authorization-parser

HTTP Authorization field parser and serializer.

Compliant with RFC 9110, 11.6.2. Authorization.

Parsing

Parse string into Authorization.

import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";

const result = parseAuthorization("Basic token68");

assertEquals(parseAuthorization("Basic token68"), {
  authScheme: "Basic",
  params: "token68",
});
assertEquals(
  parseAuthorization(`Bearer realm="example", error="invalid_token"`),
  {
    authScheme: "Bearer",
    params: {
      realm: `"example"`,
      error: `"invalid_token"`,
    },
  },
);

Throwing error

In the following cases, throws an error.

• Syntax error
• Semantic error

Syntax error

If field value has an invalid syntax, it may throw a SyntaxError.

The syntax follows Authorization ABNF.

import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() => parseAuthorization("<invalid>"));

Semantic error

In case of semantic errors, throw an Error.

• If there is a duplicate key(case insensitive) in auth-param

import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() =>
  parseAuthorization("scheme duplicate=value, Duplicate=value")
);

Serialization

Serialize Authorization into string.

import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";

assertEquals(
  stringifyAuthorization({ authScheme: "Basic", params: "token68==" }),
  "Basic token68",
);
assertEquals(
  stringifyAuthorization({
    authScheme: "Bearer",
    params: { realm: `"Secure area"`, error: `"invalid_token"` },
  }),
  `Bearer realm="Secure area", error="invalid_token"`,
);

Error

Throws an error in the following cases:

• authScheme is invalid auth-scheme
• params is invalid token68
• params key is invalid token
• params value is invalid token or quoted-string
• There is a duplication in params keys(case-insensitive)

import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() =>
  stringifyAuthorization({ authScheme: "<invalid:auth-scheme>" })
);
assertThrows(() =>
  stringifyAuthorization({ authScheme: "<valid>", params: "<invalid:token68>" })
);
assertThrows(() =>
  stringifyAuthorization({
    authScheme: "<valid>",
    params: { "<invalid:token>": "<valid>" },
  })
);
assertThrows(() =>
  stringifyAuthorization({
    authScheme: "<valid>",
    params: { "<valid>": "<invalid:token|quoted-string>" },
  })
);
assertThrows(() =>
  stringifyAuthorization({
    authScheme: "<valid>",
    params: { "<duplicate>": "<valid>", "<DUPLICATE>": "<valid>" },
  })
);

Authorization

Authorization is following structure:

Name	Type	Description
authScheme	string	Authentication scheme.
params	Token68 | AuthParams | null	token68 or auth-param.

Token68

It is the same as string.

The token68 syntax allows the 66 unreserved URI characters, plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding, with or without padding, but excluding whitespace.

AuthParams

It is name/value pairs.

interface AuthParams {
  readonly [k: string]: string;
}

Compatibility

parser and serializer are compatible with RFC 9110, 11.3. Challenge and Response and RFC 9110, 11.4. Credentials syntax and can be used in the same way.

API

All APIs can be found in the deno doc.

License

Copyright © 2023-present httpland.

Released under the MIT license