This is the domain expected by the idp for forwarding emails, and the desktop/android builds for loading the remote about:accounts page.

We don't want people indexing our dev and stage environments. http://davidwalsh.name/robots-rerouting

(migrating from mozilla/fxa-auth-server#309)

E.g., on FxOS the user could create their FxA in Marketplace a flow, and then end up verifying their email on another device. FxOS team would like the ability for us to tell the user "what to do next" after completing verification. Thoughts on how to enable this? How about adding service= in the sign in or sign up flow so we know what service initiated the process? Google does something similar, FWIW: https://accounts.google.com/ServiceLogin?service=oz

Only users which have been verified to be over the age of 13 should be allowed to create a FxA. I don't think I can put our implementation strategy (yet) here due to liability/legal reasons. Contact me or @lloyd directly if you have any questions.

This used to be mozilla/fxa-auth-server#256.

If you do this, you should see that you are signed in with that account.
This could be a round-about way of accessing things with an unverified account.

(I found this because the email verification link for me was giving 404s)

The problem happens when you try to sign in after signing out.
The Sign In page will give you an error (appropriate) and ask you to verify.
Unfortunately the verify link is causing errors (separate issue).

But, back to the point - I was successfully able to bypass (at least temporarily) the email verification step.

After we enter the blessed "foo@..." email address and press "Next", we get a series of HTTP requests culminating in (according to the web inspector):

• POST provision
• GET have_email?email=foo...
• POST auth_with_assertion

the last is handled in browserid/lib/wsapi/auth_with_assertion.js:process(), which passes req.params.assertion to browserid/lib/primary.js:verifyAssertion(), which sends it along to jwcrypto.cert.verifyBundle(), which tries to base64 decode each of three items in an array, but the first item in our array is a nice clear JSON blob of the form:

{"success":true,"certificate":"eyJhbG ..."}

and the base64 decoding error bubbles all the way up to the browser. I am not sure where this should be handled, or whether it indicates some larger misuse of the API.

Sure it's a nit, but this could be in a the code a long time.
We don't want Devs laughing at us do we?

REF:
http://www.urbandictionary.com/define.php?term=moar

srsly

This is what I see:

$ npm run-script test-server

[email protected] test-server /Users/James/firefox-account-bridge
mocha server/tests/*.js

CERTIFIER ERR: path.existsSync is now called fs.existsSync.
Certifier started on port 8080
FAB: Firefox Account Bridge listening at http://dev.fxaccounts.mozilla.org:3030
...

✖ 2 of 3 tests failed:

1. the server should respond:
   TypeError: Object function (app){
   if ('function' == typeof app) app = http.createServer(app);
   var obj = {};

methods.forEach(function(method){
var name = 'delete' == method
? 'del'
: method;

obj[name] = function(url){
  return new Test(app, method, url);
};

});

return obj;
} has no method 'get'
at Context. (/Users/James/firefox-account-bridge/server/tests/acceptance.js:31:13)
at Test.Runnable.run (/Users/James/firefox-account-bridge/node_modules/mocha/lib/runnable.js:145:15)
at Runner.runTest (/Users/James/firefox-account-bridge/node_modules/mocha/lib/runner.js:292:10)
at /Users/James/firefox-account-bridge/node_modules/mocha/lib/runner.js:336:12
at next (/Users/James/firefox-account-bridge/node_modules/mocha/lib/runner.js:220:14)
at /Users/James/firefox-account-bridge/node_modules/mocha/lib/runner.js:229:7
at next (/Users/James/firefox-account-bridge/node_modules/mocha/lib/runner.js:179:23)
at /Users/James/firefox-account-bridge/node_modules/mocha/lib/runner.js:197:5
at process._tickCallback (node.js:415:13)

2. the server can certify:
   algorithm RS not implemented

npm ERR! weird error 2
npm ERR! not ok code 0

Install ELM nightly
Run FF ELM nightly
go to about:accounts
Click on Sign In
Click on Forgot Password
I see this in the web console:
15:06:11.777 Use of getPreventDefault() is deprecated. Use defaultPrevented instead. jquery-2.0.0.min.js:5
15:06:14.174 "switching to " "reset-password" common.js:177
15:06:14.390 "showing" "reset-password" common.js:198
15:06:14.594 "reset-password" common.js:190

