🚀 DAY 2 OF LAUNCH WEEK: Unify Your Security Stack with Socket Basics.Learn more →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@asymmetrik/sof-strategy

Package Overview
Dependencies
Maintainers
8
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@asymmetrik/sof-strategy

Smart on FHIR authorization strategy for passport

latest
Source
npmnpm
Version
1.1.4
Version published
Maintainers
8
Created
Source

SOF-Strategy

Strategy for Smart on FHIR authentication that works with Passport like any other passport strategy.

Install

yarn add @asymmetrik/sof-strategy

Usage

// Returns a helper function to setup your strategy
const smartBearerStrategy = require('@asymmetrik/sof-strategy');
const passport = require('passport');

// Create our strategy by giving it some config options, all are required
let strategy = smartBearerStrategy({
  introspectionUrl: 'https://www.foo.com/introspection',
  clientSecret: 'secret',
  clientId: 'client',
});

// Configure passport to use this new strategy
passport.use(strategy);

// Integrate it into your routes via middleware or some other mechanism
// Our strategy is a bearer strategy so use bearer for the name
let name = 'bearer';
let options = { session: false };

// Use as middleware use case
// app is a express instance
app.use('/some/protected/route/', passport.authenticate(name, options), someRouteController);

See sof-strategy tests for more usage examples.

Arguments

@asymmetrik/sof-strategy exports a single function which takes a single options argument with the following properties.

introspectionUrl

Introspection endpoint. The strategy will attempt to make a request to this endpoint with a token(provided by passport.js), clientId, clientSecret to validate the token has not been modified or resigned.

Type: String
Required: true

clientSecret

Necessary to validate the bearer token. Do not store these in client side code no matter what. This module should only be used server-side.

Type: String
Required: true

clientId

Necessary to validate the bearer token. Do not store these in client side code no matter what. This module should only be used server-side.

Type: String
Required: true

FAQs

Package last updated on 23 Sep 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys

Research

Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys

The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.

By Kirill Boychenko  -  Oct 22, 2025
Unify Your Security Stack with Socket Basics

Product

Unify Your Security Stack with Socket Basics

A single platform for static analysis, secrets detection, container scanning, and CVE checks—built on trusted open source tools, ready to run out of the box.

By Douglas Coburn, Eli Insua  -  Oct 21, 2025