azure-ad-verify-token
Advanced tools
Comparing version 1.0.1 to 1.1.0
@@ -5,2 +5,15 @@ # Changelog | ||
## [1.1.0](https://github.com/justinlettau/azure-ad-verify-token/compare/v1.0.1...v1.1.0) (2020-03-28) | ||
### Features | ||
* add cache expiry ([e58195b](https://github.com/justinlettau/azure-ad-verify-token/commit/e58195bc9e51357f96f88eee6a7331899f0d5369)), closes [#2](https://github.com/justinlettau/azure-ad-verify-token/issues/2) | ||
* optimise cache ([e381b29](https://github.com/justinlettau/azure-ad-verify-token/commit/e381b29e39e5630e98516b310eb06500ec436edd)), closes [#3](https://github.com/justinlettau/azure-ad-verify-token/issues/3) | ||
### Bug Fixes | ||
* update error messages ([f423e0d](https://github.com/justinlettau/azure-ad-verify-token/commit/f423e0dc3c6790ab1c214f4e7546ffa14656099d)) | ||
### [1.0.1](https://github.com/justinlettau/azure-ad-verify-token/compare/v1.0.0...v1.0.1) (2020-03-22) | ||
@@ -7,0 +20,0 @@ |
@@ -1,2 +0,3 @@ | ||
export * from './verify'; | ||
export { VerifyConfig } from './interfaces'; | ||
export { getConfig, setConfig } from './config'; | ||
export { verify } from './verify'; | ||
export { Config, VerifyOptions } from './interfaces'; |
"use strict"; | ||
function __export(m) { | ||
for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p]; | ||
} | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
__export(require("./verify")); | ||
var config_1 = require("./config"); | ||
exports.getConfig = config_1.getConfig; | ||
exports.setConfig = config_1.setConfig; | ||
var verify_1 = require("./verify"); | ||
exports.verify = verify_1.verify; | ||
//# sourceMappingURL=index.js.map |
/** | ||
* Verify configuration. | ||
* Configuration options. | ||
*/ | ||
export interface VerifyConfig { | ||
export interface Config { | ||
/** | ||
* Number of milliseconds to cache public keys. Default: 1 hour | ||
*/ | ||
cacheLifetime?: number; | ||
} | ||
/** | ||
* Verify options. | ||
*/ | ||
export interface VerifyOptions { | ||
/** | ||
* `jwk_uri` value obtained from B2C policy metadata endpoint. | ||
*/ | ||
jwksUri: string; | ||
/** | ||
* `issuer` value obtained from B2C policy metadata endpoint. | ||
*/ | ||
issuer: string; | ||
/** | ||
* Application ID of the application accessing the tenant. | ||
*/ | ||
audience: string; | ||
} | ||
/** | ||
* Public key cache item. | ||
*/ | ||
export interface CacheItem { | ||
/** | ||
* RSA public key result. | ||
*/ | ||
result: Promise<string>; | ||
/** | ||
* Resolve function from `value`'s promise. | ||
*/ | ||
done?: (value: string) => void; | ||
/** | ||
* Date, in milliseconds, the cache will be considered expired. | ||
*/ | ||
expiry: number; | ||
} | ||
/** | ||
* Azure json web key set. | ||
@@ -11,0 +46,0 @@ */ |
@@ -1,2 +0,2 @@ | ||
import { VerifyConfig } from './interfaces'; | ||
import { VerifyOptions } from './interfaces'; | ||
/** | ||
@@ -6,4 +6,4 @@ * Verify token. | ||
* @param token Token to verify. | ||
* @param config Configuration options. | ||
* @param options Configuration options. | ||
*/ | ||
export declare function verify(token: string, config: VerifyConfig): Promise<string | object>; | ||
export declare function verify(token: string, options: VerifyOptions): Promise<string | object>; |
@@ -9,7 +9,4 @@ "use strict"; | ||
var rsa_pem_from_mod_exp_1 = __importDefault(require("rsa-pem-from-mod-exp")); | ||
var cache_1 = require("./cache"); | ||
/** | ||
* Public key cache. | ||
*/ | ||
var cache = new Map(); | ||
/** | ||
* Get public key. | ||
@@ -21,17 +18,27 @@ * | ||
function getPublicKey(jwksUri, kid) { | ||
var publicKey = cache.get(kid); | ||
if (publicKey) { | ||
return Promise.resolve(publicKey); | ||
var item = cache_1.getItem(kid); | ||
if (item) { | ||
return item.result; | ||
} | ||
// immediately defer to prevent duplicate calls to get jwks | ||
cache_1.setDeferredItem(kid); | ||
return node_fetch_1.default(jwksUri) | ||
.then(function (res) { return res.json(); }) | ||
.then(function (res) { | ||
res.keys.forEach(function (item) { | ||
cache.set(item.kid, rsa_pem_from_mod_exp_1.default(item.n, item.e)); | ||
res.keys.forEach(function (key) { | ||
var existing = cache_1.getItem(key.kid); | ||
var pem = rsa_pem_from_mod_exp_1.default(key.n, key.e); | ||
if (existing && existing.done) { | ||
// deferred item | ||
existing.done(pem); | ||
} | ||
else { | ||
cache_1.setItem(key.kid, pem); | ||
} | ||
}); | ||
