Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@adobe/jwt-auth
Advanced tools
Retrieve an Adobe bearer token via the JWT path
Instead of every developer who wants to use the JWT Auth flow to retrieve an auth token from Adobe having to write their own implementation of this flow this package is intended to replace this need with one method call.
Instructions for how to download/install the code onto your machine.
Example:
npm install @adobe/jwt-auth
Usage instructions for your code.
Promise based example:
const auth = require("@adobe/jwt-auth");
auth(config)
.then((tokenResponse) => console.log(tokenResponse))
.catch((error) => console.log(error));
Async/Await based example:
const auth = require("@adobe/jwt-auth");
let tokenResponse = await auth(config);
console.log(tokenResponse);
or (if you don't care about the other properties in the token response)
const auth = require("@adobe/jwt-auth");
let { access_token } = await auth(config);
console.log(access_token);
The config object is where you pass in all the required and optional parameters to the auth
call.
parameter | integration name | required | type | default |
---|---|---|---|---|
clientId | API Key (Client ID) | true | String | |
technicalAccountId | Technical account ID | true | String | |
orgId | Organization ID | true | String | |
clientSecret | Client secret | true | String | |
privateKey | true | String | ||
passphrase | false | String | ||
metaScopes | true | Comma separated Sting or an Array | ||
ims | false | String | https://ims-na1.adobelogin.com |
In order to determine which metaScopes you need to register for you can look them up by product in this handy table.
For instance if you need to be authenticated to call API's for both GDPR and User Management you would look them up and find that they are:
They you would create an array of metaScopes as part of the config object. For instance:
const config = {
clientId: "asasdfasf",
clientSecret: "aslfjasljf-=asdfalasjdf==asdfa",
technicalAccountId: "asdfasdfas@techacct.adobe.com",
orgId: "asdfasdfasdf@AdobeOrg",
metaScopes: [
"https://ims-na1.adobelogin.com/s/ent_gdpr_sdk",
"https://ims-na1.adobelogin.com/s/ent_user_sdk",
],
};
However, if you omit the IMS url the package will automatically add it for you when making the call to generate the JWT. For example:
const config = {
clientId: "asasdfasf",
clientSecret: "aslfjasljf-=asdfalasjdf==asdfa",
technicalAccountId: "asdfasdfas@techacct.adobe.com",
orgId: "asdfasdfasdf@AdobeOrg",
metaScopes: ["ent_gdpr_sdk", "ent_user_sdk"],
};
This is the recommended approach.
The response object contains three keys:
token_type
access_token
expires_in
const auth = require("@adobe/jwt-auth");
const fs = require("fs");
const config = {
clientId: "asasdfasf",
clientSecret: "aslfjasljf-=asdfalasjdf==asdfa",
technicalAccountId: "asdfasdfas@techacct.adobe.com",
orgId: "asdfasdfasdf@AdobeOrg",
metaScopes: ["ent_dataservices_sdk"],
};
config.privateKey = fs.readFileSync("private.key");
auth(config)
.then((token) => console.log(token))
.catch((error) => console.log(error));
Contributions are welcomed! Read the Contributing Guide for more information.
This project is licensed under the Apache V2 License. See LICENSE for more information.
FAQs
Retrieve an authorization token from Adobe via JSON Web Token
The npm package @adobe/jwt-auth receives a total of 3,198 weekly downloads. As such, @adobe/jwt-auth popularity was classified as popular.
We found that @adobe/jwt-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 21 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.