Type in any email (FxA or not)
Click the Next button.
Now I see this in the web console:
15:06:21.887 ReferenceError: verbMap is not defined common.js:118
15:06:21.887 "reset form!!!" [object Object] [object HTMLInputElement] flow.js:340
15:06:21.887 "sending" "reset_code" [object Object] common.js:113

Not sure what this is, but I am unable to get beyond this step.

https://travis-ci.org/mozilla/firefox-account-bridge/builds/11023019

The code seems to use only port 3030 for the services, but the README.md references 3000
https://github.com/mozilla/firefox-account-bridge#running-the-service

Not a big deal, just getting it noted...

The elm builds now support persisting the fxa session information, so we can query the browser and show the correct state.

Tangentially related to #92.

The directory structure is making my heart a bit sad:

• We have both a /js/ and /javascripts/ directory.
• jquery 1.7.1 is in /js/vendor/** directory, whereas 2.0.0 is just in /javascripts/**. We should probably standardize on a vendor subdirectory.

<script src="/js/vendor/jquery-1.7.1.min.js"></script>
<script src="/javascripts/jquery-2.0.0.min.js" type="text/javascript"></script>

We should probably consider relocating the /static/js/** to /static/javascripts/** since it looks like javascripts has more "stuff" in it.

Need to update the package.json file (both name and bad repo URL) and the scripts/awsbox/auto_update.sh files to the new repo name.

In the case of the package.json, we may need to rename the package in npm as well.

Not sure if it is even hooked up, but we are lead there indirectly after Account Creation
and after "syncing" finishes.

Not much in Web Console:
"switching to " "preferences" common.js:177
17:46:18.521 "showing" "preferences" common.js:198
17:46:18.728 ReferenceError: verbMap is not defined common.js:118
17:46:18.727 "preferences" common.js:190
17:46:18.728 "sending" "accounts" [object Object]

Workaround could be refresh the about:accounts page and Sign Out from there?

Currently we only send the email supplied during sign-in. We need to also send the userid (<uid>@lcip.org).

From https://travis-ci.org/mozilla/fxa-content-server/builds/14213645

Test main - create_account - create account form FAILED on firefox 23.0.1 on XP:
Error: Error response status: 7. 
    at webdriver._newError (/home/travis/build/mozilla/fxa-content-server/node_modules/intern/node_modules/wd/lib/webdriver.js:73:13)
    at /home/travis/build/mozilla/fxa-content-server/node_modules/intern/node_modules/wd/lib/webdriver.js:149:25
    at Request._callback (/home/travis/build/mozilla/fxa-content-server/node_modules/intern/node_modules/wd/lib/webdriver.js:364:5)
    at Request.self.callback (/home/travis/build/mozilla/fxa-content-server/node_modules/intern/node_modules/wd/node_modules/request/index.js:148:22)
    at Request.EventEmitter.emit (events.js:98:17)
    at Request.<anonymous> (/home/travis/build/mozilla/fxa-content-server/node_modules/intern/node_modules/wd/node_modules/request/index.js:876:14)
    at Request.EventEmitter.emit (events.js:117:20)
    at IncomingMessage.<anonymous> (/home/travis/build/mozilla/fxa-content-server/node_modules/intern/node_modules/wd/node_modules/request/index.js:827:12)
    at IncomingMessage.EventEmitter.emit (events.js:117:20)
    at _stream_readable.js:910:16
No coverage report available
firefox 23.0.1 on XP: 1/7 tests failed

https://github.com/mozilla/fxa-content-server/search?q=jquery&source=cc&type=Code

We're rocking 1.7.1 (circa November 21, 2011) and 2.0.0 (circa April 18, 2013)

1. /server/views/provision.html (line 3)

<script src="/js/vendor/jquery-1.7.1.min.js"></script>

1. /server/views/accounts/layout.html (lines 13 and 24 -- we might want to move this out of the if..else)

<script src="/javascripts/jquery-2.0.0.min.js" type="text/javascript"></script>

1. /server/views/authentication.html (line 19)

<script src="/js/vendor/jquery-1.7.1.min.js"></script>

This is what I see now, running with FF 23 on Mac 10.8:

$ npm run-script test-functional

[email protected] test-functional /Users/James/firefox-account-bridge
node node_modules/intern/runner.js config=tests/intern_functional

