npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@auki/authentication

v0.1.0

Published

Auki Network authentication library for JavaScript/TypeScript (Browser & Node.js)

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jasonataukijasonataukiauki2auki2datavirusetdatavirusetshuning.aukishuning.auki

Keywords

aukiauthenticationwasmwebassemblyposemeshdds

Readme

@auki/authentication

Auki Network authentication library for JavaScript/TypeScript. Works in both Browser and Node.js environments.

This library provides authentication to the Auki Network's hierarchical authentication system:

  1. Network Authentication - Authenticate to the Auki API
  2. Discovery Authentication - Authenticate to the Discovery service
  3. Domain Access - Get access tokens for specific domains

Installation

npm install @auki/authentication

Or from a local package:

npm install /path/to/auki-authentication-0.1.0.tgz

Usage

There are two ways to use this library:

  1. High-level Client API (recommended) - Async/await API that handles HTTP requests automatically
  2. Low-level Bindings API - Sans-I/O core for custom HTTP client integration

1. High-Level Client API (Recommended)

The Client class provides a convenient async API that manages HTTP requests internally.

Quick Start

import { Client } from "@auki/authentication";

// Create client with configuration (async for Node.js)
const client = await Client.create({
  apiUrl: "https://api.aukiverse.com",
  refreshUrl: "https://api.aukiverse.com/user/refresh",
  ddsUrl: "https://dds.posemesh.org",
  clientId: "my-app",
});

// Set credentials
client.setCredentials({
  type: "email",
  email: "[email protected]",
  password: "secret",
});

// Get domain access - automatically handles full authentication chain!
const domainAccess = await client.getDomainAccess("my-domain-id");
console.log("Connected to:", domainAccess.domain_server.url);
console.log("Access token:", domainAccess.access_token);

Alternative: Use the convenience method to create a client with credentials in one step:

const client = await Client.withCredentials(
  { type: "email", email: "[email protected]", password: "secret" },
  {
    apiUrl: "https://api.aukiverse.com",
    refreshUrl: "https://api.aukiverse.com/user/refresh",
    ddsUrl: "https://dds.posemesh.org",
    clientId: "my-app",
  }
);

Basic Usage

import { Client } from "@auki/authentication";

// 1. Configure the client
const config = {
  apiUrl: "https://api.aukiverse.com",
  refreshUrl: "https://api.aukiverse.com/user/refresh",
  ddsUrl: "https://dds.posemesh.org",
  clientId: "my-app",
  refreshThresholdMs: 300000, // Optional: 5 minutes
};

// 2. Create client (async for Node.js)
const client = await Client.create(config);

// 3. Set credentials
const credentials =
  // Email/Password
  { type: "email", email: "[email protected]", password: "secret" };
// OR App Key
// { type: 'appKey', appKey: 'your-key', appSecret: 'your-secret' }
// OR Opaque Token
// { type: 'opaque', token: 'your-token', expiryMs: 1234567890 }
client.setCredentials(credentials);

try {
  // Get domain access - automatically handles the full chain:
  // 1. Network authentication (if needed)
  // 2. Discovery authentication (if needed)
  // 3. Domain access request
  const domainAccess = await client.getDomainAccess("my-domain-id");

  console.log("Domain access granted!");
  console.log("  Server:", domainAccess.domain_server.name);
  console.log("  URL:", domainAccess.domain_server.url);
  console.log("  Region:", domainAccess.domain_server.cloud_region);
  console.log("  Access Token:", domainAccess.access_token);
} catch (error) {
  console.error("Authentication failed:", error.message);
  if (error.retryable) {
    // This error can be retried
  }
}

Manual Step-by-Step (Optional)

For advanced use cases where you need explicit control over each step:

// Step 1: Authenticate to network only
const networkToken = await client.authenticate();
console.log("Network token expires at:", networkToken.expires_at);

// Step 2: Authenticate to discovery only
const discoveryToken = await client.authenticateDiscovery();
console.log("Discovery token expires at:", discoveryToken.expires_at);

// Step 3: Get domain access (assumes prior auth)
const domainAccess = await client.getDomainAccess("my-domain-id");

Note: In most cases, you only need getDomainAccess() - it automatically handles all prerequisite authentication steps.

State Persistence

Save and restore authentication state (useful for avoiding re-authentication):

// Save state (excludes credentials)
const stateJson = client.saveState();
localStorage.setItem("auth-state", stateJson);

// Restore state later
const savedState = localStorage.getItem("auth-state");
const client = Client.fromState(savedState, config);

// Validate state (clears expired tokens)
client.validateState();

// Check if still authenticated
if (client.isAuthenticated()) {
  console.log("Still authenticated!");
} else {
  // Need to re-authenticate
  await client.authenticate();
}

Token Refresh Monitoring

client.onRefreshFailed((info) => {
  console.log(`${info.tokenType} token refresh failed:`, info.reason);

  if (info.requiresReauth) {
    // Token expired, need full re-authentication
    client.authenticate().catch(console.error);
  }
});

Checking Tokens

// Check authentication state
const isAuth = client.isAuthenticated();

// Get cached tokens
const networkToken = client.getNetworkToken();
if (networkToken) {
  console.log("Token:", networkToken.token);
  console.log("Expires:", networkToken.expires_at);
}

const discoveryToken = client.getDiscoveryToken();
const domainAccess = client.getCachedDomainAccess("domain-id");

Utility Functions

import { currentTimeMs, isExpired, isNearExpiry } from "@auki/authentication";

// Get current time
const now = currentTimeMs();

// Check if token is expired
if (isExpired(token.expires_at)) {
  console.log("Token expired");
}

// Check if token needs refresh
if (isNearExpiry(token.expires_at, 300000)) {
  // 5 minutes
  console.log("Token expires soon");
}

2. Low-Level Bindings API (Advanced)

For advanced use cases where you need full control over HTTP requests, you can use the underlying WASM bindings directly. This is a sans-I/O API where you handle all I/O operations.

