/** * This module is a plugin for the [Seald SDK : `@seald-io/sdk`](https://www.npmjs.com/package/@seald-io/sdk). * * The [`@seald-io/sdk-plugin-ssks-password`](https://www.npmjs.com/package/@seald-io/sdk-plugin-ssks-password) module * allows to use the SSKS key storage service to store Seald identities easily and securely, encrypted by a user * password. * * This module exposes {@link default | a function}, that takes `keyStorageURL` as argument, and returns a `SDKPlugin` * which can be passed to the `SealdSDK` constructor. * * When the Seald SDK is passed this plugin, the SealdSDK instance is modified to have a `ssksPassword` property, which * exposes the {@link SSKSPassword | `SSKSPassword` interface}. * * Example: * ```javascript * import SealdSDK from '@seald-io/sdk' * import SealdSDKPluginSSKSPassword from '@seald-io/sdk-plugin-ssks-password' * * const seald = SealdSDK({ * appId, * apiURL, * plugins: [SealdSDKPluginSSKSPassword(keyStorageURL)] // passing the plugin to SealdSDK * }) * await seald.initialize() * * // Creating a Seald identity * await seald.initiateIdentity({ signupJWT }) * // The SealdSDK instance now has a `ssksPassword` property : we can use `saveIdentity` * await seald.ssksPassword.saveIdentity({ userId, password }) * ``` * @module */ import { KeyStorePassword } from './keyStorage'; import type { SDKPlugin, AccountInfo } from '@seald-io/sdk/lib/main'; export { KeyStorePassword }; export interface SSKSPassword { /** * keyStorageURL with which this plugin instance was created. * URL of the SSKS Identity Key Storage to which it should connect. */ keyStorageURL: string; /** * Manual SSKS Identity Key Storage interface. For advanced use. */ keyStore: KeyStorePassword; /** * Save the Seald account to SSKS. * * You must either pass the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * * Returns the SSKS ID of the stored identity, which can be used by your backend to manage it. * @param {Object} args * @param {string} args.userId - The unique ID of the current user inside your app. It will be used to identify this user. Max 64 characters long. * @param {string} args.password - The user's password. It will be used to encrypt / decrypt the stored identity keys. You must set either the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * @param {string} args.rawStorageKey - The key under which identity keys are stored. This *MUST* be a secret known only to this user of your app, and never to other users, as learning it will allow deleting the stored identities. Useful to change if you want to store multiple identities for the same `userId`. Allowed characters : `A-Za-z0-9+/=-_@.`. Max length is 256 characters. You must set either the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * @param {string} args.rawEncryptionKey - The raw encryption key used to encrypt / decrypt the stored identity keys. This *MUST* be the Base64 string encoding of a cryptographically random buffer of 64 bytes. You must set either the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * @param {Buffer | Uint8Array | ArrayBuffer} args.identity - Optional, the identity to save. If no identity is given, current one is saved. * @return {Promise} */ saveIdentity(args: { userId: string; password?: string; rawStorageKey?: string; rawEncryptionKey?: string; identity?: Buffer | Uint8Array | ArrayBuffer; }): Promise; /** * Retrieve the Seald account previously created with `initiateIdentity`. * * You must either pass the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * * If you use an incorrect password multiple times, the server may throttle your requests. * In this case, you will receive an error `Request throttled, retry after {N}s`, with `{N}` the number of seconds * during which you cannot try again. * @param {Object} args * @param {string} args.userId - The unique ID of the current user inside your app. It will be used to identify this user. Max 64 characters long. * @param {string} args.password - The user's password. It will be used to encrypt / decrypt the stored identity keys. You must set either the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * @param {string} args.rawStorageKey - The key under which identity keys are stored. This *MUST* be a secret known only to this user of your app, and never to other users, as learning it will allow deleting the stored identities. Useful to change if you want to store multiple identities for the same `userId`. Allowed characters : `A-Za-z0-9+/=-_@.`. Max length is 256 characters. You must set either the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * @param {string} args.rawEncryptionKey - The raw encryption key used to encrypt / decrypt the stored identity keys. This *MUST* be the Base64 string encoding of a cryptographically random buffer of 64 bytes. You must set either the `password` argument, or both `rawStorageKey` and `rawEncryptionKey`. * @return {Promise} */ retrieveIdentity(args: { userId: string; password?: string; rawStorageKey?: string; rawEncryptionKey?: string; }): Promise; /** * Change the password of a Seald account. * * Warning: this will change the SSKS ID of the stored identity. * Returns the new SSKS ID of the stored identity, or `null` if the password was not changed (in case `newPassword === currentPassword`). * @param {Object} args * @param {string} args.userId - The unique ID of the current user inside your app. It will be used to identify this user. Max 64 characters long. * @param {string} args.currentPassword - The user's current password. * @param {string} args.newPassword - The next password * @return {Promise} */ changeIdentityPassword(args: { userId: string; currentPassword: string; newPassword: string; }): Promise; } declare module '@seald-io/sdk/lib/main' { interface SealdSDK { ssksPassword: SSKSPassword; } } /** * @param keyStorageURL - Optional. URL of the SSKS server to use. Defaults to 'https://ssks.seald.io/'. */ declare const _default: (keyStorageURL?: string) => SDKPlugin; export default _default;