byu-jwt
This package provides helpful functions for using validating and using BYU's JWTs.
Requires Node 8 or above
Table of Contents
Migrate from v1 to v2
- Update to Node 8 or above
Migrate from v2 to v3
getPublicKey
has been removed - If you were using it, look into the new getPem
function- Ensure that the
openssl
shipped with your version of Node supports the algorithms you need - We're now using that instead of expecting an openssl
executable to be found on the system.
- This is probably a non-issue because our JWTs have been using RSA-256, which
openssl
has supported for years.
API
Constructor
ByuJWT ([ options ])
Parameters
Returns an instance of the ByuJWT
Authenticate
Check the headers to see if the requester is authenticated.
ByuJWT.prototype.authenticate ( headers )
Parameters
Returns a promise that, if authenticated, resolves to an object with some of these properties:
-
current - The current client's decoded JWT.
-
original - The original client's decoded JWT. This property may not be defined.
-
originalJWT - The JWT string provided by the original requester, or if that doesn't exist then of the current client.
-
claims - A decoded JWT's primary claim, prioritied in this order:
- Original resource owner
- Current resource owner
- Original client
- Current client
Authenticate University API Middleware
A middleware that will check if the request has authentication and will either add the property verifiedJWTs
to the request or will respond to the request with a 401
or 500
response code.
ByuJWT.prototype.authenticateUAPIMiddleware
Parameters
-
req - The request object.
-
res - The response object.
-
next - The next function.
Returns undefined
const express = require('express')
const byuJwt = require('byu-jwt')()
const app = express()
app.use(byuJwt.authenticateUAPIMiddleware)
const listener = app.listen(3000, err => {
if (err) {
console.error(err.stack)
} else {
console.log('Server listening on port ' + listener.address().port)
}
})
Decode JWT
Verify and decode a JWT.
ByuJWT.prototype.decodeJWT ( jwt )
Parameters
- jwt - A JWT
string
to validate and decode.
Returns a promise that, if valid, resolves to an object with these properties:
-
client - An object that contains the client claims. It has the following properties: byuId
, claimSource
, netId
, personId
, preferredFirstName
, prefix
, restofName
, sortName
, subscriberNetId
, suffix
, surname
, surnamePosition
-
claims - The primary claims object, prefering resource owner first and client second.
-
raw - The raw claims aquired by validating the JWT.
-
resourceOwner - The resource owner claims (if a resource owner is defined). It has the following properties: byuId
, netId
, personId
, preferredFirstName
, prefix
, restofName
, sortName
, suffix
, surname
, surnamePosition
-
wso2- Claims specific to WSO2.It has the following properties: apiContext
, application.id
, application.name
, application.tier
, clientId
, endUser
, endUserTenantId
, keyType
, subscriber
, tier
, userType
, version
Get OpenId Configuration
Get the OpenID configuration from the well known url.
ByuJWT.prototype.getOpenIdConfiguration ()
Parameters None
Returns a promise that resolves to the OpenID configuration.
Get Pem
DEPRECATED
Avoid use of this function because it may not always return the certificate you're hoping for.
Get the certificate for the OpenID configuration, in .pem format.
ByuJWT.prototype.getPem ()
Parameters None
Returns a promise that resolves to the first certificate pem string
.
Verify JWT
Check to see if a JWT is valid.
ByuJWT.prototype.verifyJWT ( jwt )
Parameters
- jwt - A JWT
string
to verify.
Returns a promise that resolves to a boolean
.
Cache Time to Live
Get or set the cache time to live. The cache only affects how often the OpenID configuration is redownloaded.
const byuJwt = require('byu-jwt')()
byuJWT.cacheTTL = 15
Static Constants
The following properties are accessible on the ByuJWT object without needing an instantiated object.
-
BYU_JWT_HEADER_CURRENT - The header name for the current JWT.
-
BYU_JWT_HEADER_ORIGINAL - The header name for the original JWT.
-
AuthenticationError - A reference to the AuthenticationError constructor.
-
JsonWebTokenError - A reference to the JsonWebTokenError constructor.
-
NotBeforeError - A reference to the NotBeforeError constructor.
-
TokenExpiredError - A reference to the TokenExpiredError constructor.
const ByuJWT = require('byu-jwt')
console.log(ByuJWT.BYU_JWT_HEADER_CURRENT)
Testing
To test this library:
-
Run npm install
-
Set the TOKEN
environment variable
-
Run npm test