A TypeScript Origin for the Privacy Pass Authentication Protocol
OTHER License
This Worker implements the challenge and redemption protocols in Privacy Pass. A live demonstration of this worker can be found here.
The test server has two HTTP endpoints:
GET /login
: This API will return a static HTML page representing the application, which is a simple (and non-functional) login form. It also returns a WWW-Authenticate: PrivateToken
challenge as defined by Privacy Pass authentication.GET /login (+Authorization: PrivateToken)
: This API is used by the application for performing a "login" request. Clients will interact with this API upon submitting the login form details.
When verifying Privacy Pass tokens, the server will first fetch the token verification key from the issuer (as identified by ISSUER_NAME
).
That's it!
To deploy and interact with this test server, you need to configure the following Cloudflare Worker variables:
The test server uses existing APIs for creating Privacy Pass token challenges and verifying the resulting tokens. For example, when verifying a token, one can use standard WebCrypto APIs for verifying the Token signature against the Issuer's public key.