byu-jwt
This package provides helpful functions for using validating and using BYU's JWTs.
Requires Node 8 or above
Table of Contents
Migrate from v1 to v2
- Update to Node 8 or above
Migrate from v2 to v3
getPublicKey
has been removed - If you were using it, look into the new getPem
function- Ensure that the
openssl
shipped with your version of Node supports the algorithms you need - We're now using that instead of expecting an openssl
executable to be found on the system.
API
Constructor
ByuJWT ([ options ])
Parameters
Returns an instance of the ByuJWT
Authenticate
Check the headers to see if the requester is authenticated.
ByuJWT.prototype.authenticate ( headers )
Parameters
Returns a promise that, if authenticated, resolves to an object with some of these properties:
-
current - The current client's decoded JWT.
-
original - The original client's decoded JWT. This property may not be defined.
-
originalJWT - The JWT string provided by the original requester, or if that doesn't exist then of the current client.
-
claims - A decoded JWT's primary claim, prioritied in this order:
- Original resource owner
- Current resource owner
- Original client
- Current client
Authenticate University API Middleware
A middleware that will check if the request has authentication and will either add the property verifiedJWTs
to the request or will respond to the request with a 401
or 500
response code.
ByuJWT.prototype.authenticateUAPIMiddleware
Parameters
-
req - The request object.
-
res - The response object.
-
next - The next function.
Returns undefined
const express = require('express')
const byuJwt = require('byu-jwt')()
const app = express()
app.use(byuJwt.authenticateUAPIMiddleware)
const listener = app.listen(3000, err => {
if (err) {
console.error(err.stack)
} else {
console.log('Server listening on port ' + listener.address().port)
}
})
Decode JWT
Verify and decode a JWT.
ByuJWT.prototype.decodeJWT ( jwt )
Parameters
- jwt - A JWT
string
to validate and decode.
Returns a promise that, if valid, resolves to an object with these properties:
-
client - An object that contains the client claims. It has the following properties: byuId
, claimSource
, netId
, personId
, preferredFirstName
, prefix
, restofName
, sortName
, subscriberNetId
, suffix
, surname
, surnamePosition
-
claims - The primary claims object, prefering resource owner first and client second.
-
raw - The raw claims aquired by validating the JWT.
-
resourceOwner - The resource owner claims (if a resource owner is defined). It has the following properties: byuId
, netId
, personId
, preferredFirstName
, prefix
, restofName
, sortName
, suffix
, surname
, surnamePosition
-
wso2- Claims specific to WSO2.It has the following properties: apiContext
, application.id
, application.name
, application.tier
, clientId
, endUser
, endUserTenantId
, keyType
, subscriber
, tier
, userType
, version
Get OpenId Configuration
Get the OpenID configuration from the well known url.
ByuJWT.prototype.getOpenIdConfiguration ()
Parameters None
Returns a promise that resolves to the OpenID configuration.
Get Pem
Get the certificate for the OpenID configuration, in .pem format.
ByuJWT.prototype.getPem ()
Parameters None
Returns a promise that resolves to the pem string
.
Verify JWT
Check to see if a JWT is valid.
ByuJWT.prototype.verifyJWT ( jwt )
Parameters
- jwt - A JWT
string
to verify.
Returns a promise that resolves to a boolean
.
Cache Time to Live
Get or set the cache time to live. The cache only affects how often the OpenID configuration is redownloaded.
const byuJwt = require('byu-jwt')()
byuJWT.cacheTTL = 15
Static Constants
The following properties are accessible on the ByuJWT object without needing an instantiated object.
-
BYU_JWT_HEADER_CURRENT - The header name for the current JWT.
-
BYU_JWT_HEADER_ORIGINAL - The header name for the original JWT.
-
AuthenticationError - A reference to the AuthenticationError constructor.
-
JsonWebTokenError - A reference to the JsonWebTokenError constructor.
-
NotBeforeError - A reference to the NotBeforeError constructor.
-
TokenExpiredError - A reference to the TokenExpiredError constructor.
const ByuJWT = require('byu-jwt')
console.log(ByuJWT.BYU_JWT_HEADER_CURRENT)
Testing
To test this library:
-
Run npm install
-
Set the TOKEN
environment variable
-
Run npm test