auth0-api-tokens - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

package.json

 {
   "name": "auth0-api-tokens",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Library that given a Auth0 global client credentials allows users to generate JWT tokens for API v2",
@@ -5,0 +5,0 @@ "main": "index.js",

README.md

 # auth0-api-tokens ![build status](https://travis-ci.org/auth0/auth0-api-tokens.svg?branch=master)
 
-Library that given a Auth0 global client credentials allows users to generate JWT tokens for API v2.
+Library that given Auth0 global client credentials allows users to generate JWT tokens for API v2.
 
@@ -17,10 +17,13 @@ You can read more about API v2 tokens in [this blog post](https://auth0.com/blog/2014/12/02/using-json-web-tokens-as-api-keys/) and in the [API explorer](https://docs.auth0.com/apiv2).
 var createToken = require('auth0-api-tokens')({
-    clientId: '{YOUR_GLOBAL_CLIENT_ID}',
-    clientSecret: '{YOUR_GLOBAL_CLIENT_Secret}',
-}, TOKEN_EXPIRATION_IN_SECONDS)
+  clientId: '{YOUR_GLOBAL_CLIENT_ID}',
+  clientSecret: '{YOUR_GLOBAL_CLIENT_Secret}',
+})
 
 // each key is an entity, each array element is an action
 var token = createToken({
+	scopes: {
     users: ['read', 'write'],
     clients: ['delete']
+	},
+	lifetimeInSeconds: TOKEN_EXPIRATION_IN_SECONDS
 });
@@ -44,2 +47,2 @@
 
-This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
+This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.

src/index.js

@@ -7,15 +7,16 @@ var jwt = require('jsonwebtoken');
 module.exports = function(credentials){
-  return function(scopes, lifetimeInSeconds){
-    lifetimeInSeconds = lifetimeInSeconds || DEFAULT_LIFETIME_IN_SECONDS;
-    var payload = {
-      iat: Math.floor(Date.now() / 1000),
-      scopes: Object.keys(scopes).reduce(function(c,v){
-        c[v] = {
-          actions: scopes[v]
-        };
+  return function(params){
+    var lifetimeInSeconds = params.lifetimeInSeconds || DEFAULT_LIFETIME_IN_SECONDS;
+    var scopes = params.scopes || {};
 
-        return c;
-      }, {})
-    };
+    var payload = params.extra_claims || {};
+    payload.iat = Math.floor(Date.now() / 1000);
+    payload.scopes = Object.keys(scopes).reduce(function(c,v){
+      c[v] = {
+        actions: scopes[v]
+      };
 
+      return c;
+    }, {});
+
     payload.jti = crypto
@@ -22,0 +23,0 @@ .createHash('md5')

test/index.tests.js

@@ -13,5 +13,11 @@ var expect = require('chai').expect;
     token = createToken({
-      users: [ 'read', 'update' ],
-      clients: [ 'delete' ]
-    }, 3600);
+      scopes: {
+        users: [ 'read', 'update' ],
+        clients: [ 'delete' ]
+      },
+      lifetimeInSeconds: 3600,
+      extra_claims: {
+        foo: 'bar'
+      }
+    });
 
@@ -50,2 +56,6 @@ decodedToken = jws.decode(token);
   });
+
+  it('should set extra claims', function(){
+    expect(payload.foo).to.equal('bar');
+  });
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6107

increased by4.77%

Lines of code

73

increased by14.06%

Number of lines in readme file

47

increased by9.3%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes