Draft of JWT condition

packages/taco/src/conditions/base/jwt.ts

@@ -0,0 +1,23 @@
+import { Condition } from '../condition';
+import {
+  JWTConditionProps,
+  jwtConditionSchema,
+  JWTConditionType,
+} from '../schemas/jwt';
+import { OmitConditionType } from '../shared';
+
+export {
+  JWT_PARAM_DEFAULT,
+  JWTConditionProps,
+  jwtConditionSchema,
+  JWTConditionType,
+} from '../schemas/jwt';
+
+export class JWTCondition extends Condition {
+  constructor(value: OmitConditionType<JWTConditionProps>) {
+    super(jwtConditionSchema, {
+      conditionType: JWTConditionType,
+      ...value,
+    });
+  }
+}

packages/taco/src/conditions/schemas/jwt.ts

@@ -0,0 +1,20 @@
+import { z } from 'zod';
+
+import { baseConditionSchema } from './common';
+import { contextParamSchema } from './context';
+
+export const JWT_PARAM_DEFAULT = ':jwtToken';
+
+export const JWTConditionType = 'jwt';
+
+export const jwtConditionSchema = baseConditionSchema.extend({
+  conditionType: z.literal(JWTConditionType).default(JWTConditionType),
+  public_key: z.string().optional(),
+  expected_issuer: z.string().optional(),
+  subject: contextParamSchema.optional(),
+  expiration_window: z.number().int().nonnegative().optional(),
+  issued_window: z.number().int().nonnegative().optional(),
+  jwtToken: contextParamSchema.default(JWT_PARAM_DEFAULT),
+});
+
+export type JWTConditionProps = z.infer<typeof jwtConditionSchema>;

packages/taco/test/conditions/base/jwt.test.ts

@@ -0,0 +1,40 @@
+/* eslint-disable @typescript-eslint/no-unused-vars */
+import { TEST_CONTRACT_ADDR } from '@nucypher/test-utils';
+import { describe, expect, it } from 'vitest';
+
+import {
+  JWTCondition,
+  jwtConditionSchema,
+} from '../../../src/conditions/base/jwt';
+import { testJWTConditionObj } from '../../test-utils';
+
+describe('JWTCondition', () => {
+  describe('validation', () => {
+    it('accepts a valid schema', () => {
+      const result = JWTCondition.validate(
+        jwtConditionSchema,
+        testJWTConditionObj,
+      );
+
+      expect(result.error).toBeUndefined();
+      expect(result.data).toEqual(testJWTConditionObj);
+    });
+
+    it('rejects an invalid schema', () => {
+      const badJWTObj = {
+        ...testJWTConditionObj,
+        subject: TEST_CONTRACT_ADDR,
+      };
+
+      const result = JWTCondition.validate(jwtConditionSchema, badJWTObj);
+
+      expect(result.error).toBeDefined();
+      expect(result.data).toBeUndefined();
+      expect(result.error?.format()).toMatchObject({
+        subject: {
+          _errors: ['Invalid'],
+        },
+      });
+    });
+  });
+});

packages/taco/test/test-utils.ts

@@ -31,6 +31,7 @@ import {
   fakeTDecFlow,
   TEST_CHAIN_ID,
   TEST_CONTRACT_ADDR,
+  TEST_ECDSA_PUBLIC_KEY,
 } from '@nucypher/test-utils';
 import { SpyInstance, vi } from 'vitest';
 
@@ -40,6 +41,11 @@ import {
   FunctionAbiProps,
 } from '../src/conditions/base/contract';
 import { JsonApiConditionType } from '../src/conditions/base/json-api';
+import {
+  JWT_PARAM_DEFAULT,
+  JWTConditionProps,
+  JWTConditionType,
+} from '../src/conditions/base/jwt';
 import {
   RpcConditionProps,
   RpcConditionType,
@@ -243,6 +249,16 @@ export const testJsonApiConditionObj = {
   returnValueTest: testReturnValueTest,
 };
 
+export const testJWTConditionObj: JWTConditionProps = {
+  conditionType: JWTConditionType,
+  public_key: TEST_ECDSA_PUBLIC_KEY,
+  expected_issuer: '0xacbd',
+  subject: ':userAddress',
+  expiration_window: 1800,
+  issued_window: 86400,
+  jwtToken: JWT_PARAM_DEFAULT,
+};
+
 export const testRpcConditionObj: RpcConditionProps = {
   conditionType: RpcConditionType,
   chain: TEST_CHAIN_ID,

packages/test-utils/src/variables.ts

@@ -19,3 +19,8 @@ export const TEST_SIWE_PARAMS = {
   domain: 'localhost',
   uri: 'http://localhost:3000',
 };
+
+export const TEST_ECDSA_PUBLIC_KEY =
+  '-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXHVxB7s5SR7I9cWwry' +
+  '/JkECIReka\nCwG3uOLCYbw5gVzn4dRmwMyYUJFcQWuFSfECRK+uQOOXD0YSEucBq0p5tA==\n-----END PUBLIC ' +
+  'KEY-----\n ';