Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
brightspace-auth-token
Advanced tools
brightspace-auth-token
Usage
const AuthToken = require('brightspace-auth-token');
// See brightspace-auth-validation to do this for you!
function authorizeRequest(req) {
const signature = req.headers.authorization.match(/Bearer (.+)/)[1];
const payload = parseAndValidateSignature(signature);
return new AuthToken(payload, signature);
}
require('http')
.createServer((req, res) => {
const token = authorizeRequest(req);
if (!token.hasScope('random', 'greetings', 'read')) {
res.statusCode = 403;
res.end('You don\'t have sufficient scope!\n');
return;
}
let msg;
if (token.isUserContext()) {
msg = 'Hello user!\n';
} else if (token.isTenantContext()) {
msg = 'Hello service, acting at the tenant level!\n';
} else if (token.isGlobalContext()) {
msg = 'Hello service, maintaining all of our systems!\n';
}
res.statusCode = 200;
res.end(msg);
})
.listen(3000);
API
new AuthToken(Object decodedPayload, String source) -> AuthToken
decodedPayload should be an already verified and parsed JWT body. source should be the signature from which the payload was retrieved.
.user -> String|Undefined
The identifier for the user this token belongs to. Not present outside of user context.
.tenant -> String|Undefined
The tenant UUID this token belongs to. Not present outside of user and tenant contexts.
.actualUser -> String|Undefined
The identifier for the acting user. For convenience, this will always be the
same as user except in the case of impersonation. Not present outside of
user context.
.azp -> String|Undefined
The identifier for the party to whom this token was issued. If present it will contain the OAuth 2.0 Client ID of the party. The identifier is a case-sensitive string which may be a URI value.
.isGlobalContext() -> Boolean
.isTenantContext() -> Boolean
.isUserContext() -> Boolean
.isImpersonating() -> Boolean
.context -> String
.hasScope(String group, String resource, String permission) -> Boolean
.scope -> Map
.cacheKey -> String
A normalized string which could be used as part of cache keys when caching resources.
.source -> String
The source signature provider when creating the token.
FAQs
Helper for interacting with an incoming Brightspace JWT
The npm package brightspace-auth-token receives a total of 98 weekly downloads. As such, brightspace-auth-token popularity was classified as not popular.
We found that brightspace-auth-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 May 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025