Giter VIP home page Giter VIP logo

micro-jwt-jwks-rsa-auth's Introduction

micro-jwt-jwks-rsa-auth โ€” JWT authorization wrapper for Micro

Build Status npm

Usage

An Authorization header with value Bearer MY_TOKEN_HERE is expected to be present in all requests. The decoded token will be available as req.jwt after successful authentication for other handlers.

If the token is missing or validation fails, an Error will be thrown with the statusCode property set to 401. This is handled automatically by the micro framework, or can be intercepted with error handlers such as micro-boom.

The wrapper can be configured to validate against either a fixed secret or dynamically using jwks-rsa.

const jwtAuth = require('micro-jwt-jwks-rsa-auth')

const auth = jwtAuth({
  secret, // 1
  jwksRsaConfig, // 2, 3
  kid, // 3
  validAudiences,
  whitelist,
  resAuthMissing
  resAuthInvalid,
  resAudInvalid
})

const handler = async(req, res) => { ... } // Your micro logic

module.exports = auth(handler)

Mandatory Configuration Options

  1. Fixed secret only (no jwks-rsa)
  2. jwksRsaConfig configuration only (kid is looked up from request jwt token headers)
  3. jwksRsaConfig and fixed kid (kid on jwt is ignored)

Optional Configuration Options

  • validAudiences: List of audiences considered valid. If omitted, audience is not validated.
  • whitelist: List of paths where authentication is not enforced (token will still be decoded if present)
  • resAuthMissing: Custom error message for missing authentication header
  • resAuthInvalid: Custom error message for invalid token
  • resAudInvalid: Custom error message for invalid audience

Examples

With Fixed Secret

'use strict'

const jwtAuth = require('micro-jwt-jwks-rsa-auth')
const auth = jwtAuth({ secret: 'my_jwt_secret' });

const handler = async(req, res) => {
  return `Ciaone ${req.jwt.username}!`
}

module.exports = auth(handler)

With jwks-rsa Instead of Fixed Secret

'use strict'

const jwtAuth = require('micro-jwt-jwks-rsa-auth')
const ms = require('ms')

const jwksRsaConfig = {
  strictSsl: true,
  cache: true,
  cacheMaxEntries: 5,
  cacheMaxAge: ms('10h'),
  jwksUri: 'https://<your-auth-domain>/.well-known/jwks.json'
}
const auth = jwtAuth({ jwksRsaConfig: jwksRsaConfig });
// Fixed kid: jwtAuth({ jwksRsaConfig: jwksRsaConfig, kid: 'abcdefg' });

const handler = async(req, res) => {
  return `Ciaone ${req.jwt.username}!`
}

module.exports = auth(handler)

With micro-router

'use strict'

const { router, get, post, put, patch, del } = require('microrouter')
const jwtAuth = require('micro-jwt-jwks-rsa-auth')
const auth = jwtAuth(...);

// All routes
const routes = router(
  get('/route1/', handler),
  get('/route2/', handler)
)
module.exports = auth(routes)

// Individual routes
const routes = router(
  get('/route1/', auth(handler)),
  get('/route2/', auth(handler))
)
module.exports = routes

Credits

Most of the code is based on micro-jwt-auth.

License

MIT

micro-jwt-jwks-rsa-auth's People

Contributors

kandros avatar mikkorepolainen avatar nanoxd avatar ronnyhaase avatar stearm avatar tictcotq avatar tuckerconnelly avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

offero

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.