT is not signed, as per the spec const signature = "";