Defaulting to "runner" reporter
Listening on 0.0.0.0:9090
Initialised firefox 23.0.1 on MAC
Test main - login - create account form FAILED on firefox 23.0.1 on MAC:
Error: Validates false login: expected '' to equal 'Try another email or Create an account'
Validates false login: expected '' to equal 'Try another email or Create an account'
No coverage report available
firefox 23.0.1 on MAC: 1/2 tests failed

=============================== Coverage summary ===================

Statements : 100% ( 0/0 )
Branches : 100% ( 0/0 )
Functions : 100% ( 0/0 )
Lines : 100% ( 0/0 )

==================================================================

TOTAL: tested 1 platforms, 1/2 tests failed
npm ERR! weird error 1
npm ERR! not ok code 0

We should test all the flows using browser automation. Perhaps with dalek.

As with picl-idp, we need a full hekad deploy and config here...
@rfk

This is effectively a dump of the mocks used in user testing of PiCL flows, but with gherkin.js integrated.

I checked the dependencies using https://david-dm.org/mozilla/firefox-account-bridge and noticed there are 2-5 outdated dependencies (not including the devDependencies):

Most notably:

• awsbox (specified: 0.45, latest: 0.6.2)
• express (specified: 3.3.4, latest: 3.4.0)

It looks like jwcrypto and nunjucks are only 0.0.1 off, and the browserid-certifier is pulling a specific revision in GitHub and can probably be ignored.

If you switch to the devDependencies tab, we se the following outdated dependencies:

• awsbox (specified: 0.4.5, latest: 0.6.2)
• jshint (specified: 0.9.1, latest: 2.1.11)
• mocha (specified: 1.0.3, latest: 1.13.0)
• should (specified: 0.6.3, latest: 1.3.0)
• supertest (specified: 0.7.1, latest: 0.8.0)

I also ran the package.json file through http://package-json-validator.com/ and got the following errors/warnings output:

{
  "valid": false,
  "errors": [
    "String not valid for author, expected format is Barney Rubble <[email protected]> (http://barnyrubble.tumblr.com/)"
  ],
  "warnings": [
    "Missing recommended field: keywords",
    "Missing recommended field: bugs",
    "Missing recommended field: contributors"
  ],
  "recommendations": [
    "Missing optional field: homepage",
    "Missing optional field: engines"
  ]
}

Steps to reproduce:

1. Start fxa-auth-server server (npm start).
2. Start fxa-content-server server (npm start).
3. Download and start Selenium Server Standalone 2.35.0 (java -jar selenium-server-standalone-2.35.0.jar)
4. Run npm test from the fxa-content-server directory.

Results:

$ npm test

[email protected] test /Users/pdehaan/dev/fxa-content-server_pd/fxa-content-server
node node_modules/intern/runner.js config=tests/intern suites=tests/tdd

Defaulting to "runner" reporter
Listening on 0.0.0.0:9090
Error: The environment you requested was unavailable.
at Request._callback (/Users/pdehaan/dev/fxa-content-server_pd/fxa-content-server/node_modules/intern/node_modules/wd/lib/webdriver.js:310:15)
at Request.self.callback (/Users/pdehaan/dev/fxa-content-server_pd/fxa-content-server/node_modules/intern/node_modules/wd/node_modules/request/index.js:148:22)
at Request.EventEmitter.emit (events.js:98:17)
at Request. (/Users/pdehaan/dev/fxa-content-server_pd/fxa-content-server/node_modules/intern/node_modules/wd/node_modules/request/index.js:876:14)
at Request.EventEmitter.emit (events.js:117:20)
at IncomingMessage. (/Users/pdehaan/dev/fxa-content-server_pd/fxa-content-server/node_modules/intern/node_modules/wd/node_modules/request/index.js:827:12)
at IncomingMessage.EventEmitter.emit (events.js:117:20)
at _stream_readable.js:920:16
at process._tickCallback (node.js:415:13)

Same labels as for picl-idp, please.
Thanks.

I am seeing really old (2012) nginx log files in /var/log/nginx (same as with the idp.dev.picl.org).

Since awsbox does not use this, we should change the AMI(?) so that these are no longer part of the install/deploy of FAB...

