This package contains an implementation of a very simple MinAuth plugin. It functions as a proof-of-concept and an example of how to build a MinAuth plugin. It uses MINA's o1js library for its zero-knowledge proof part.

In essence the use of the plugin is equivalent to a standard hashed password approach, where server does not learn the password, but instead accepts its hash. Additionally the server/verifier part of the plugin is configured with a set of roles/accounts/acl scopes tied to hashes and if given valid proof of knowledge of a preimage of one the hashes it confirms and informs the server about the valid assumption of the role. The hash uses Poseidon.hash hashing function widely used in o1js.

/**
 * The plugin configuration schema.
 */
export const rolesSchema = z.record(
  /** Hash preimage of which is used to authorize operations */
  z.string(),
  /** An auxilliary name for the hash - for example
   *  a name of a role in the system */
  z.string()
);

export const configurationSchema = z
  .object({
    roles: rolesSchema
  })
  .or(
    z.object({
      /** Alternatively, the "roles" can be loaded from a file */
      loadRolesFrom: z.string()
    })
  );

The plugin configuration is either a direct mapping of roles or a path to a file storing the mapping.

The roles mapping can change over-time so previously accepted proofs can get outdated and invalid. MinAuth plugins support revocation of output. This plugin will revoke any output that considered a hash that is no longer resolves to the same role (or is no longer present in the mapping.)