bearer-token-parser
This is a Bearer token authentication module that you can use with the Express framework.
Installation
npm i bearer-token-parser
API
See API.md for API reference.
Release Notes
All changes can be found here.
Quick Start
There is a sample app in "./example" to try token authentication.
- Move to the example directory.
cd example/
- Install dependencies.
npm install
- Start the app.
npm start
- You can send an authentication request with curl.
- Correct token
curl -I -H 'Authorization: Bearer mytoken123' http://localhost:3000/auth
- Wrong token
curl -I -H 'Authorization: Bearer mytoken456' http://localhost:3000/auth
- Missing Authorization header
curl -I http://localhost:3000/auth
- Authorization header but no Token
curl -I -H 'Authorization: Bearer ' http://localhost:3000/auth
Usage
-
An example of an Express framework.
BearerParser can also be used with other frameworks.
import express from 'express';
import {BearerParser} from 'bearer-token-parser';
const router = express.Router();
router.post('/', async (req, res) => {
const token = BearerParser.parseBearerTokenHeader(req);
res.json(true);
});
app.use('/', router)
-
This is an example of validation of Bearer tokens.
BearerValidator
is a module dedicated to the Express framework.
In case of verification error, the following response is automatically returned.
HTTP status | WWW-Authenticate response header | Descritpion |
---|
401 Unauthorized | Bearer realm="Your realm name", error="token_required" | If the token locale is Header and there is no Authorization header. or if the token localization is Body /Query and there is no token parameter. |
401 Unauthorized | Bearer realm="Your realm name", error="invalid_token", error_description="Token format error" | If the Bearer token is empty or incorrect as token68 format. |
401 Unauthorized | Bearer realm="Your realm name", error="invalid_token", error_description="Token cannot be authenticated" | If the token is unregistered or invalid and cannot be authenticated. This is the case when the return value of the optional tokenCheckCallback method is FALASE. |
400 Bad Request | Bearer realm="Your realm name", error="invalid_request" | In case of request body validation error. This is the case when the return value of the optional requestParameterCheck method is FALASE. |
import express from 'express';
import {BearerParser, BearerValidator} from 'bearer-token-parser';
import {body, validationResult} from 'express-validator';
const router = express.Router();
router.post('/', [
body('email').isEmail(),
body('name').isLength({min: 1, max: 20}),
BearerValidator.validation({
realm: 'myapi',
tokenCheckCallback: async (token) => {
return token === '<Your Bearer token>';
},
requestParameterCheck: (req) => {
const errors = validationResult(req);
return errors.isEmpty();
}
}),
], async (req, res) => {
const token = BearerParser.parseBearerTokenHeader(req);
res.json(true);
});
app.use('/', router)
Testing
With npm do:
npm test
Author
Takuya Motoshima
License
MIT