@leisurelink/auth-context
Advanced tools
LeisureLink client-side authentication & authorization context for node.
LeisureLink client-side authentication & authorization context for node.
auth-context is one of many security tools in use by the LeisureLink service ecosystem to ensure that security-principals (users and systems) are authorized to perform the actions they request.
In order to ensure the LeisureLink systems remain loosely coupled, yet maintain a high-level of security, each operation is performed within the context of an auth-token; in most cases this means that an auth-token is conveyed with each request, such as in an HTTP Authorization header. This enables each service to authenticate the caller, as well as trust identity-claims encoded within the auth-token.
In the present version, we utilize JSON Web Token (JWT) to encode our auth-token. It is fair to say that our auth-token is-a JWT.
This module embodies the client-side utilities we've built over the auth-token that enable us to perform access control and role-based security during the system's operation.
> AUTH_ACCEPT_JWT_ISSUER=LeisureLink-authentic \
AUTH_ACCEPT_JWT_AUDIENCE=vrHub \
AUTH_ACCEPT_JWT_ISSUER_KEY_FILE=authentic-key.pub \
node app.js
These are types defined in this repository.
auth-tokens for a specified issuer and audience.auth-token, enables interrogation of a principal's claims as well as authoriztion challenges.These are types that types in this repository may use
crProvider (Claim Resolution Provider) - A object (or library) which exposes methods for resolving local and remote claims. A object must minimally expose two methods to be considered a crProvider:
function (csid, callback) where csid is a Claimset Idfunction (clid, systemId, callback) where clid is a Claim Id and SystemId is an identifier for a principal.More information about the nature of the requirements placed on the returned functions can be found here.
Both of the Claim Resolutoin Provider functions accept a lang, e.g. en_US, and an instatiated AuthenticClient object.
FAQs
LeisureLink client-side authentication & authorization context for node.
The npm package @leisurelink/auth-context receives a total of 15 weekly downloads. As such, @leisurelink/auth-context popularity was classified as not popular.
We found that @leisurelink/auth-context demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 18 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenGrep has restored fingerprint and metavariable support in JSON and SARIF outputs, making static analysis more effective for CI/CD security automation.
Security News
Security experts warn that recent classification changes obscure the true scope of the NVD backlog as CVE volume hits all-time highs.
Security Fundamentals
Attackers use obfuscation to hide malware in open source packages. Learn how to spot these techniques across npm, PyPI, Maven, and more.