1/* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"), 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit UserAuthenticationKit 19 * @arkts 1.1&1.2 20 */ 21 22import userAuth from '@ohos.userIAM.userAuth'; 23 24/** 25 * User access control 26 * 27 * @namespace userAccessCtrl 28 * @syscap SystemCapability.UserIAM.UserAuth.Core 29 * @since arkts {'1.1':'18','1.2':'20'} 30 * @arkts 1.1&1.2 31 */ 32declare namespace userAccessCtrl { 33 /** 34 * Verify the authentication token. 35 * 36 * @permission ohos.permission.USE_USER_ACCESS_MANAGER 37 * @param { Uint8Array } authToken - AuthToken to be verified. 38 * @param { int } allowableDuration - Allowable time interval from the authToken is issued till now in milliseconds. 39 * @returns { Promise<AuthToken> } Returns parsed authToken. 40 * @throws { BusinessError } 201 - Permission denied. 41 * @throws { BusinessError } 202 - Permission denied. Called by non-system application. 42 * @throws { BusinessError } 401 - Parameter error. Possible causes: 43 * <br>1. Mandatory parameters are left unspecified. 44 * <br>2. Incorrect parameter types. 45 * <br>3. Parameter verification failed. 46 * @throws { BusinessError } 12500002 - General operation error. 47 * @throws { BusinessError } 12500015 - AuthToken integrity check failed. 48 * @throws { BusinessError } 12500016 - AuthToken has expired. 49 * @syscap SystemCapability.UserIAM.UserAuth.Core 50 * @systemapi Hide this for inner system use. 51 * @since arkts {'1.1':'18','1.2':'20'} 52 * @arkts 1.1&1.2 53 */ 54 function verifyAuthToken(authToken: Uint8Array, allowableDuration: int): Promise<AuthToken>; 55 56 /** 57 * Authentication token. 58 * 59 * @typedef AuthToken 60 * @syscap SystemCapability.UserIAM.UserAuth.Core 61 * @systemapi Hide this for inner system use. 62 * @since arkts {'1.1':'18','1.2':'20'} 63 * @arkts 1.1&1.2 64 */ 65 interface AuthToken { 66 /** 67 * Pass in challenge value. 68 * 69 * @type { Uint8Array } 70 * @syscap SystemCapability.UserIAM.UserAuth.Core 71 * @systemapi Hide this for inner system use. 72 * @since arkts {'1.1':'18','1.2':'20'} 73 * @arkts 1.1&1.2 74 */ 75 challenge: Uint8Array; 76 77 /** 78 * Trust level of authentication result. 79 * 80 * @type { userAuth.AuthTrustLevel } 81 * @syscap SystemCapability.UserIAM.UserAuth.Core 82 * @systemapi Hide this for inner system use. 83 * @since arkts {'1.1':'18','1.2':'20'} 84 * @arkts 1.1&1.2 85 */ 86 authTrustLevel: userAuth.AuthTrustLevel; 87 88 /** 89 * Credential type for authentication. 90 * 91 * @type { userAuth.UserAuthType } 92 * @syscap SystemCapability.UserIAM.UserAuth.Core 93 * @systemapi Hide this for inner system use. 94 * @since arkts {'1.1':'18','1.2':'20'} 95 * @arkts 1.1&1.2 96 */ 97 authType: userAuth.UserAuthType; 98 99 /** 100 * The type of authToken. 101 * 102 * @type { AuthTokenType } 103 * @syscap SystemCapability.UserIAM.UserAuth.Core 104 * @systemapi Hide this for inner system use. 105 * @since arkts {'1.1':'18','1.2':'20'} 106 * @arkts 1.1&1.2 107 */ 108 tokenType: AuthTokenType; 109 110 /** 111 * The user id of authToken. 112 * 113 * @type { int } 114 * @syscap SystemCapability.UserIAM.UserAuth.Core 115 * @systemapi Hide this for inner system use. 116 * @since arkts {'1.1':'18','1.2':'20'} 117 * @arkts 1.1&1.2 118 */ 119 userId: int; 120 121 /** 122 * The time interval from the authToken is issued till now in milliseconds. 123 * 124 * @type { bigint } 125 * @syscap SystemCapability.UserIAM.UserAuth.Core 126 * @systemapi Hide this for inner system use. 127 * @since arkts {'1.1':'18','1.2':'20'} 128 * @arkts 1.1&1.2 129 */ 130 timeInterval: bigint; 131 132 /** 133 * The secure uid of authToken. 134 * 135 * @type { ?bigint } 136 * @syscap SystemCapability.UserIAM.UserAuth.Core 137 * @systemapi Hide this for inner system use. 138 * @since arkts {'1.1':'18','1.2':'20'} 139 * @arkts 1.1&1.2 140 */ 141 secureUid?: bigint; 142 143 /** 144 * The enrolled id of authToken. 145 * 146 * @type { ?bigint } 147 * @syscap SystemCapability.UserIAM.UserAuth.Core 148 * @systemapi Hide this for inner system use. 149 * @since arkts {'1.1':'18','1.2':'20'} 150 * @arkts 1.1&1.2 151 */ 152 enrolledId?: bigint; 153 154 /** 155 * The credential id of authToken. 156 * 157 * @type { ?bigint } 158 * @syscap SystemCapability.UserIAM.UserAuth.Core 159 * @systemapi Hide this for inner system use. 160 * @since arkts {'1.1':'18','1.2':'20'} 161 * @arkts 1.1&1.2 162 */ 163 credentialId?: bigint; 164 } 165 166 /** 167 * The issued type for authToken. 168 * 169 * @enum { int } 170 * @syscap SystemCapability.UserIAM.UserAuth.Core 171 * @systemapi Hide this for inner system use. 172 * @since arkts {'1.1':'18','1.2':'20'} 173 * @arkts 1.1&1.2 174 */ 175 enum AuthTokenType { 176 /** 177 * AuthToken is issued locally. 178 * 179 * @syscap SystemCapability.UserIAM.UserAuth.Core 180 * @systemapi Hide this for inner system use. 181 * @since arkts {'1.1':'18','1.2':'20'} 182 * @arkts 1.1&1.2 183 */ 184 TOKEN_TYPE_LOCAL_AUTH = 0, 185 186 /** 187 * AuthToken is re-issued. 188 * 189 * @syscap SystemCapability.UserIAM.UserAuth.Core 190 * @systemapi Hide this for inner system use. 191 * @since arkts {'1.1':'18','1.2':'20'} 192 * @arkts 1.1&1.2 193 */ 194 TOKEN_TYPE_LOCAL_RESIGN = 1, 195 196 /** 197 * AuthToken is issued remotely. 198 * 199 * @syscap SystemCapability.UserIAM.UserAuth.Core 200 * @systemapi Hide this for inner system use. 201 * @since arkts {'1.1':'18','1.2':'20'} 202 * @arkts 1.1&1.2 203 */ 204 TOKEN_TYPE_COAUTH = 2 205 } 206} 207 208export default userAccessCtrl; 209