Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@adobe/jwt-auth
Advanced tools
Retrieve an Adobe bearer token via the JWT path
Instead of every developer who wants to use the JWT Auth flow to retrieve an auth token from Adobe having to write their own implementation of this flow this package is intended to replace this need with one method call.
Instructions for how to download/install the code onto your machine.
Example:
npm install @adobe/jwt-auth
Usage instructions for your code.
Promise based example:
const auth = require('@adobe/jwt-auth');
auth(config)
.then(tokenResponse => console.log(tokenResponse))
.catch(error => console.log(error));
Async/Await based example:
const auth = require('@adobe/jwt-auth');
let tokenResponse = await auth(config);
console.log(tokenResponse);
or (if you don't care about the other properties in the token response)
const auth = require('@adobe/jwt-auth');
let { access_token } = await auth(config);
console.log(access_token);
The config object is where you pass in all the required and optional parameters to the auth
call.
parameter | integration name | required | type | default |
---|---|---|---|---|
clientId | API Key (Client ID) | true | String | |
technicalAccountId | Technical account ID | true | String | |
orgId | Organization ID | true | String | |
clientSecret | Client secret | true | String | |
privateKey | true | String | ||
passphrase | false | String | ||
metaScopes | true | Comma separated Sting or an Array | ||
ims | false | String | https://ims-na1.adobelogin.com |
In order to determine which metaScopes you need to register for you can look them up by product in this handy table.
For instance if you need to be authenticated to call API's for both GDPR and User Management you would look them up and find that they are:
They you would create an array of metaScopes as part of the config object. For instance:
const config = {
clientId: 'asasdfasf',
clientSecret: 'aslfjasljf-=asdfalasjdf==asdfa',
technicalAccountId: 'asdfasdfas@techacct.adobe.com',
orgId: 'asdfasdfasdf@AdobeOrg',
metaScopes: [
'https://ims-na1.adobelogin.com/s/ent_gdpr_sdk',
'https://ims-na1.adobelogin.com/s/ent_user_sdk'
]
};
However, if you omit the IMS url the package will automatically add it for you when making the call to generate the JWT. For example:
const config = {
clientId: 'asasdfasf',
clientSecret: 'aslfjasljf-=asdfalasjdf==asdfa',
technicalAccountId: 'asdfasdfas@techacct.adobe.com',
orgId: 'asdfasdfasdf@AdobeOrg',
metaScopes: ['ent_gdpr_sdk', 'ent_user_sdk']
};
This is the recommended approach.
The response object contains three keys:
token_type
access_token
expires_in
const auth = require('@adobe/jwt-auth');
const fs = require('fs');
const config = {
clientId: 'asasdfasf',
clientSecret: 'aslfjasljf-=asdfalasjdf==asdfa',
technicalAccountId: 'asdfasdfas@techacct.adobe.com',
orgId: 'asdfasdfasdf@AdobeOrg',
metaScopes: ['ent_dataservices_sdk']
};
config.privateKey = fs.readFileSync('private.key');
auth(config)
.then(token => console.log(token))
.catch(error => console.log(error));
Contributions are welcomed! Read the Contributing Guide for more information.
This project is licensed under the Apache V2 License. See LICENSE for more information.
FAQs
Retrieve an authorization token from Adobe via JSON Web Token
We found that @adobe/jwt-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 21 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.