@wireapp/core-crypto
    Preparing search index...

    Interface PkiEnvironmentHooks

    The PKI Environment Hooks used for external calls during e2e enrollment flow. When communicating with the Identity Provider (IDP) and Wire server, CoreCrypto delegates to the client app by calling the relevant methods.

    Client App CoreCrypto Acme IDP | | | | | X509CredentialAcquisition().finalize() | | |-------------------------->| | | | | GET acme/root.pem | | | |------------------------> | | | | 200 OK | | | |<------------------------ | | | authenticate() | | | |<--------------------------| | | | | Authentication flow | | | ----------------------------------------------------------------------------> | |<----------------------------------------------------------------------------- | | return Success [PKiEnvironmentHooks.authenticate()] | | |<--------------------------| | | | | (excluded several calls for brevity) | | return Success(Credential) [X509CredentialAcquisition().finalize()] | |<--------------------------| | |

    interface PkiEnvironmentHooks {
        authenticate(
            idp: string,
            keyAuth: string,
            acmeAud: string,
            asyncOpts_?: { signal: AbortSignal },
        ): Promise<string>;
        fetchBackendAccessToken(
            dpop: string,
            asyncOpts_?: { signal: AbortSignal },
        ): Promise<string>;
        getBackendNonce(asyncOpts_?: { signal: AbortSignal }): Promise<string>;
        httpRequest(
            method: HttpMethod,
            url: string,
            headers: HttpHeader[],
            body: ArrayBuffer,
            asyncOpts_?: { signal: AbortSignal },
        ): Promise<HttpResponse>;
    }
    Index

    Methods

    authenticate fetchBackendAccessToken getBackendNonce httpRequest

    Methods

    • Authenticate with the user's identity provider (IdP)

      The implementation should perform an [authentication using the authorization code flow] (https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) with the PKCE (https://www.rfc-editor.org/rfc/rfc7636) extension. As part of the authorization request, the implementation should specify key_auth and acme_aud claims, along with their values, in the claims parameter. This is to instruct the IdP to add the key_auth and acme_aud claims to the ID token that will be returned as part of the access token.

      Once the authentication is completed successfully, the implementation should request an access token from the IdP, extract the ID token from it and return it to the caller.

      Parameters

      • idp: string
      • keyAuth: string
      • acmeAud: string
      • OptionalasyncOpts_: { signal: AbortSignal }

      Returns Promise<string>

    • Fetch an access token to be used for the DPoP challenge (wire-dpop-01)

      The implementation should take the provided DPoP token (dpop) and make a request to the backend to obtain an access token, which should be returned to the caller.

      Parameters

      • dpop: string
      • OptionalasyncOpts_: { signal: AbortSignal }

      Returns Promise<string>

    • Get a nonce from the backend

      Parameters

      • OptionalasyncOpts_: { signal: AbortSignal }

      Returns Promise<string>

    • Make an HTTP request Used for requests to ACME servers, CRL distributors etc.

      Parameters

      • method: HttpMethod
      • url: string
      • headers: HttpHeader[]
      • body: ArrayBuffer
      • OptionalasyncOpts_: { signal: AbortSignal }

      Returns Promise<HttpResponse>

    Settings

    Member Visibility

    On This Page

    Methods