Provides methods for creating, validating and reading the security tokens used in daemon applications for authentication and authorization.

Usage

Each token is addressed to an audience aud who uses it for authentication and authorization:

const party = token.getParty() // This will be you.

Each token is generated by a counterparty sub, whose public key is used to validate the signature:

const counterparty = token.getSub() // Do you allow requests from this daemon or system?

Each token is generated by the counterparty from an HTML app src, identified by URL:

const appUrl = token.getSourceUrl() // Do you allow requests from this page?

Each token requests capabilities on other HTML apps installed on the party, identified by URL:

const sources = token.getSources()  // Does this include the URL of your app?

For each HTML source, the requested capabilities can be retrieved:

const capabilities = token.getCapabilities(sourceUrl) // Does this include the capability you offer?