@opentdf/sdk
    Preparing search index...

    Class TDF3Client

    Index

    Constructors

    constructor

    Properties

    allowedKases? authProvider? clientConfig clientId? cryptoService dpopEnabled dpopKeys easEndpoint? fileStreamServiceWorker? fulfillableObligationFQNs kasEndpoint kasKeyInfoCache platformUrl? policyEndpoint readerUrl?

    Methods

    _doFetchKasKeyWithCache decrypt encrypt getPolicyId loadTDFStream

    Constructors

    • An abstraction for protecting and accessing data using TDF3 services.

      Parameters

      • config: ClientConfig
        • keypair

          keypair generated for signing. Optional, will be generated by sdk if not passed

        • clientId
        • kasEndpoint

          Key Access Server url

        • refreshToken

          After logging in to browser OIDC interface user receives fresh token that needed by SDK for auth needs

        • externalJwt

          JWT from external authority (eg Google)

        • oidcOrigin

          Endpoint of authentication service

      Returns TDF3Client

    Properties

    allowedKases?: OriginAllowList

    List of allowed KASes to connect to for rewrap requests. Defaults to [this.kasEndpoint].

    authProvider?: AuthProvider
    clientConfig: ClientConfig
    clientId?: string
    cryptoService: CryptoService
    dpopEnabled: boolean
    dpopKeys: Promise<CryptoKeyPair>

    Session binding keys. Used for DPoP and signed request bodies.

    easEndpoint?: string
    fileStreamServiceWorker?: string
    fulfillableObligationFQNs: string[]

    List of obligation value FQNs in platform policy that can be fulfilled by the PEP utilizing this client (i.e. 'https://example.com/obl/drm/value/mask'). Defaults to '[]'. Currently set per Client and not per TDF.

    kasEndpoint: string

    Default kas endpoint, if present. Required for encrypt.

    kasKeyInfoCache: KasKeyInfoCache = []
    platformUrl?: string

    URL of the platform, required to fetch list of allowed KASes when allowedKases is empty

    policyEndpoint: string

    Policy service endpoint, if present. Required for autoconfiguration with ABAC.

    readerUrl?: string

    Methods

    _doFetchKasKeyWithCache

    • _doFetchKasKeyWithCache(
          ...params: [
              cache: KasKeyInfoCache,
              kas: string,
              algorithm?: KasPublicKeyAlgorithm,
              kid?: string,
          ],
      ): Promise<KasPublicKeyInfo>

      Necessary only for testing. A dependency-injection approach should be preferred, but that is difficult currently

      Parameters

      • ...params: [
            cache: KasKeyInfoCache,
            kas: string,
            algorithm?: KasPublicKeyAlgorithm,
            kid?: string,
        ]

      Returns Promise<KasPublicKeyInfo>

    • Get the unique policyId associated with TDF ciphertext. Useful for managing authorization policies of encrypted data.

      The policyId is embedded in the ciphertext so this is a local operation.

      Parameters

      • source: { source: DecryptSource }

        Required. TDF data stream, generated using DecryptParamsBuilder#build|DecryptParamsBuilder's build().

      Returns Promise<any>

      • the unique policyId, which can be used for tracking purposes or policy management operations.

      DecryptParamsBuilder

    • Parameters

      • __namedParameters: { source: DecryptSource }

      Returns Promise<InspectedTDFOverview>

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods