fix(auth): add clientKeyId to context (#769)

interledger · Nov 22, 2022 · 632bdfb · 632bdfb
1 parent 1e2b524
commit 632bdfb
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/packages/auth/src/signature/middleware.test.ts b/packages/auth/src/signature/middleware.test.ts
@@ -249,6 +249,7 @@ describe('Signature Service', (): void => {
       await grantInitiationHttpsigMiddleware(ctx, next)
 
       expect(ctx.response.status).toEqual(200)
+      expect(ctx.clientKeyId).toEqual(testClientKey.kid)
       expect(next).toHaveBeenCalled()
 
       scope.done()
@@ -279,6 +280,7 @@ describe('Signature Service', (): void => {
 
       await grantContinueHttpsigMiddleware(ctx, next)
       expect(ctx.response.status).toEqual(200)
+      expect(ctx.clientKeyId).toEqual(testClientKey.kid)
       expect(next).toHaveBeenCalled()
 
       scope.done()
@@ -314,6 +316,7 @@ describe('Signature Service', (): void => {
 
       expect(next).toHaveBeenCalled()
       expect(ctx.response.status).toEqual(200)
+      expect(ctx.clientKeyId).toEqual(testClientKey.kid)
 
       scope.done()
     })

diff --git a/packages/auth/src/signature/middleware.ts b/packages/auth/src/signature/middleware.ts
@@ -44,13 +44,12 @@ export async function verifySigAndChallenge(
 
 async function verifySigFromClient(
   client: string,
-  keyId: string,
   ctx: HttpSigContext
 ): Promise<boolean> {
   const clientService = await ctx.container.use('clientService')
   const clientKey = await clientService.getKey({
     client,
-    keyId
+    keyId: ctx.clientKeyId
   })
 
   if (!clientKey) {
@@ -65,12 +64,12 @@ async function verifySigFromBoundKey(
   ctx: HttpSigContext
 ): Promise<boolean> {
   const sigInput = ctx.headers['signature-input'] as string
-  const keyId = getSigInputKeyId(sigInput)
-  if (keyId !== grant.clientKeyId) {
+  ctx.clientKeyId = getSigInputKeyId(sigInput)
+  if (ctx.clientKeyId !== grant.clientKeyId) {
     ctx.throw(401, 'invalid signature input', { error: 'invalid_request' })
   }
 
-  return verifySigFromClient(grant.client, keyId, ctx)
+  return verifySigFromClient(grant.client, ctx)
 }
 
 // TODO: Replace with public httpsig library
@@ -238,12 +237,12 @@ export async function grantInitiationHttpsigMiddleware(
   const { body } = ctx.request
 
   const sigInput = ctx.headers['signature-input'] as string
-  const keyId = getSigInputKeyId(sigInput)
-  if (!keyId) {
+  ctx.clientKeyId = getSigInputKeyId(sigInput)
+  if (!ctx.clientKeyId) {
     ctx.throw(401, 'invalid signature input', { error: 'invalid_request' })
   }
 
-  await verifySigFromClient(body.client, keyId, ctx)
+  await verifySigFromClient(body.client, ctx)
   await next()
 }