Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@leisurelink/auth-context
Advanced tools
@leisurelink/auth-context
LeisureLink client-side authentication & authorization context for node.
auth-context
LeisureLink client-side authentication & authorization context for node.
Background
auth-context is one of many security tools in use by the LeisureLink service ecosystem to ensure that security-principals (users and systems) are authorized to perform the actions they request.
In order to ensure the LeisureLink systems remain loosely coupled, yet maintain a high-level of security, each operation is performed within the context of an auth-token; in most cases this means that an auth-token is conveyed with each request, such as in an HTTP Authorization header. This enables each service to authenticate the caller, as well as trust identity-claims encoded within the auth-token.
In the present version, we utilize JSON Web Token (JWT) to encode our auth-token. It is fair to say that our auth-token is-a JWT.
This module embodies the client-side utilities we've built over the auth-token that enable us to perform access control and role-based security during the system's operation.
Environmental Configuration
> AUTH_ACCEPT_JWT_ISSUER=LeisureLink-authentic \
AUTH_ACCEPT_JWT_AUDIENCE=vrHub \
AUTH_ACCEPT_JWT_ISSUER_KEY_FILE=authentic-key.pub \
node app.js
Types
These are types defined in this repository.
- AuthScope - an authorization scope; provides the ability to decode and verify
auth-tokensfor a specifiedissuerandaudience. - AuthContext - an authorization context; the result of decoding an
auth-token, enables interrogation of a principal's claims as well as authoriztion challenges.
Dependent Types
These are types that types in this repository may use
-
crProvider (Claim Resolution Provider) - A object (or library) which exposes methods for resolving local and remote claims. A object must minimally expose two methods to be considered a crProvider:
- crProvider#getSpecResolver(lang, authenticClient) - getSpecResolver must return a function implementing
function (csid, callback)where csid is a Claimset Id - crProvider#getClaimResolver(lang, authenticClient) - getClaimResolver must return a function implementing
function (clid, systemId, callback)where clid is a Claim Id and SystemId is an identifier for a principal.
- crProvider#getSpecResolver(lang, authenticClient) - getSpecResolver must return a function implementing
More information about the nature of the requirements placed on the returned functions can be found here.
Both of the Claim Resolutoin Provider functions accept a lang, e.g. en_US, and an instatiated AuthenticClient object.
FAQs
LeisureLink client-side authentication & authorization context for node.
We found that @leisurelink/auth-context demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 18 open source maintainers collaborating on the project.
Package last updated on 10 Dec 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025