micro-jwt-jwks-rsa-auth โ JWT authorization wrapper for Micro
An Authorization
header with value Bearer MY_TOKEN_HERE
is expected to be present in all requests. The decoded token will be available as req.jwt
after successful authentication for other handlers.
If the token is missing or validation fails, an Error
will be thrown with the statusCode
property set to 401. This is handled automatically by the micro framework, or can be intercepted with error handlers such as micro-boom.
The wrapper can be configured to validate against either a fixed secret or dynamically using jwks-rsa.
const jwtAuth = require('micro-jwt-jwks-rsa-auth')
const auth = jwtAuth({
secret, // 1
jwksRsaConfig, // 2, 3
kid, // 3
validAudiences,
whitelist,
resAuthMissing
resAuthInvalid,
resAudInvalid
})
const handler = async(req, res) => { ... } // Your micro logic
module.exports = auth(handler)
- Fixed
secret
only (no jwks-rsa) jwksRsaConfig
configuration only (kid
is looked up from request jwt token headers)jwksRsaConfig
and fixedkid
(kid
on jwt is ignored)
validAudiences
: List of audiences considered valid. If omitted, audience is not validated.whitelist
: List of paths where authentication is not enforced (token will still be decoded if present)resAuthMissing
: Custom error message for missing authentication headerresAuthInvalid
: Custom error message for invalid tokenresAudInvalid
: Custom error message for invalid audience
'use strict'
const jwtAuth = require('micro-jwt-jwks-rsa-auth')
const auth = jwtAuth({ secret: 'my_jwt_secret' });
const handler = async(req, res) => {
return `Ciaone ${req.jwt.username}!`
}
module.exports = auth(handler)
'use strict'
const jwtAuth = require('micro-jwt-jwks-rsa-auth')
const ms = require('ms')
const jwksRsaConfig = {
strictSsl: true,
cache: true,
cacheMaxEntries: 5,
cacheMaxAge: ms('10h'),
jwksUri: 'https://<your-auth-domain>/.well-known/jwks.json'
}
const auth = jwtAuth({ jwksRsaConfig: jwksRsaConfig });
// Fixed kid: jwtAuth({ jwksRsaConfig: jwksRsaConfig, kid: 'abcdefg' });
const handler = async(req, res) => {
return `Ciaone ${req.jwt.username}!`
}
module.exports = auth(handler)
'use strict'
const { router, get, post, put, patch, del } = require('microrouter')
const jwtAuth = require('micro-jwt-jwks-rsa-auth')
const auth = jwtAuth(...);
// All routes
const routes = router(
get('/route1/', handler),
get('/route2/', handler)
)
module.exports = auth(routes)
// Individual routes
const routes = router(
get('/route1/', auth(handler)),
get('/route2/', auth(handler))
)
module.exports = routes
Most of the code is based on micro-jwt-auth.