@rfk

Thee package.json file lists awsbox (v0.4.5) both in dependencies and devDependencies .

This is what I see if I run the functional tests (with or w/o the server running "npm start")
$ npm run-script test-functional

[email protected] test-functional /Users/James/firefox-account-bridge
node node_modules/intern/runner.js config=tests/intern_functional

Defaulting to "runner" reporter
Listening on 0.0.0.0:9090
Error: connect ECONNREFUSED
at errnoException (net.js:901:11)
at Object.afterConnect as oncomplete

Coverage summary
Statements : 100% ( 0/0 )
Branches : 100% ( 0/0 )
Functions : 100% ( 0/0 )
Lines : 100% ( 0/0 )

TOTAL: tested 0 platforms, 0/0 tests failed; fatal error occurred
npm ERR! weird error 1
npm ERR! not ok code 0

I am assuming this is due to some not-so-backward-compatibile changes to FAB from last week:

15:58:06.706 OPTIONS https://scrypt.dev.lcip.org/ [HTTP/1.1 204 No Content 1042ms]
15:58:07.752 POST https://scrypt.dev.lcip.org/ [HTTP/1.1 200 OK 911ms]
15:58:08.916 OPTIONS https://idp.dev.lcip.org/account/create [HTTP/1.1 200 OK 261ms]
15:58:09.181 POST https://idp.dev.lcip.org/account/create [HTTP/1.1 404 Not Found 117ms]
15:58:09.246 "Error?" [object Object] flow.js:219
15:58:09.246 "error!!" ".create-panel" 404 undefined

When I install and do an "npm start", I see references to
FAB: Firefox Account Bridge listening at http://dev.fxaccounts.mozilla.org:3030

This is not even live at the moment.
If we are no longer using or pointing to dev.fxaccounts.mozilla.org, we should remove it from the code.

I am assuming we should be talking to accounts.dev.lcip.org , if any....

I am speaking specifically of the following:
/home/app/var/log/browserid-certifier.js.log
/home/app/var/log/firefox_account_bridge.js.log

A pain to debug w/o that info in there...

After going through the beginnings of Account Creation, I correctly get sent an email verification. The link looks something like this:
https://idp.dev.lcip.org/verify_email?uid=BlahBlahBlah

Using that link in the ELM build, I see a 404:
{"code":404,"error":"Not Found","errno":404}

So the Account Creation process can not complete...

Currently, if you have multiple about:accounts pages open and you sign out of your account in one, the other page will not update its state. A fix for this will depend on the browser chrome sending notifications to observers in the wrapper "donut".

I am working with the latest ELM build (10/22/2013).
Somehow I got into this state trying to Sign In with an unverified email.
I do get the appropriate error message:
"You need to verify this email first. Click here to resend the verification link."

But, when I click on the Verify link, I actually get this error (as seen in the Web Console):
...etc...
GET https://idp.dev.lcip.org/v1/account/keys [HTTP/1.1 400 Bad Request 127ms]
17:30:28.439 "got client" [object Object] flow.js:96
17:30:28.574 "Error?" [object Object] flow.js:125
17:30:28.574 "error!!" ".login-panel" 104 "You need to verify this email first. Click here to resend the verification link." common.js:74
17:30:36.978 ReferenceError: verbMap is not defined common.js:118
17:30:36.977 "sending" "reverify" [object Object]

Workaround might be to go back to Create Account page and try the verify from there?...

Right now, I was only able to find two "working", associated log files for FAB:
On here: accounts.dev.lcip.org

1. firefox_account_bridge.js.log
   This one has no date/timestamps, so it is hard to tell when things happened...
   (last update 8/29/2013 ?)
   and it is full of old references to the following: dev.fxaccounts.mozilla.org

What is this log doing? What is it supposed to capture?

