Exciting news!Announcing our $4.6M Series Seed. Learn more
Socket
LoveBlogFAQ
Install
Log in

@makemydeal/dr-auth-utilities

Package Overview
Dependencies
0
Maintainers
1
Versions
1
Issues
File Explorer

Advanced tools

@makemydeal/dr-auth-utilities

JWT Token Validation and other utilities

    1.0.1latest

Version published
Maintainers
1
Yearly downloads
7,156

Weekly downloads

Readme

Source

@makemydeal/dr-auth-utilities

This is a package to help with managing authorization and authentication within DR applications. This will assist with JWT Token Verification, Scopes Verification, Policy Document creation for API Gateway, etc.

VerifyTokenManager

In order to use VerifyTokenManager, you need to instantiate a copy of the class.

const vtm = new VerifyTokenManager();

This was done as a class so it can "manage it's own state." In an effort to speed up JWT Token Verifications along with Signing Verification, we only want to request the PEM once. This operation is async, so we would not want each request to slow down the application.

verify

This will verify an encoded token by checking against the SigningKey and other optional settings. It will also check if the token is Expired against the current date.

Options

ParameterRequiredDescription
jwksUriYesLocation of the JWKS URI in order to acquire the SigningKey
encodedTokenYesThe token to decode
optionsNoOptions that can be set when verifying the token. See IVerifyOptions

IVerifyOptions

OptionsDescription
audienceTo verify the audience against a known audience or audiences, pass the value here
issuerTo verify the issuer against a known issuer or issuers, pass the value here
algorithmsThe algorithms used to encode the token. RS256 for example. You shouldn't need this option
ignoreExpirationPass TRUE to not validate the token against expiration
clockToleranceIf you wish to provide a "buffer", pass it here. For instance, if you want the token to be determined to be expired if we are within 30 seconds of expiration, pass 30 here.

verifyFromEvent

This function will perform the same operation as the verify function. However, instead of passing in the encodedToken, you will pass in the ITokenAuthorization object that comes from API Gateway. The function will then get the encodedToken and pass it to verify for the results.

decode

If you wish to decode a token, and check it against the criteria in IVerifyOptions, but you do not wish to verify against the SigningKey, then use this function

Options

ParameterRequiredDescription
encodedTokenYesThe token to decode
optionsNoOptions that can be set when verifying the token. See IVerifyOptions

apiGateway

This object contains helpers to work with API Gateway method ARNs

parseMethodArn

This method will take a methodArn and parse it into it's parts.

createMethodArn

This method will take the parts of a methodArn and construct the arn. This is helpful for creating methodArns with wildcards

scopes

This object has tools for checking scopes against a known list

every

This method will tell you if every scope in the known list is in the token

some

This method will tell you if at least one scope in the known list is in the token

policyDocument

This object contains tools to create a PolicyDocument for API Gateway Authorizers

create

Given a set of resources, this will create the policy document. If the resources list is empty, or undefined, it will return a policy to deny access

createReadWrite

Given the token, the methodArn from the authorizer and a set of options, this will create the policy document. The options define the readScopes (scopes for read access), writeScopes (scopes for write access), readVerbs (verbs for read, defaults to GET) and writeVerbs (verbs for write, default to ['POST', 'PUT', 'PATCH])

Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc