Browser should generate a Gaia association token when signing in

[jcnelson]

As we work towards adding support for private, user-owned Gaia hubs, we need to make sure that when the user signs into the application, the Browser generates a Gaia association token and passes it in on the authResponse JWT. This is necessary for operating private hubs that only accept writes from the user.

Specifically, the call to makeAuthResponse() here needs to pass in an association token.

You can make an association token using this method:

export function makeAssociationToken(appPrivateKey: string, identityKey: string) : string {
  const appPublicKey = getPublicKeyFromPrivateKey(`${canonicalPrivateKey(appPrivateKey)}01`)

  // replace this with whatever timeout is appropriate -- say, a year
  const FOUR_MONTH_SECONDS = 60 * 60 * 24 * 31 * 4
  const salt = crypto.randomBytes(16).toString('hex')
  const identityPublicKey = getPublicKeyFromPrivateKey(identityKey)
  const associationTokenClaim = {
    childToAssociate: appPublicKey,
    iss: identityPublicKey,
    exp: FOUR_MONTH_SECONDS + (new Date()/1000),
    salt 
  }
  const associationToken = new jsontokens.TokenSigner('ES256K', identityKey)
    .sign(associationTokenClaim)
  return associationToken
}

export function canonicalPrivateKey(privkey: string) : string {
  if (privkey.length == 66 && privkey.slice(-2) === '01') {
    return privkey.substring(0,64);
  }
  return privkey;
}

(While we're at it, the call to makeAuthResponse() should also pass in URL to the user's desired Core node).

[markmhx]

@hstove I'm not sure this issue is strictly required by OKR 5.4, is it? I believe the OKR only calls for public hub support.

[moxiegirl]

From GAIA bug review: This is important for when people are installing their own hubs.

[jcnelson]

Is this something we can address this quarter?

[jcnelson]

Fixed in #1830