authorization-parser
HTTP Authorization field parser and serializer.
Compliant with RFC 9110, 11.6.2. Authorization.
Parsing
Parse string into Authorization.
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
const result = parseAuthorization("Basic token68");
assertEquals(parseAuthorization("Basic token68"), {
authScheme: "Basic",
params: "token68",
});
assertEquals(
parseAuthorization(`Bearer realm="example", error="invalid_token"`),
{
authScheme: "Bearer",
params: {
realm: `"example"`,
error: `"invalid_token"`,
},
},
);Throwing error
In the following cases, throws an error.
- Syntax error
- Semantic error
Syntax error
If field value has an invalid syntax, it may throw a SyntaxError.
The syntax follows Authorization ABNF.
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => parseAuthorization("<invalid>"));Semantic error
In case of semantic errors, throw an Error.
- If there is a duplicate key(case insensitive) in auth-param
import { parseAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/parse.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() =>
parseAuthorization("scheme duplicate=value, Duplicate=value")
);Serialization
Serialize Authorization into string.
import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
assertEquals(
stringifyAuthorization({ authScheme: "Basic", params: "token68==" }),
"Basic token68",
);
assertEquals(
stringifyAuthorization({
authScheme: "Bearer",
params: { realm: `"Secure area"`, error: `"invalid_token"` },
}),
`Bearer realm="Secure area", error="invalid_token"`,
);Error
Throws an error in the following cases:
-
authSchemeis invalid auth-scheme -
paramsis invalid token68 -
paramskey is invalid token -
paramsvalue is invalid token or quoted-string - There is a duplication in
paramskeys(case-insensitive)
import { stringifyAuthorization } from "https://deno.land/x/authorization_parser@$VERSION/stringify.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() =>
stringifyAuthorization({ authScheme: "<invalid:auth-scheme>" })
);
assertThrows(() =>
stringifyAuthorization({ authScheme: "<valid>", params: "<invalid:token68>" })
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<invalid:token>": "<valid>" },
})
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<valid>": "<invalid:token|quoted-string>" },
})
);
assertThrows(() =>
stringifyAuthorization({
authScheme: "<valid>",
params: { "<duplicate>": "<valid>", "<DUPLICATE>": "<valid>" },
})
);Authorization
Authorization is following structure:
| Name | Type | Description |
|---|---|---|
| authScheme | string |
Authentication scheme. |
| params |
Token68 | AuthParams | null
|
token68 or auth-param. |
Token68
It is the same as string.
The token68 syntax allows the 66 unreserved URI characters, plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding, with or without padding, but excluding whitespace.
AuthParams
It is name/value pairs.
interface AuthParams {
readonly [k: string]: string;
}Compatibility
parser and serializer are compatible with RFC 9110, 11.3. Challenge and Response and RFC 9110, 11.4. Credentials syntax and can be used in the same way.
API
All APIs can be found in the deno doc.
License
Copyright © 2023-present httpland.
Released under the MIT license