Package Exports
- @peac/mappings-paymentauth
- @peac/mappings-paymentauth/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@peac/mappings-paymentauth) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@peac/mappings-paymentauth
HTTP Payment authentication scheme (paymentauth/MPP) mapping for PEAC.
Envelope-first parsing of paymentauth wire artifacts with raw + normalized types. Method-specific payloads are treated as unknown because each payment method (card, lightning, stripe, tempo) has its own specification.
Status
Experimental. The paymentauth core spec (draft-ryan-httpauth-payment-01) is an active individual draft (not standards-track). Discovery and JSON-RPC/MCP transport drafts are at draft-00.
Features
- Parse
WWW-Authenticate: Paymentchallenges (first challenge; separate header lines recommended for multiple challenges) - Parse
Authorization: Paymentcredentials (base64url-encoded JSON) - Parse
Payment-Receiptheaders (base64url-encoded JSON) - Normalize to stable PEAC-facing types with
_rawback-references - OpenAPI discovery extraction (
x-service-info,x-payment-info) - JSON-RPC error detection (
-32042,-32043) - MCP
_metakey extraction (org.paymentauth/credential,org.paymentauth/receipt) - MCP capability advertisement typing (
experimental.payment)
Security
- Raw
Authorization: PaymentandPayment-Receiptvalues never appear in thrown errors - Parser limits enforced: header size, param count, payload size, JSON depth
- Decoded bytes preserved alongside strings for non-UTF-8 safety
redactPaymentauthHeader()helper for safe logging
No Network I/O
This package contains zero network calls. All functions are pure parsers and normalizers.