brightspace-auth-token
Advanced tools
const AuthToken = require('brightspace-auth-token');
// See brightspace-auth-validation to do this for you!
function authorizeRequest(req) {
const signature = req.headers.authorization.match(/Bearer (.+)/)[1];
const payload = parseAndValidateSignature(signature);
return new AuthToken(payload, signature);
}
require('http')
.createServer((req, res) => {
const token = authorizeRequest(req);
if (!token.hasScope('random', 'greetings', 'read')) {
res.statusCode = 403;
res.end('You don\'t have sufficient scope!\n');
return;
}
let msg;
if (token.isUserContext()) {
msg = 'Hello user!\n';
} else if (token.isTenantContext()) {
msg = 'Hello service, acting at the tenant level!\n';
} else if (token.isGlobalContext()) {
msg = 'Hello service, maintaining all of our systems!\n';
}
res.statusCode = 200;
res.end(msg);
})
.listen(3000);
new AuthToken(Object decodedPayload, String source) -> AuthTokendecodedPayload should be an already verified and parsed JWT body. source should be the signature from which the payload was retrieved.
.user -> String|UndefinedThe identifier for the user this token belongs to. Not present outside of user context.
.tenant -> String|UndefinedThe tenant UUID this token belongs to. Not present outside of user and tenant contexts.
.actualUser -> String|UndefinedThe identifier for the acting user. For convenience, this will always be the
same as user except in the case of impersonation. Not present outside of
user context.
.azp -> String|UndefinedThe identifier for the party to whom this token was issued. If present it will contain the OAuth 2.0 Client ID of the party. The identifier is a case-sensitive string which may be a URI value.
.isGlobalContext() -> Boolean.isTenantContext() -> Boolean.isUserContext() -> Boolean.isImpersonating() -> Boolean.context -> String.hasScope(String group, String resource, String permission) -> Boolean.scope -> Map.cacheKey -> StringA normalized string which could be used as part of cache keys when caching resources.
.source -> StringThe source signature provider when creating the token.
FAQs
Helper for interacting with an incoming Brightspace JWT
The npm package brightspace-auth-token receives a total of 271 weekly downloads. As such, brightspace-auth-token popularity was classified as not popular.
We found that brightspace-auth-token demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.
Security News
AGENTS.md is a fast-growing open format giving AI coding agents a shared, predictable way to understand project setup, style, and workflows.