Add initial files.

.eslintrc.cjs

@@ -0,0 +1,15 @@
+module.exports = {
+  root: true,
+  env: {
+    node: true
+  },
+  extends: [
+    'digitalbazaar',
+    'digitalbazaar/jsdoc',
+    'digitalbazaar/module'
+  ],
+  ignorePatterns: ['node_modules/'],
+  rules: {
+    'unicorn/prefer-node-protocol': 'error'
+  }
+};

.github/workflows/main.yml → .github/workflows/main.yaml

@@ -8,11 +8,11 @@ jobs:
     timeout-minutes: 10
     strategy:
       matrix:
-        node-version: [14.x]
+        node-version: [22.x]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
     - run: npm install
@@ -24,19 +24,20 @@ jobs:
     timeout-minutes: 10
     services:
       mongodb:
-        image: mongo:4.2
+        image: mongo:5
         ports:
           - 27017:27017
     strategy:
       matrix:
-        node-version: [12.x, 14.x]
+        node-version: [20.x, 22.x]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
     - run: |
+        npm install
         cd test
         npm install
     - name: Run test with Node.js ${{ matrix.node-version }}
@@ -49,27 +50,29 @@ jobs:
     timeout-minutes: 10
     services:
       mongodb:
-        image: mongo:4.2
+        image: mongo:5
         ports:
           - 27017:27017
     strategy:
       matrix:
-        node-version: [14.x]
+        node-version: [22.x]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
     - run: |
+        npm install
         cd test
         npm install
     - name: Generate coverage report
       run: |
         cd test
         npm run coverage-ci
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v1
+      uses: codecov/codecov-action@v4
       with:
         file: ./test/coverage/lcov.info
         fail_ci_if_error: true
+        token: ${{ secrets.CODECOV_TOKEN }}

.npmrc

@@ -0,0 +1 @@
+legacy-peer-deps=true

CHANGELOG.md

@@ -1,5 +1,5 @@
-# bedrock-module-template-http ChangeLog
+# bedrock-basic-authz-server ChangeLog
 
-## 1.0.0 - TBD
+## 1.0.0 - 2025-mm-dd
 
 - See git history for changes.

LICENSE.md

@@ -1,7 +1,7 @@
 Bedrock Non-Commercial License v1.0
 ===================================
 
-Copyright (c) 2011-2021 Digital Bazaar, Inc.
+Copyright (c) 2011-2025 Digital Bazaar, Inc.
 All rights reserved.
 
 Summary

README.md

@@ -1 +1 @@
-# bedrock-module-template-http
+# bedrock-basic-authz-server

lib/config.js

@@ -1,13 +1,68 @@
 /*!
- * Copyright (c) 2021 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2024-2025 Digital Bazaar, Inc. All rights reserved.
  */
-import bedrock from 'bedrock';
-const {config} = bedrock;
+import {config} from '@bedrock/core';
+import {NAMESPACE} from './constants.js';
 
-const namespace = 'module-template-http';
-const cfg = config[namespace] = {};
+const cfg = config[NAMESPACE] = {};
 
-const basePath = '/foo';
-cfg.routes = {
-  basePath
+cfg.authorizeZcapInvocationOptions = {
+  maxChainLength: 10,
+  // 300 second clock skew permitted by default
+  maxClockSkew: 300,
+  // 1 year max TTL by default
+  maxDelegationTtl: 1 * 60 * 60 * 24 * 365 * 1000
+};
+
+cfg.authorization = {
+  oauth2: {
+    accessTokens: {
+      // TTL in seconds (default 24 hours = 86400 seconds)
+      ttl: 86400
+    },
+    routes: {
+      asMetadata: `/.well-known/oauth-authorization-server`,
+      token: `/openid/token`,
+      jwks: `/openid/jwks`
+    },
+    clients: {
+      /*
+      <pet name of client>: {
+        client_id: ...,
+        // scopes that can be requested in the future; changing this DOES NOT
+        // alter existing access (for already issued tokens)
+        requestableScopes: ...,
+        // a SHA-256 of the client ID's password; security depends on passwords
+        // being sufficiently large (16 bytes or more) random strings; this
+        // field should be populated using an appropriate cloud secret store
+        // in any deployment
+        passwordHash
+      }
+      */
+    },
+    // 300 second clock skew permitted by default
+    maxClockSkew: 300,
+    // note: using undefined `allowedAlgorithms` will use the defaults set
+    // by the `jose` library that are appropriate for the key / secret type;
+    // (i.e., only asymmetric crypto will be used here); the top-level/parent
+    // app should choose to either use `undefined` as the default or specify
+    // a more restrictive list
+    /*allowedAlgorithms: [
+      // RSASSA-PKCS1-v1_ w/sha-XXX
+      'RS256',
+      'RS384',
+      'RS512',
+      // RSASSA-PSS w/ SHA-XXX
+      'PS256',
+      'PS384',
+      'PS512',
+      // ECDSA w/ SHA-XXX
+      'ES256',
+      'ES256K',
+      'ES384',
+      'ES512',
+      // ed25519 / ed448
+      'EdDSA'
+    ]*/
+  }
 };

lib/constants.js

@@ -0,0 +1,4 @@
+/*!
+ * Copyright (c) 2025 Digital Bazaar, Inc. All rights reserved.
+ */
+export const NAMESPACE = 'basic-authz-server';

lib/documentLoader.js

@@ -0,0 +1,27 @@
+/*!
+ * Copyright (c) 2018-2025 Digital Bazaar, Inc. All rights reserved.
+ */
+import {documentLoader as brDocumentLoader}
+  from '@bedrock/jsonld-document-loader';
+import {didIo} from '@bedrock/did-io';
+
+import '@bedrock/did-context';
+import '@bedrock/security-context';
+import '@bedrock/veres-one-context';
+
+// load config defaults
+import './config.js';
+
+export async function documentLoader(url) {
+  if(url.startsWith('did:')) {
+    const document = await didIo.get({did: url});
+    return {
+      contextUrl: null,
+      documentUrl: url,
+      document
+    };
+  }
+
+  // finally, try the bedrock document loader
+  return brDocumentLoader(url);
+}

lib/http/index.js

@@ -0,0 +1,7 @@
+/*!
+ * Copyright (c) 2024-2025 Digital Bazaar, Inc. All rights reserved.
+ */
+import * as middleware from './middleware.js';
+import {addOAuth2AuthzServer} from './oauth2.js';
+
+export {middleware, addOAuth2AuthzServer};