publicKey = cache.get(kid); | ||
if (!publicKey) { | ||
throw new Error('Could not find public key'); | ||
item = cache_1.getItem(kid); | ||
if (!item) { | ||
throw new Error('public key not found'); | ||
} | ||
return publicKey; | ||
return item.result; | ||
}); | ||
@@ -43,6 +50,6 @@ } | ||
* @param token Token to verify. | ||
* @param config Configuration options. | ||
* @param options Configuration options. | ||
*/ | ||
function verify(token, config) { | ||
var jwksUri = config.jwksUri, audience = config.audience, issuer = config.issuer; | ||
function verify(token, options) { | ||
var jwksUri = options.jwksUri, audience = options.audience, issuer = options.issuer; | ||
var decoded; | ||
@@ -55,13 +62,13 @@ var kid; | ||
catch (error) { | ||
return Promise.reject(error); | ||
return Promise.reject('invalid token'); | ||
} | ||
return getPublicKey(jwksUri, kid) | ||
.then(function (key) { return jsonwebtoken_1.default.verify(token, key, { | ||
algorithms: ['RS256'], | ||
audience: audience, | ||
issuer: issuer | ||
}); }); | ||
return getPublicKey(jwksUri, kid).then(function (key) { | ||
return jsonwebtoken_1.default.verify(token, key, { | ||
algorithms: ['RS256'], | ||
audience: audience, | ||
issuer: issuer, | ||
}); | ||
}); | ||
} | ||
exports.verify = verify; | ||
; | ||
//# sourceMappingURL=verify.js.map |
{ | ||
"name": "azure-ad-verify-token", | ||
"version": "1.0.1", | ||
"version": "1.1.0", | ||
"description": "Verify JWT issued by Azure Active Directory B2C.", | ||
@@ -49,3 +49,3 @@ "keywords": [ | ||
"@justinlettau/tslint-config": "^0.1.0", | ||
"@types/jasmine": "^3.5.9", | ||
"@types/jasmine": "^3.5.10", | ||
"@types/jsonwebtoken": "^8.3.8", | ||
@@ -58,6 +58,6 @@ "@types/node-fetch": "^2.5.5", | ||
"nyc": "^15.0.0", | ||
"prettier": "^1.19.1", | ||
"prettier": "^2.0.2", | ||
"pretty-quick": "^2.0.1", | ||
"standard-version": "^7.1.0", | ||
"ts-node": "^8.7.0", | ||
"ts-node": "^8.8.1", | ||
"tslint": "^6.1.0", | ||
@@ -64,0 +64,0 @@ "tslint-config-prettier": "^1.18.0", |
[![NPM Version](https://badge.fury.io/js/azure-ad-verify-token.svg)](https://badge.fury.io/js/azure-ad-verify-token) | ||
![CI](https://github.com/justinlettau/azure-ad-verify-token/workflows/CI/badge.svg) | ||
[![Dependency Status](https://david-dm.org/justinlettau/azure-ad-verify-token.svg)](https://david-dm.org/justinlettau/azure-ad-verify-token) | ||
[![Dev Dependency Status](https://david-dm.org/justinlettau/azure-ad-verify-token/dev-status.svg)](https://david-dm.org/justinlettau/js-rules-engine?type=dev) | ||
[![Dev Dependency Status](https://david-dm.org/justinlettau/azure-ad-verify-token/dev-status.svg)](https://david-dm.org/justinlettau/zure-ad-verify-token?type=dev) | ||
[![Codecov](https://codecov.io/gh/justinlettau/azure-ad-verify-token/branch/master/graph/badge.svg)](https://codecov.io/gh/justinlettau/azure-ad-verify-token) | ||
@@ -24,2 +24,3 @@ | ||
- 💪 Written in **TypeScript**. | ||
- ♻️ **Configurable cache** for public keys. | ||
@@ -34,6 +35,8 @@ # Installation | ||
### Verify | ||
```ts | ||
import { verify, VerifyConfig } from 'azure-ad-verify-token'; | ||
import { verify, VerifyOptions } from 'azure-ad-verify-token'; | ||
const config: VerifyConfig = { | ||
const options: VerifyOptions = { | ||
jwksUri: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_signupsignin1', | ||
@@ -44,3 +47,3 @@ issuer: 'https://contoso.b2clogin.com/3285c484-dce5-4abb-a341-bbe4f2bc8554/v2.0/', | ||
verify(token, config) | ||
verify(token, options) | ||
.then(decoded => { | ||
@@ -56,3 +59,3 @@ // verified and decoded token | ||
Configuration options: | ||
Verify options: | ||
@@ -66,5 +69,22 @@ | Property | Type | Description | | ||
Example metadata endpoints: | ||
- https://login.microsoftonline.com/common/.well-known/openid-configuration | ||
- https://login.microsoftonline.com/common/discovery/keys | ||
### Configuration | ||
```ts | ||
import { setConfig } from 'azure-ad-verify-token'; | ||
setConfig({ | ||
cacheLifetime: 12 * (60 * 60 * 1000) // 12 hours | ||
}); | ||
``` | ||
Configuration options: | ||
| Property | Type | Description | Default | | ||
| --------------- | -------- | -------------------------------------------- | ------- | | ||
| `cacheLifetime` | `number` | Number of milliseconds to cache public keys. | 1 hour | | ||
# References | ||
@@ -71,0 +91,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
19193
19
315
97
1