@ssense/jwt-active-directory
Advanced tools
Authorization Middleware and Authenticator for Active Directory and JWT token
There are four ways to pass the token for validation: (1) in the Authorization header, (2) as a cookie, (3) as a POST parameter, and (4) as a URL query parameter. The middleware will look in those places in the order listed and return 401 if it can't find any valid token.
| Method | Format |
|---|---|
| Authorization Header | Authorization: Bearer <token> |
| Cookie | "jwt_token": <token> |
| URL Query Parameter | /protected?access_token=<token> |
| Body Parameter | POST access_token=<token> |
npm install --save @ssense/jwt-active-directory
const authenticator = new Authenticator({
url: 'ldap://127.0.0.1:1389',
baseDN: 'dc=domain,dc=com',
username: 'auth@domain.com',
//username: 'CN=Authenticator,OU=Special Users,DC=domain,DC=com',
password: 'password',
logging: {
name: 'ActiveDirectory',
streams: [
{
level: 'error',
stream: process.stdout
}
]
}
});
authenticator.authenticate('user@domain.com', 'password')
.then(({auth, user, groups}) => {
if (auth) {
const token: string = authenticator.sign({user, groups}, 'no-so-secret-key', {
expiresIn: '1 day'
});
// your script ...
}
})
.catch((err) => {
console.log(err);
});
or you can use authenticateAndSign(email: string, password: string, jwtKey: string, jwtOptions, jwtExtraClaims?: {})
authenticator.authenticateAndSign('user@domain.com', 'password', 'no-so-secret-key', {
expiresIn: '1 day'
},
// Optional claims argument
{
extra: 'payload options',
foo: 'bar',
hello: 'Worl!'
})
.then(({auth, user, groups, token}) => {
console.log('auth', auth);
console.log('user', user);
console.log('groups', groups);
console.log('token', token);
})
.catch((err) => {
console.log(err);
});
import {authenticated} from 'jwt-active-directory';
// ... your code ...
app.get('*', authenticated({
allowed: ['*', 'Group 1', 'Antoher Group Allowed'], // list of groups allowed to enter this route
jwtKey: 'no-so-secret-key' // your jwt secret key
}), (req, res) => {
// your code
// access token with **req.token**
// do what you want we the new generate token
});
Middleware default options
options = {
allowed: [],
jwtKey: null,
queryKey: 'access_token',
bodyKey: 'access_token',
cookieKey: 'jwt_token',
headerKey: 'Bearer',
reqKey: 'token', // req.token
validateGroupKey: 'cn'
};
JWT validation depends only on validating the correct signature and that the token is unexpired.
This project is licensed under the MIT License - see the LICENSE.md file for details.
FAQs
Ssense JWT Active Directory Authenticator
We found that @ssense/jwt-active-directory demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware payment rates hit an all-time low in 2024 as law enforcement crackdowns, stronger defenses, and shifting policies make attacks riskier and less profitable.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.