This Worker implements the challenge and redemption protocols in Privacy Pass. A live demonstration of this worker can be found here.
The test server has two HTTP endpoints:
GET /login: This API will return a static HTML page representing the application, which is a simple (and non-functional) login form. It also returns aWWW-Authenticate: PrivateTokenchallenge as defined by Privacy Pass authentication.GET /login (+Authorization: PrivateToken): This API is used by the application for performing a "login" request. Clients will interact with this API upon submitting the login form details.- If the login request contains a Privacy Pass token, the token is validated before accepting the request.
- If not, it's the request above.
When verifying Privacy Pass tokens, the server will first fetch the token verification key from the issuer (as identified by ISSUER_NAME).
That's it!
To deploy and interact with this test server, you need to configure the following Cloudflare Worker variables:
- ISSUER_NAME: This is the name of the Privacy Pass issuer server that the origin trusts for issuing tokens. This is a public variable.
The test server uses existing APIs for creating Privacy Pass token challenges and verifying the resulting tokens. For example, when verifying a token, one can use standard WebCrypto APIs for verifying the Token signature against the Issuer's public key.