feat: Bearer token support

src/authentication/BearerWebIdExtractor.ts

@@ -0,0 +1,42 @@
+import type { SolidTokenVerifierFunction } from 'ts-dpop';
+import { createSolidTokenVerifier } from 'ts-dpop';
+import { getLoggerFor } from '../logging/LogUtil';
+import type { HttpRequest } from '../server/HttpRequest';
+import { BadRequestHttpError } from '../util/errors/BadRequestHttpError';
+import { NotImplementedHttpError } from '../util/errors/NotImplementedHttpError';
+import type { Credentials } from './Credentials';
+import { CredentialsExtractor } from './CredentialsExtractor';
+
+/**
+ * Credentials extractor that extracts a WebID from a Bearer access token.
+ */
+export class BearerWebIdExtractor extends CredentialsExtractor {
+  protected readonly logger = getLoggerFor(this);
+  private readonly verify: SolidTokenVerifierFunction;
+
+  public constructor() {
+    super();
+    this.verify = createSolidTokenVerifier();
+  }
+
+  public async canHandle({ headers }: HttpRequest): Promise<void> {
+    const { authorization } = headers;
+    if (!authorization || !authorization.startsWith('Bearer ')) {
+      throw new NotImplementedHttpError('No Bearer Authorization header specified.');
+    }
+  }
+
+  public async handle(request: HttpRequest): Promise<Credentials> {
+    const { headers: { authorization }} = request;
+
+    try {
+      const { webid: webId } = await this.verify(authorization as string);
+      this.logger.info(`Verified WebID via Bearer access token: ${webId}`);
+      return { webId };
+    } catch (error: unknown) {
+      const message = `Error verifying WebID via Bearer access token: ${(error as Error).message}`;
+      this.logger.warn(message);
+      throw new BadRequestHttpError(message);
+    }
+  }
+}

src/authentication/DPoPWebIdExtractor.ts

@@ -1,4 +1,4 @@
-import type { RequestMethod, SolidTokenVerifierFunction } from 'ts-dpop';
+import type { SolidTokenVerifierFunction, RequestMethod } from 'ts-dpop';
 import { createSolidTokenVerifier } from 'ts-dpop';
 import type { TargetExtractor } from '../ldp/http/TargetExtractor';
 import { getLoggerFor } from '../logging/LogUtil';
@@ -9,7 +9,7 @@ import type { Credentials } from './Credentials';
 import { CredentialsExtractor } from './CredentialsExtractor';
 
 /**
- * Credentials extractor which extracts a WebID from a DPoP token.
+ * Credentials extractor that extracts a WebID from a DPoP-bound access token.
  */
 export class DPoPWebIdExtractor extends CredentialsExtractor {
   protected readonly logger = getLoggerFor(this);
@@ -39,11 +39,12 @@ export class DPoPWebIdExtractor extends CredentialsExtractor {
     try {
       const { webid: webId } = await this.verify(
         authorization as string,
-        dpop as string,
-        method as RequestMethod,
-        resource.path,
+        {
+          header: dpop as string,
+          method: method as RequestMethod,
+          url: resource.path,
+        },
       );
-
       this.logger.info(`Verified WebID via DPoP-bound access token: ${webId}`);
       return { webId };
     } catch (error: unknown) {