feat: add deep link types

Author: zensh

Cargo.toml

@@ -3,7 +3,7 @@ members = ["rs/ic_auth_types", "rs/ic_auth_verifier"]
 resolver = "2"
 
 [workspace.package]
-version = "0.4.5"
+version = "0.4.6"
 edition = "2024"
 repository = "https://github.com/ldclabs/ic-auth"
 keywords = ["config", "cbor", "canister", "icp", "encryption"]
@@ -32,3 +32,4 @@ ic-signature-verification = "0.2"
 ic-agent = "0.40"
 simple_asn1 = "0.6"
 xid = "1.1"
+url = "2.5"

rs/ic_auth_types/src/bytes.rs

@@ -8,7 +8,8 @@ use core::{
     ops::{Deref, DerefMut},
     str::FromStr,
 };
-use serde_bytes::{ByteArray, ByteBuf};
+
+pub use serde_bytes::{self, ByteArray, ByteBuf, Bytes};
 
 /// Wrapper around `Vec<u8>` to serialize and deserialize efficiently.
 /// If the serialization format is human readable (formats like JSON and YAML), it will be encoded in Base64URL.
@@ -453,6 +454,7 @@ mod deserialize {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use candid::encode_one;
     use serde::{Deserialize, Serialize};
 
     #[derive(Debug, Clone, Deserialize, Serialize, PartialEq, Eq, PartialOrd, Ord)]
@@ -492,5 +494,11 @@ mod tests {
         );
         let t1: Test = ciborium::from_reader(&data[..]).unwrap();
         assert_eq!(t, t1);
+
+        let a = encode_one(vec![1u8, 2, 3, 4]).unwrap();
+        println!("candid: {}", const_hex::encode(&a));
+        assert_eq!(a, encode_one(ByteBuf::from(vec![1, 2, 3, 4])).unwrap());
+        assert_eq!(a, encode_one(ByteBufB64::from(vec![1, 2, 3, 4])).unwrap());
+        assert_eq!(a, encode_one(ByteArrayB64::from([1, 2, 3, 4])).unwrap());
     }
 }

rs/ic_auth_verifier/Cargo.toml

@@ -26,6 +26,7 @@ http = { workspace = true, optional = true }
 base64 = { workspace = true, optional = true }
 const-hex = { workspace = true }
 ic-agent = { workspace = true, optional = true }
+url = { workspace = true, optional = true }
 
 [dev-dependencies]
 ic-agent = { workspace = true }
@@ -35,6 +36,11 @@ rand = { workspace = true }
 [features]
 default = []
 full = ["sign"]
-envelope = ["dep:http", "dep:base64", "dep:ic-signature-verification"]
+envelope = [
+  "dep:http",
+  "dep:base64",
+  "dep:ic-signature-verification",
+  "dep:url",
+]
 # should not include `sign` feature for canister
 sign = ["envelope", "dep:ic-agent"]

rs/ic_auth_verifier/src/deeplink.rs

@@ -0,0 +1,203 @@
+use ciborium::{from_reader, into_writer};
+use ic_auth_types::{ByteBufB64, SignedDelegationCompact};
+use serde::{Deserialize, Serialize, de::DeserializeOwned};
+use std::str::FromStr;
+
+/// Represents a request for deep linking between applications.
+///
+/// This struct is used to create deep link URLs for cross-application communication.
+/// It can be used for various scenarios including:
+/// - Authentication flows
+/// - Launching specific UI interfaces in another application
+/// - Opening form interfaces that return data to the calling application
+/// - Other cross-application communication needs
+///
+/// # Type Parameters
+///
+/// * `'a` - The lifetime of string references in the struct
+/// * `T` - The type of the payload, which must implement the [`Serialize`] trait
+///
+/// # Examples
+///
+/// ```
+/// use ic_auth_verifier::deeplink::DeepLinkRequest;
+/// use url::Url;
+///
+/// let request = DeepLinkRequest {
+///     os: "ios",
+///     action: "SignIn",
+///     next_url: Some("https://example.com/callback"),
+///     payload: Some("custom_data"),
+/// };
+///
+/// let endpoint = Url::parse("https://auth.example.com").unwrap();
+/// let deep_link_url = request.to_url(&endpoint);
+/// ```
+#[derive(Debug)]
+pub struct DeepLinkRequest<'a, T: Serialize> {
+    pub os: &'a str,     // e.g., "linux" | "windows" | "macos" | "ios" | "android"
+    pub action: &'a str, // e.g., "SignIn"
+    pub next_url: Option<&'a str>, // e.g., "https://anda.ai/deeplink"
+    pub payload: Option<T>, // encode as base64url
+}
+
+impl<T> DeepLinkRequest<'_, T>
+where
+    T: Serialize,
+{
+    /// Converts the request into a URL with query parameters and fragment.
+    ///
+    /// This method creates a URL by appending the request parameters as query parameters
+    /// and the serialized payload (if any) as a URL fragment. The payload is serialized
+    /// to CBOR format and then encoded as base64url.
+    ///
+    /// # Parameters
+    ///
+    /// * `endpoint` - The base URL to which parameters will be added
+    ///
+    /// # Returns
+    ///
+    /// A new `url::Url` instance with the request parameters and payload
+    ///
+    /// # Panics
+    ///
+    /// This method will panic if the payload serialization to CBOR fails
+    pub fn to_url(&self, endpoint: &url::Url) -> url::Url {
+        let mut url = endpoint.clone();
+        url.query_pairs_mut()
+            .append_pair("os", self.os)
+            .append_pair("action", self.action);
+
+        if let Some(next_url) = self.next_url {
+            url.query_pairs_mut().append_pair("next_url", next_url);
+        }
+
+        if let Some(payload) = &self.payload {
+            let mut data = ByteBufB64(Vec::new());
+            into_writer(payload, &mut data.0).expect("Failed to serialize payload to CBOR");
+            url.set_fragment(Some(data.to_string().as_str()));
+        }
+
+        url
+    }
+}
+
+/// Represents a response from a deep link interaction between applications.
+///
+/// This struct is used to parse and extract information from a URL received
+/// after a deep link interaction. It can be used in various cross-application scenarios:
+/// - Authentication flows
+/// - Returning data from a form or UI interaction in another application
+/// - Callback responses from any cross-application communication
+///
+/// # Examples
+///
+/// ```
+/// use ic_auth_verifier::deeplink::DeepLinkResponse;
+/// use url::Url;
+///
+/// let callback_url = Url::parse("https://example.com/callback?os=ios&action=SignIn#payload_data").unwrap();
+/// let response = DeepLinkResponse::from_url(callback_url).unwrap();
+/// ```
+#[derive(Debug)]
+pub struct DeepLinkResponse {
+    pub url: url::Url,
+    pub os: String,
+    pub action: String,              // "SignIn"
+    pub payload: Option<ByteBufB64>, // decode from base64url
+}
+
+impl DeepLinkResponse {
+    /// Creates a new `DeepLinkResponse` from a URL.
+    ///
+    /// This method parses the URL to extract query parameters and fragment,
+    /// constructing a `DeepLinkResponse` instance with the extracted information.
+    ///
+    /// # Parameters
+    ///
+    /// * `url` - The URL to parse, typically a callback URL from an application interaction
+    ///
+    /// # Returns
+    ///
+    /// A `Result` containing either the parsed `DeepLinkResponse` or an error message
+    pub fn from_url(url: url::Url) -> Result<Self, String> {
+        let mut query_pairs = url.query_pairs();
+        let payload = match url.fragment() {
+            Some(f) => Some(ByteBufB64::from_str(f).map_err(|err| format!("{err:?}"))?),
+            None => None,
+        };
+
+        Ok(DeepLinkResponse {
+            os: query_pairs
+                .find(|(k, _)| k == "os")
+                .map(|(_, v)| v.to_string())
+                .unwrap_or_default(),
+            action: query_pairs
+                .find(|(k, _)| k == "action")
+                .map(|(_, v)| v.to_string())
+                .unwrap_or_default(),
+            payload,
+            url,
+        })
+    }
+
+    /// Extracts and deserializes the payload from the response.
+    ///
+    /// This method attempts to deserialize the payload (if present) from CBOR format
+    /// into the specified type `T`.
+    ///
+    /// # Type Parameters
+    ///
+    /// * `T` - The type to deserialize the payload into, which must implement [`DeserializeOwned`]
+    ///
+    /// # Returns
+    ///
+    /// A `Result` containing either the deserialized payload or an error message
+    pub fn get_payload<T: DeserializeOwned>(&self) -> Result<T, String> {
+        if let Some(payload) = &self.payload {
+            Ok(from_reader(payload.as_slice()).map_err(|err| format!("{err:?}"))?)
+        } else {
+            Err("Payload is missing in the deep link response".to_string())
+        }
+    }
+}
+
+/// Represents a SignIn request payload for authentication.
+///
+/// This struct is used as the payload in a `DeepLinkRequest` for SignIn operations.
+/// It contains the session public key and the maximum time-to-live for the session.
+///
+/// # Fields
+///
+/// * `session_pubkey` - The public key for the session
+/// * `max_time_to_live` - The maximum time-to-live for the session in milliseconds
+#[derive(Clone, Default, Deserialize, Serialize)]
+pub struct SignInRequest {
+    #[serde(rename = "s")]
+    pub session_pubkey: ByteBufB64,
+    #[serde(rename = "m")]
+    pub max_time_to_live: u64, // in milliseconds
+}
+
+/// Represents a SignIn response payload from authentication.
+///
+/// This struct is used as the payload in a `DeepLinkResponse` for SignIn operations.
+/// It contains the user's public key, delegations, authentication method, and origin.
+///
+/// # Fields
+///
+/// * `user_pubkey` - The user's public key
+/// * `delegations` - A vector of signed delegations that authorize the session
+/// * `authn_method` - The authentication method used (e.g., "webauthn", "passkey")
+/// * `origin` - The origin of the authentication request
+#[derive(Clone, Default, Deserialize, Serialize)]
+pub struct SignInResponse {
+    #[serde(rename = "u")]
+    pub user_pubkey: ByteBufB64,
+    #[serde(rename = "d")]
+    pub delegations: Vec<SignedDelegationCompact>,
+    #[serde(rename = "a")]
+    pub authn_method: String,
+    #[serde(rename = "o")]
+    pub origin: String,
+}

rs/ic_auth_verifier/src/lib.rs

@@ -1,10 +1,11 @@
-/// Lite version of `ic-crypto-standalone-sig-verifier`
-/// Original source: https://github.com/dfinity/ic/blob/master/rs/crypto/standalone-sig-verifier
 mod asn1;
 
 #[cfg(feature = "envelope")]
 pub mod envelope;
 
+#[cfg(feature = "envelope")]
+pub mod deeplink;
+
 use k256::ecdsa::signature::hazmat::PrehashVerifier;
 use sha3::Digest;