Import Raw Bindings

import {
  WasmClient,
  WasmConfig,
  WasmCredentials,
} from "@auki/authentication/dist/bindings/authentication.js";

Sans-I/O Pattern

import {
  WasmClient,
  WasmConfig,
  WasmCredentials,
} from "@auki/authentication/dist/bindings/authentication.js";

// 1. Create credentials
const credentials = WasmCredentials.email_password(
  "[email protected]",
  "password"
);

// 2. Create config
const config = new WasmConfig(
  "https://api.aukiverse.com",
  "https://dds.posemesh.org",
  "my-client-id"
);
config.refresh_threshold_ms = BigInt(300000); // 5 minutes

// 3. Create client
const client = new WasmClient(credentials, config);

// 4. Get actions to perform
const actions = client.authenticate(BigInt(Date.now()));

// 5. Execute actions (you handle HTTP)
for (const action of actions) {
  if (action.type === "HttpRequest") {
    // Use your own HTTP client
    const response = await yourHttpClient.request({
      url: action.url,
      method: action.method,
      headers: action.headers,
      body: action.body,
    });

    // 6. Feed response back to client
    const events = client.handle_response(response.status, response.text);

    // 7. Process events
    for (const event of events) {
      if (event.type === "NetworkAuthSuccess") {
        console.log("Token:", event.token);
        console.log("Expires:", event.expires_at);
      } else if (event.type === "NetworkAuthFailed") {
        console.error("Failed:", event.reason);
      }
    }
  } else if (action.type === "Wait") {
    // Handle retry delays
    await new Promise((r) => setTimeout(r, action.duration_ms));
  }
}

Available Methods

// Authentication flow
client.authenticate(now_ms: bigint): Action[]
client.authenticate_discovery(now_ms: bigint): Action[]
client.get_domain_access(domain_id: string, now_ms: bigint): Action[]

// Handle HTTP responses
client.handle_response(status: number, body: string): Event[]

// State queries
client.is_authenticated(now_ms: bigint): boolean
client.check_auth_state(now_ms: bigint): WasmAuthenticationState
client.network_token(): Token | null
client.discovery_token(): Token | null
client.domain_access(domain_id: string): DomainAccess | null
client.all_domains(): DomainAccess[]

// State management
client.save_state(): string
client.validate_state(now_ms: bigint): Event[]
WasmClient.from_state(state_json: string, config: WasmConfig): WasmClient

// Credentials
client.set_credentials(credentials: WasmCredentials): void
client.has_credentials(): boolean
client.requires_credentials(now_ms: bigint): boolean

// Control
client.force_reauth(): Event[]
client.clear_domain_access(domain_id: string): void
client.clear_all_domain_accesses(): void

Action Types

type Action =
  | {
      type: "HttpRequest";
      url: string;
      method: string;
      headers: object;
      body?: string;
    }
  | { type: "Wait"; duration_ms: number };

Event Types

type Event =
  | { type: "NetworkAuthSuccess"; token: string; expires_at: number }
  | { type: "NetworkAuthFailed"; reason: string; retry_possible: boolean }
  | { type: "NetworkTokenRefreshed"; token: string; expires_at: number }
  | {
      type: "NetworkTokenRefreshFailed";
      reason: string;
      requires_reauth: boolean;
    }
  | { type: "DiscoveryAuthSuccess"; token: string; expires_at: number }
  | { type: "DiscoveryAuthFailed"; reason: string }
  | { type: "DomainAccessGranted"; domain: DomainAccess }
  | { type: "DomainAccessDenied"; domain_id: string; reason: string }
  | { type: "AuthenticationRequired" }
  | { type: "TokensInvalidated" };

TypeScript Support

This library is written in TypeScript and includes full type definitions.

import type {
  Client,
  ClientConfig,
  Credentials,
  Token,
  DomainAccess,
  DomainServer,
  AuthenticationError,
  RefreshFailureInfo,
} from "@auki/authentication";

Examples

See the examples/ directory for complete working examples:

  • basic.js - Complete authentication flow with all steps
  • test_refresh.js - Token refresh testing
  • test_refresh_expired.js - Expired token handling

Running Examples

  1. Copy environment template:

    cp ../../.env.example ../../.env

  2. Edit .env with your credentials:

    API_URL=https://api.aukiverse.com
DDS_URL=https://dds.posemesh.org
[email protected]
PASSWORD=your-password
DOMAIN_ID=your-domain-id

  3. Run example:

    npm run example:basic

Error Handling

import { AuthenticationError } from "@auki/authentication";

try {
  await client.authenticate();
} catch (error) {
  if (error instanceof AuthenticationError) {
    console.error("Auth error:", error.message);
    console.log("Retryable:", error.retryable);
  }
}

Browser vs Node.js

This library works in both environments:

Browser:

<script type="module">
  import { Client } from "@auki/authentication";
  // Use client...
</script>

Node.js:

import { Client } from "@auki/authentication";
// or
const { Client } = require("@auki/authentication");

Architecture

This library uses a sans-I/O architecture at its core:

  • The Rust core implements all authentication logic without I/O
  • The TypeScript wrapper provides a convenient async API
  • HTTP requests use the standard fetch API (works in browsers and Node.js 18+)
  • You can use the low-level bindings for custom HTTP client integration

Building from Source

# From repository root
make javascript

# Package it
cd pkg/javascript && npm pack

See the root README.md for more details.

License

MIT

Support

  • Issues: https://github.com/aukilabs/experimental-modules/issues
  • Documentation: https://github.com/aukilabs/experimental-modules