Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
axios-azure-token-store
Advanced tools
An axios interceptor that adds Azure token store authentication
This module is for use by web applications that are secured using the Azure App Service Authentication and Authorization feature and make API calls using the axios HTTP client. It obtains an access token from the Azure App Service Token Store and adds it as the bearer token to all axios requests. In addition, it can also be used as a Vue.js plugin (see the Vue.js Plugin section below).
Install this package into your web application, making sure that it is part of your distribution using a tool such as webpack or brunch.
npm install axios-azure-token-store
The recommended approach is to create a new axios instance that handles all of your API requests. Then, use the axios-azure-token-store
utility to add the interceptor as follows:
import tokenStore from 'axios-azure-token-store';
const client = axios.create();
tokenStore.addInterceptor(client); // adds the axios interceptor
Now, for every request, the Authorization
header is added with the access token obtained from the /.auth/me
endpoint as the bearer token. The access token is refreshed if required by a call to the /.auth/refresh
endpoint.
client.get('/api/data'); // authentication is handled automatically
There are two utility methods, getTokens()
and getClaim(typ)
. Each of these returns a promise.
Returns a promise resolved with the tokens returned from the /.auth/me
endpoint. This is the same method that is called internally by the axios interceptor.
Searches through the user_claims
property of the tokens obtained by calling getTokens()
and returns an array of claim values maching the specified typ
. This is a synchronous call. You must call getTokens()
before calling this method. Returns an empty array if no claims were found.
Searches through the user_claims
property of the tokens obtained by calling getTokens()
and returns the value of the first claim value maching the specified typ
. This is a synchronous call. You must call getTokens()
before calling this method. Returns null if no claim was found.
This module can also be used as a Vue.js plugin.
import tokenStore from `axios-azure-token-store`;
Vue.use(tokenStore);
The token store instance is now available on the Vue instance.
this.$tokenStore.getClaim('name').then(name => {
console.log(name);
});
MIT License
Copyright (c) 2018 Frank Hellwig
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
An axios interceptor that adds Azure token store authentication
The npm package axios-azure-token-store receives a total of 0 weekly downloads. As such, axios-azure-token-store popularity was classified as not popular.
We found that axios-azure-token-store demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.