Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

brightspace-auth-token

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

brightspace-auth-token

Helper for interacting with an incoming Brightspace JWT

  • 7.0.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
536
decreased by-29.57%
Maintainers
1
Weekly downloads
 
Created
Source

brightspace-auth-token

Build Status

Usage

const AuthToken = require('brightspace-auth-token');

// See brightspace-auth-validation to do this for you!
function authorizeRequest(req) {
	const signature = req.headers.authorization.match(/Bearer (.+)/)[1];
	const payload = parseAndValidateSignature(signature);

	return new AuthToken(payload, signature);
}

require('http')
	.createServer((req, res) => {
		const token = authorizeRequest(req);

		if (!token.hasScope('random', 'greetings', 'read')) {
			res.statusCode = 403;
			res.end('You don\'t have sufficient scope!\n');
			return;
		}

		let msg;
		if (token.isUserContext()) {
			msg = 'Hello user!\n';
		} else if (token.isTenantContext()) {
			msg = 'Hello service, acting at the tenant level!\n';
		} else if (token.isGlobalContext()) {
			msg = 'Hello service, maintaining all of our systems!\n';
		}

		res.statusCode = 200;
		res.end(msg);
	})
	.listen(3000);

API


new AuthToken(Object decodedPayload, String source) -> AuthToken

decodedPayload should be an already verified and parsed JWT body. source should be the signature from which the payload was retrieved.


.user -> String|Undefined

The identifier for the user this token belongs to. Not present outside of user context.


.tenant -> String|Undefined

The tenant UUID this token belongs to. Not present outside of user and tenant contexts.


.actualUser -> String|Undefined

The identifier for the acting user. For convenience, this will always be the same as user except in the case of impersonation. Not present outside of user context.


.isGlobalContext() -> Boolean

.isTenantContext() -> Boolean

.isUserContext() -> Boolean

.isImpersonating() -> Boolean

.context -> String

.hasScope(String group, String resource, String permission) -> Boolean

.scope -> Map

.cacheKey -> String

A normalized string which could be used as part of cache keys when caching resources.


.source -> String

The source signature provider when creating the token.

FAQs

Package last updated on 15 May 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc