CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-azure--core-auth

Provides low-level interfaces and helper methods for authentication in Azure SDK

Overall
score

97%

Overview
Eval results
Files

task.mdevals/scenario-3/

Secure API Client with Proof-of-Possession Authentication

Build an API client that implements Proof-of-Possession (PoP) token-based authentication for making secure HTTP requests to a protected resource.

Requirements

Your implementation must:

  1. Accept a token credential that can retrieve access tokens
  2. Request a PoP token (not a Bearer token) with appropriate proof-of-possession parameters
  3. Handle the case where token retrieval fails
  4. Make an HTTP request using the retrieved PoP token
  5. Validate that the token returned is indeed a PoP token, not a Bearer token

The API client should accept:

  • A credential object capable of retrieving tokens
  • The target resource URL to access
  • The HTTP method to use for the request (e.g., 'GET', 'POST')
  • A nonce value for the PoP token request

Expected Behavior

When the client makes a request:

  • It should call the credential's token retrieval method with the appropriate scope and PoP options
  • The PoP options must include the nonce, HTTP method, and target URL
  • If token retrieval succeeds and returns a valid PoP token, proceed with the request
  • If token retrieval fails or returns a non-PoP token, throw an error

Test Cases

  • When provided with a credential that returns a valid PoP token, the client successfully retrieves the token with correct PoP parameters (nonce, method, URL) @test
  • When the credential returns null (token retrieval fails), the client throws an appropriate error @test
  • When the credential returns a Bearer token instead of a PoP token, the client throws an error indicating invalid token type @test

Implementation

@generates

API

/**
 * Options for making a PoP-authenticated API request
 */
export interface PopApiClientOptions {
  /** The credential to use for authentication */
  credential: any;
  /** The target resource URL */
  resourceUrl: string;
  /** The HTTP method for the request */
  method: string;
  /** The nonce value for PoP token binding */
  nonce: string;
  /** The scope(s) to request */
  scope: string | string[];
}

/**
 * Makes an API request using Proof-of-Possession token authentication
 *
 * @param options - Configuration options for the PoP-authenticated request
 * @returns A promise that resolves when the request is successfully authenticated
 * @throws Error if token retrieval fails or returns invalid token type
 */
export async function makePopRequest(options: PopApiClientOptions): Promise<void>;

Dependencies { .dependencies }

@azure/core-auth { .dependency }

Provides authentication interfaces and token validation utilities.

Install with Tessl CLI

npx tessl i tessl/npm-azure--core-auth

evals

scenario-3

rubric.json

task.md

tile.json