@mondomob/gae-js-google-auth
Advanced tools
Utilities extending on Google Auth Library, such as middleware to validate Google JWT.
npm install @mondomob/gae-js-google-auth
Middleware to require a valid Google JWT token, for your endpoints.
An example can be found in the Example Pub/Sub JWT.
This middleware will always verify:
Authorization header is present with a Bearer <token> value<token> component is a valid token according to Google Auth Libraryemail_verified is trueiss is "https://accounts.google.com"Simplest usage
// Apply middleware however you normally would
app.use("/pubsub", requiresGoogleJwt());
// Now any matching routes will be protected
app.post("/pubsub/start-job", (req, res) => res.send("OK"));
app.post("/pubsub/poll-status", (req, res) => res.send("OK"));
It is recommended that you also verify the email matches the identity you expect of the signer (e.g. a service account email).
// Apply middleware however you normally would
app.use("/pubsub", requiresGoogleJwt({
email: "your-service-account@your-project.iam.gserviceaccount.com"
}));
// Now any matching routes will be protected
app.post("/pubsub/start-job", (req, res) => res.send("OK"));
app.post("/pubsub/poll-status", (req, res) => res.send("OK"));
Note: The email property also supports an array of values if your endpoints should be one of a set of allowed emails.
If you care about the audience property you can also specify this property as a single value or an array.
By default, this middleware will be disabled if run in an environment outside of GCP (local testing, for example). If you would like to override
this behaviour, you can set disableForNonGcpEnvironment to false.
Middleware to require a valid Google Identity Aware Proxy (IAP) signed header.
This middleware will verify:
x-goog-iap-jwt-assertion is presentSimplest usage:
// Apply middleware however you normally would
app.use("/protected", requiresIapJwt({
audience: "projects/1234/apps/my-protected-app" // replace with your app's audience
}));
// Now any matching routes will be protected
app.post("/protected/start-job", (req, res) => res.send("OK"));
app.post("/protected/poll-status", (req, res) => res.send("OK"));
By default, this middleware will be disabled if run in an environment outside of GCP (local testing, for example). If you would like to override
this behaviour, you can set disableForNonGcpEnvironment to false.
FAQs
Tools for Google Cloud Authentication
The npm package @mondomob/gae-js-google-auth receives a total of 24 weekly downloads. As such, @mondomob/gae-js-google-auth popularity was classified as not popular.
We found that @mondomob/gae-js-google-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.