New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
uport - npm Package Compare versions
Comparing version 0.6.0 to 0.6.1
@@ -104,4 +104,7 @@ 'use strict'; | ||
| * @param {Array} params.requested an array of attributes for which you are requesting credentials to be shared for | ||
| * @param {Array} params.verified an array of attributes for which you are requesting verified credentials to be shared for | ||
| * @param {Boolean} params.notifications boolean if you want to request the ability to send push notifications | ||
| * @param {String} params.callbackUrl the url which you want to receive the response of this request | ||
| * @param {Boolean} params.notifications boolean if you want to request the ability to send push notifications | ||
| * @param {String} params.network_id network id of Ethereum chain of identity eg. 0x4 for rinkeby | ||
| * @param {String} params.accountType Ethereum account type: "general", "segregated", "keypair", "devicekey" or "none" | ||
| * @return {Promise<Object, Error>} a promise which resolves with a signed JSON Web Token or rejects with an error | ||
@@ -132,2 +135,5 @@ */ | ||
| } | ||
| if (params.accountType && ['general', 'segregated', 'keypair', 'devicekey', 'none'].indexOf(params.accountType) >= 0) { | ||
| payload.act = params.accountType; | ||
| } | ||
| if (params.exp) { | ||
@@ -134,0 +140,0 @@ //checks for expiration on requests, if none is provided the default is 10 min |
| { | ||
| "name": "uport", | ||
| "version": "0.6.0", | ||
| "version": "0.6.1", | ||
| "description": "Library for interacting with uport profiles and attestations", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
@@ -69,4 +69,7 @@ import { createJWT, verifyJWT } from './JWT' | ||
| * @param {Array} params.requested an array of attributes for which you are requesting credentials to be shared for | ||
| * @param {Array} params.verified an array of attributes for which you are requesting verified credentials to be shared for | ||
| * @param {Boolean} params.notifications boolean if you want to request the ability to send push notifications | ||
| * @param {String} params.callbackUrl the url which you want to receive the response of this request | ||
| * @param {Boolean} params.notifications boolean if you want to request the ability to send push notifications | ||
| * @param {String} params.network_id network id of Ethereum chain of identity eg. 0x4 for rinkeby | ||
| * @param {String} params.accountType Ethereum account type: "general", "segregated", "keypair", "devicekey" or "none" | ||
| * @return {Promise<Object, Error>} a promise which resolves with a signed JSON Web Token or rejects with an error | ||
@@ -91,2 +94,6 @@ */ | ||
| } | ||
| if (params.accountType | ||
| && ['general', 'segregated', 'keypair', 'devicekey', 'none'].indexOf(params.accountType) >= 0) { | ||
| payload.act = params.accountType | ||
| } | ||
| if (params.exp) { //checks for expiration on requests, if none is provided the default is 10 min | ||
@@ -93,0 +100,0 @@ payload.exp = params.exp |
@@ -20,5 +20,7 @@ | ||
| credentials.attest({ | ||
| sub: '2ovkMrL4jxwRbr1ia9CUUMN5TddtBx9zKmN', | ||
| sub: '2p13BzDJcWpUhSaHVhfaJ1UaWB7P6WnfSXK', | ||
| exp: 1552046024, | ||
| claim: {'Custom Attestation' : 'Custom Value'} | ||
| claim: {'My Title' : {'KeyOne' : 'ValueOne', 'KeyTwo' : 'Value2', 'Last Key' : 'Last Value'} } | ||
| // Note, the above is a complex claim. Also supported are simple claims: | ||
| // claim: {'Key' : 'Value'} | ||
| }).then(function (att) { | ||
@@ -29,5 +31,5 @@ console.log(att) | ||
| var qrurl = 'http://chart.apis.google.com/chart?cht=qr&chs=400x400&chl=' + uri | ||
| var mobileUrl = 'https://id.uport.me/add?attestations=' + att + '&callback_url=https://www.google.com' | ||
| var mobileUrl = 'https://id.uport.me/add?attestations=' + att | ||
| console.log(uri) | ||
| res.send('<div><img src=' + qrurl + '></img></div><div><a href=' + mobileUrl + '>Click here if on mobile (Not implemented yet!)</a></div>') | ||
| res.send('<div><img src=' + qrurl + '></img></div><div><a href=' + mobileUrl + '>Click here if on mobile</a></div>') | ||
| }) | ||
@@ -34,0 +36,0 @@ }) |
@@ -25,5 +25,5 @@ | ||
| credentials.createRequest({ | ||
| verified: ['Custom Attestation'], | ||
| callbackUrl: 'http://192.168.1.9:8081/callback', | ||
| exp: new Date().getTime() + 60000 | ||
| verified: ['My Title'], | ||
| callbackUrl: 'http://192.168.1.14:8081/callback', | ||
| exp: Math.floor(new Date().getTime()/1000) + 300 | ||
| }).then( function(requestToken) { | ||
@@ -48,3 +48,5 @@ var uri = 'me.uport:me?requestToken=' + requestToken | ||
| creds.verified[0].iss == '2od4Re9CL92phRUoAhv1LFcFkx2B9UAin92' && | ||
| creds.verified[0].claim['Custom Attestation'] === 'Custom Value') | ||
| creds.verified[0].claim['My Title']['KeyOne'] === 'ValueOne' && | ||
| creds.verified[0].claim['My Title']['KeyTwo'] === 'Value2' && | ||
| creds.verified[0].claim['My Title']['Last Key'] === 'Last Value') | ||
| { | ||
@@ -51,0 +53,0 @@ console.log('Credential verified.'); |
@@ -19,3 +19,3 @@ # Server-side Credentials | ||
| We then create a `Credentials` object using the signer and the uPort identifier of our app that we got from the App Manager: | ||
| We then create a `Credentials` object using the signer and the uPort identifier of our app that we got from the App Manager (or the default identity): | ||
@@ -30,9 +30,9 @@ ```js | ||
| When we hit the default route using `app.get('/')` we will call `credentials.attest()` in order to sign the credential. For the fields of the credential, the `sub` field is the subject. Set this to the uPort Id of the user that is supposed to receive the credential. For testing purposes this would be the uPort identity shown on the mobile app of the reader. The `exp` field is the expiry of the token, in Unix time (seconds precision). As `claim` field, put your own custom object. We have here `{'Custom Attestation' : 'Custom Value'}` as an example. | ||
| When we hit the default route using `app.get('/')` we will call `credentials.attest()` in order to sign the credential. For the fields of the credential, the `sub` field is the subject. Set this to the uPort Id of the user that is supposed to receive the credential. For testing purposes this would be the uPort identity shown on the mobile app of the reader. The `exp` field is the expiry of the token, in Unix time (seconds precision). As `claim` field, put your own custom object. We show an example below. The format of the claim needs to be `{'Title': {'key':'value', 'another key': 'another value', ...}}` or simply `{'Title' : 'Value'}`. We do not support more nested claims at this time. | ||
| ```js | ||
| credentials.attest({ | ||
| sub: '2oVV33jifY2nPBLowRS8H7Rkh7fCUDN7hNb', | ||
| sub: '<uport Id of mobile app>', | ||
| exp: 1552046024, | ||
| claim: {'Custom Attestation' : 'Custom Value'} | ||
| claim: {'My Title' : {'KeyOne' : 'ValueOne', 'KeyTwo' : 'Value2', 'Last Key' : 'Last Value'}} | ||
| }) | ||
@@ -49,2 +49,4 @@ ``` | ||
| We also create a clickable link. If you click on this link in a mobile browser you will be taken to the uport iOS app. | ||
| When you're done editing the file you may run the Creator service like so: | ||
@@ -69,9 +71,9 @@ | ||
| We have an expiry field, denoted `exp`, which denotes how long the request will be valid. In our example we use 60 seconds (60000 milliseconds). This means that if the user waits longer than 60 seconds to provide the response their response will not be accepted as valid. | ||
| We have an expiry field, denoted `exp`, which represents the unix epoch when the request will expire. In our example we use 300 seconds (5 minutes) in the future. This means that if the user waits longer than 300 seconds to provide the response their response will not be accepted as valid. | ||
| ```js | ||
| credentials.createRequest({ | ||
| verified: ['Custom Attestation'], | ||
| verified: [<Title of the credential>], | ||
| callbackUrl: 'http://192.168.1.34:8081/callback', | ||
| exp: new Date().getTime() + 60000 | ||
| exp: Math.floor(new Date().getTime()/1000) + <expiry time in seconds> | ||
| }) | ||
@@ -94,3 +96,3 @@ ``` | ||
| Next we check that the issuer of the response token (i.e. the user) matches the subject (`sub` field) of the returned credential, that the issuer of the returned credential is the Creator App, and that the credential is of the type `Custom Attestation` with value `Custom Value`. | ||
| Next we check that the issuer of the response token (i.e. the user) matches the subject (`sub` field) of the returned credential, that the issuer of the returned credential is the Creator App, and that the credential has title `My Title` with the values defined by the Creator App. | ||
@@ -105,2 +107,2 @@ If everything checks out, you should see the output | ||
| To test out everything, try checking for a different attestation and make sure it fails. Also try waiting longer than 60 seconds before sending the response to see if it fails - it should throw an error in this case. | ||
| To test out everything, try checking for a different attestation and make sure it fails. Also try waiting until the request expires to make sure that the response fails - it should throw an error in this case. |
Sorry, the diff of this file is too big to display
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.19%
1267642
- Lines of code
- increased by0.06%
37790
- Number of medium supply chain risk alerts
- decreased by-33.33%
2
No dependency changes