1. browserid-certifier.js.log
   This log is full of the following exceptions:
   Error: listen EADDRINUSE
   at errnoException (net.js:770:11)
   at HTTPServer.Server._listen2 (net.js:910:14)
   at listen (net.js:937:10)
   at HTTPServer.Server.listen (net.js:986:5)
   at module.exports (/home/app/code/node_modules/browserid-certifier/bin/certifier:86:12)
   at Object. (/home/app/code/server/bin/browserid-certifier.js:15:1)
   at Module._compile (module.js:449:26)
   at Object.Module._extensions..js (module.js:467:10)
   at Module.load (module.js:356:32)
   at Function.Module._load (module.js:312:12)
   warn: Forever detected script exited with code: 1
   warn: Forever restarting script for 47623 time
   path.existsSync is now called fs.existsSync.

and similarly:
warn: Forever detected script exited with code: 1
events.js:71
throw arguments[1]; // Unhandled 'error' event
^
Error: listen EADDRINUSE
at errnoException (net.js:770:11)
at HTTPServer.Server._listen2 (net.js:910:14)
at listen (net.js:937:10)
at HTTPServer.Server.listen (net.js:986:5)
at module.exports (/home/app/code/node_modules/browserid-certifier/bin/certifier:86:12)
at Object. (/home/app/code/server/bin/browserid-certifier.js:15:1)
at Module._compile (module.js:449:26)
at Object.Module._extensions..js (module.js:467:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)

Are there other important logs here that I am not seeing?

Generally, what are we trying to capture on FAB that will make sense to capture and monitor with hekad for example?

or at least stopping slamming the idp server with GET requests ad nauseum until the user clicks on the link to complete the verification process:

...etc...
16:54:12.200 GET https://idp.dev.lcip.org/v1/recovery_email/status [HTTP/1.1 200 OK 123ms]
16:54:12.520 "verify!!!" [object Object] flow.js:299
...etc...

I think we put something in place in Persona, to stop hitting the server after X amount of time.
Maybe I am dreaming that...

Sometimes the login payload includes kA and kB, and sometimes it doesn't. We should split these two messages, since they clearly mean different things depending on where we are in the verification loop.

Taken from here:
mozilla/fxa-auth-server#355

Trying to be consistent with what we do in Stage and Prod for fxa-auth-server...

It appears that some flavor of gmp is required for this repo.

I see this on a fresh deploy of Mint 15 (Ubuntu):
$ npm install
...etc...
../bigint.cc:9:17: fatal error: gmp.h: No such file or directory
compilation terminated.
npm http 200 https://registry.npmjs.org/async/-/async-0.1.22.tgz
make: *** [Release/obj.target/bigint/bigint.o] Error 1
make: Leaving directory /home/mozilla/firefox-account-bridge/node_modules/jwcrypto/node_modules/bigint/build' gyp ERR! build error gyp ERR! stack Error:make` failed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/usr/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:267:23)
gyp ERR! stack at ChildProcess.EventEmitter.emit (events.js:98:17)
gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:789:12)
gyp ERR! System Linux 3.8.0-19-generic
gyp ERR! command "node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "configure" "build"
gyp ERR! cwd /home/mozilla/firefox-account-bridge/node_modules/jwcrypto/node_modules/bigint
gyp ERR! node -v v0.10.16
gyp ERR! node-gyp -v v0.10.9
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]

Because we have none.
Or if we do, the logs are not being updated/archived/zipped.

ls -al /var/log/nginx

-rw-r--r-- 1 nginx adm 0 Sep 21 20:50 access.log
-rw-r--r-- 1 nginx adm 0 Sep 21 20:50 error.log

See also #31

This bridge is a Persona IdP. One of the things it does is issue certificates.

What is a certificate? It is basically the user's public key, signed by this IdP's private key.

We have a repo with a stand-alone web service that does this. It needs to be integrated.

Example codebase - BigTent (Yahoo Bridge)

• Serving up /.well-known/browserid https://github.com/mozilla/browserid-bigtent/blob/master/server/routes.js#L423
• Background documentation around Certifier and how to generate a key pair
• https://github.com/mozilla/browserid-bigtent/blob/master/server/lib/certifier.js - Library code for calling into the certifier web service
• https://github.com/mozilla/browserid-bigtent/blob/master/server/routes.js#L150 - Authentication POST which uses certifier
• Documentation https://raw.github.com/mozilla/browserid-bigtent/master/docs/DEV_NOTES.md
• AWS Documentation https://raw.github.com/mozilla/browserid-bigtent/master/docs/AWSBOX_DEPLOY.md

Other IdPs to look at how they integrated:

• https://github.com/mozilla/vinz-clortho
• http://github.com/mozilla/sideshow

It appears that actual logs are being created/modified here:
/home/app/var/log

So, maybe we do not even need the /home/app/code/server/var/log directory
The /home/app/code/server/var directory is in use...

