Skip to content

Commit 734837f

Browse files
Add JS usage example of making http requests.
Signed-off-by: Dmitri Zagidulin <dzagidulin@gmail.com>
1 parent e5a4b58 commit 734837f

1 file changed

Lines changed: 74 additions & 3 deletions

File tree

README.md

Lines changed: 74 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -197,8 +197,19 @@ Note: The RS is ultimately responsible for verifying and enforcing zCaps.
197197
A way to revoke (make invalid) a given zcap, after it was issued.
198198

199199
#### root zcap
200+
Using zCaps to make authorization-carrying HTTP requests is done in one of two
201+
modes: either using a [root capability](#root-zcap), or using a delegated
202+
capability.
203+
204+
Root zcaps are used in cases where full "admin" access is appropriate.
205+
All other zcaps are delegated by the agent holding a root zcap. Delegation
206+
is expressed in the [proof chain](#capability-chain-proof-chain) section of a
207+
zcap.
208+
209+
See [Creating a Root zCap](#creating-a-root-zcap)
200210

201211
#### signer
212+
See [Creating a did:key Signer Instance](https://github.com/digitalcredentials/wallet-attached-storage#creating-a-didkey-signer-instance)
202213

203214
#### target, invocation target
204215

@@ -271,9 +282,8 @@ Example root zcap:
271282
#### Delegating a zCap
272283

273284
```js
274-
import { ZcapClient } from '@digitalbazaar/ezcap';
275-
import { Ed25519Signature2020 } from '@digitalbazaar/ed25519-signature-2020';
276-
import { ZcapClient } from '@digitalbazaar/ezcap';
285+
import { Ed25519Signature2020 } from '@digitalcredentials/ed25519-signature-2020';
286+
import { ZcapClient } from '@digitalcredentials/ezcap';
277287

278288
const zcapClient = new ZcapClient({
279289
delegationSigner: capabilityDelegationKey.signer(),
@@ -370,6 +380,67 @@ Example zCap request:
370380

371381
## Using zCaps with HTTP Requests
372382

383+
### Code Examples
384+
385+
Although this guide goes into the details (below) of how to construct an HTTP
386+
request using zCaps for authorization, developers are likely to interact with
387+
zCaps using some sort of REST client with a wrapper that constructs the
388+
necessary headers.
389+
390+
Javascript example, using a [root capability](#root-zcap) to make requests.
391+
Note that to use a root zcap, the client needs to know just two things:
392+
393+
1. Which cryptographic key type to use (that's the `Ed25519Signature2020` suite)
394+
2. A [signer](#signer), which is an abstract handle to a signature function.
395+
Signers are either provisioned at config time (with a private key loaded from
396+
an environment secret), or, preferably, used via an HSM (Hardware Security
397+
Module).
398+
399+
```js
400+
import { Ed25519Signature2020 } from '@digitalcredentials/ed25519-signature-2020'
401+
import { ZcapClient } from '@digitalcredentials/ezcap'
402+
403+
const rootSigner = await loadOrConstructRootSigner()
404+
405+
// Construct a client, pass it the ability to sign requests (via invocationSigner)
406+
const zcapClient = new ZcapClient({
407+
SuiteClass: Ed25519Signature2020, invocationSigner: rootSigner
408+
})
409+
410+
// You can now perform authorization-carrying requests
411+
const url = 'https://example.com/api/protected-endpoint'
412+
413+
const response = await zcapClient.request({
414+
url, method: 'GET', action: 'GET'
415+
})
416+
console.log(response)
417+
```
418+
419+
When using a [delegated](#delegating-a-zcap) zcap, you will need to also include
420+
it in each request. Example:
421+
422+
```js
423+
const capability = await loadDelegatedCapabilityFromConfig()
424+
const invocationSigner = await loadSignerFromConfig()
425+
const zcapClient = new ZcapClient({
426+
SuiteClass: Ed25519Signature2020, invocationSigner
427+
})
428+
429+
// You can also include additional custom headers
430+
const response = await zcapClient.request({
431+
url, capability, headers,
432+
method: 'POST', action: 'POST', json: { hello: "world" }
433+
})
434+
console.log(response)
435+
```
436+
437+
### Constructing an HTTP Request Algorithm Overview
438+
439+
Note: This section is mostly for the benefit of zCap library implementers.
440+
Developers wishing to use zCaps to make requests are encouraged to use existing
441+
libraries whenever possible, such as the `@digitalcredentials/ezcap` Javascript
442+
library.
443+
373444
To create an authorized HTTP request by [invoking](#invocation-capability-invocation)
374445
a given zcap, follow this general algorithm:
375446

0 commit comments

Comments
 (0)