@packt/jwt-authorizer
Advanced tools
Module to manage JWT claims-based authentication with permissions.
Use this package for checking a users authentication and authorization in a microservice environment, and to encode their permissions into the JWT. There are 2 classes within this package, AuthHelper and PermissionManager.
Exceptions are thrown using the @packt/error-custom error type, with unique error codes:
Code Class Function Description
------- ----------------- ----------------------- -----------------------------------
1000100 AuthHelper processJwt JWT verification failed
1000101 AuthHelper processJwt UserId doesn't match and no permission to override
1000102 AuthHelper processJwt No userId in token
1000103 VerifyJson VerifyJson Service [${key}] has no numeric service index
1000104 VerifyJson VerifyJson Service [${key}] has an index greater than the number of services
1000105 VerifyJson VerifyJson Service index [${serviceNum}] exists twice (extra time in [${key}])
1000106 VerifyJson VerifyJson Value [${value}] of Key [${permissionKey}] in Service [${serviceNum}] is not Base2
1000107 VerifyJson VerifyJson Value [${value}] of Key [${permissionKey}] in Service [${serviceNum}] exists twice
1000108 PermissionManager constructor No config file supplied
1000109 PermissionManager addPermission Service doesn't match global permissions object
1000110 PermissionManager removePermission Service doesn't match global permissions object
1000111 PermissionManager checkPermission Service doesn't match global permissions object
1000112 PermissionManager static checkPermission Service doesn't match global permissions object
1000113 AuthHelper processJwt Invalid Jwt format
1000114 AuthHelper constructor Invalid public key format
The JWT itself defines whether a user is authenticated, and a specific object structure is used to manage permissions. This has been designed to encode full permissions into the JWT in a minimal amount of space, and allow the consuming microservice to check permissions without a call to a central service, reducing processing time and direct runtime dependency.
Permissions are detailed as an object with the following format:
{
"genin": {
"service": 0,
"dRankMission": 1,
"cRankMission": 2
},
"chunin": {
"service": 1,
"bRankMission": 1,
"aRankMission": 2
},
"jonin": {
"service": 2,
"sRankMission": 1,
"potentialKage": 2
}
}
Top level objects are individual services, and each must contain a service property with a numeric index. These must be 0 based, unique and no higher than the number of objects-1.
Within each object are permission properties, which are base2 numbers.
This object structure is passed into the PermissionManager class as a JSON string and validated for correct structure. It is recommended that the JSON is stored in the authentication and authorization service (that generates the JWTs) and validated as part of the build step.
The permissions a user has can he held in a UInt8Array which base64 encodes to an extremely short string to be put into the JWT.
As the UInt8Array can only store 8 bits per service, there can only be 8 permissions per service. Any services needing more permissions will need to be split over 2 'virtual' services.
AuthHelper is to be used in microservices to verify if the user has a valid authentication and authorization.
constructor(rawJwt, publicKey, service, overrideAccessPermission)
Instantiates the helper object with raw information needed.
processJwt(userId)
Validates the JWT for structure and signature.
userId to JWT, when a different userId is provided then a permission check is made using the service and overrideAccesspermission specified in the constructor.jwt expireduserCan(permissionClass, permission)
Checks whether the user has the required permission.
PermissionManager is to be used in microservices to verify if the user has a valid authentication and authorization.
constructor(globalJSON, permsIn = undefined)
Creates permission object ready to manage.
addPermission(serviceIndex, perm)
Adds a permimssion into the internal permission object.
removePermission(serviceIndex, perm)
Removes a permimssion from the internal permission object.
toString()
Returns a base64 version of the permissions array to be stored in a JWT.
listPermissions()
Returns an array of permissions set for the current object.
checkPermission(serviceIndex, permission)
Checks the permission is included in the current permissions object.
static checkPermissions(encodedPermissions, serviceIndex, permission)
Checks the permission is included in the supplied encoded permissions object.
FAQs
Module to manage JWT claims-based authentication with permissions.
The npm package @packt/jwt-authorizer receives a total of 0 weekly downloads. As such, @packt/jwt-authorizer popularity was classified as not popular.
We found that @packt/jwt-authorizer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.