On Android, I am seeing in the jelly from about:accounts.

E GeckoConsole(16674) Security Error: Content at http://accounts.dev.lcip.org/ may not load data from https://accounts.dev.lcip.org/mobile.

Pretty sure this is a vanilla CORS issue. We might just need to bump the firefox.accounts.remoteUrl to point to https://.

It's difficult to tell if you've hit the button since there's no feedback. On mobile, the browser janks hard for 8-12 seconds doing the crypto work, so we need to blur the button, or set up a spinner, or similar.

Install an ELM nightly from here:
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-elm/

Open Firefox Nightly
Open the Web Console
Open about:accounts

If you scroll down the Web Console output, you will see the Syntax and Password field errors:
...etc...

14:09:17.051 SyntaxError: Using //@ to indicate sourceMappingURL pragmas is deprecated. Use //# instead jquery-2.0.0.min.js:1
14:09:17.054 Error: https://accounts.dev.lcip.org/javascripts/jquery-2.0.0.min.js is being assigned a //# sourceMappingURL, but already has one
14:09:17.077 Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.[Learn More]
...etc...
14:09:17.395 "showing" "t1-create-signin" common.js:198
14:09:17.596 "t1-create-signin" common.js:190
14:09:18.170 "sending command to browser" "session_status" undefined common.js:295
14:09:18.171 "Received message from browser: " [object Object] common.js:258
14:09:18.171 "signed out!" common.js:273
(I am assuming that last bit is correct behavior)

The SyntaxError, Error, and Password field issue are significant and need some investigation.

For Android, it would be super if both the create account flow and the login flow provided the chrome wrapper with {email, uid, sessionToken, kA, kB}. At the moment, the create account flow does (via a separate verified message) but the login flow does not.

I think that the login flow should enter the verified flow after completion, because it is possible to login to an unverified account. No?

If I am reading the README correctly:
I cloned and "npm installed" FAB (this is all on a Mac)

In terminal 1:
I ran "npm start"
I see this, which to me is unexpected:
"CERTIFIER ERR: path.existsSync is now called fs.existsSync."

In terminal 2:
I ran "java -jar selenium-server-standalone-2.35.0.jar"

In terminal 3:
I cd to FAB and run "npm test"

In terminal 1, I see no apparent activity.
In terminal 2, I see several "sessions" start and end while the test is running.
In terminal 3, I get the following error:
[email protected] test /Users/James/firefox-account-bridge
node node_modules/intern/runner.js config=tests/intern suites=tests/tdd

Defaulting to "runner" reporter
Listening on 0.0.0.0:9090
Initialised firefox 23.0.1 on MAC
Error: uncaught exception: [object Object] at :0
window.onerror@http://localhost:9090/__intern/client.js:62

No coverage report available
firefox 23.0.1 on MAC: 0/0 tests failed

Coverage summary
Statements : 100% ( 0/0 )
Branches : 100% ( 0/0 )
Functions : 100% ( 0/0 )
Lines : 100% ( 0/0 )

TOTAL: tested 1 platforms, 0/0 tests failed; fatal error occurred
npm ERR! weird error 1
npm ERR! not ok code 0

After verification and fetching keys, we'll need jwcrypto to ultimately get an assertion to a storage server.

• include jwcrypto bundle in static/javascripts
• generate key pair with jwcrypto
• send public key to keyserver and get back a signed certificate
• generate an assertion with principle uid@firefox account server and audience of the Sync 2.0 token server (http://auth.oldsync.dev.lcip.org/) URL corrected to be the token server
• pass kB, assertion, email back to browser chrome

Duration for the cert should be long (a year), likewise for assertion expire date.

Example of creating a key pair:

jwcrypto.generateKeypair({algorithm: "DS", keysize: KEY_LENGTH}, function(err, keypair) {
    var pk = keypair.publicKey;
    var sk = keypair.secretKey;
});

Example of creating an assertion:

jwcrypto.assertion.sign(
  {}, {audience: audience, expiresAt: expirationDate},
  secretKey,
  function(err, signedAssertion) {
    var assertion = jwcrypto.cert.bundle([cert], signedAssertion);
  });

/cc @vladikoff