cidp-node-api-sdk
Advanced tools
Readme
A library for application built using node js. Is used to authorize requests to api resources by validating access token.
Features:
Common tasks are present as npm scripts:
npm run build to build the librarynpm run start to run a server with the demo app using expressnpm run test run unit testsdemo/
├── app.js
lib/
├── index.js
└── services/
└── claimService.js
└── jwtService.js
Files inside lib/ "belong" to library, while demo/ contains demo applications that loads the library.
Libraries do not run by themselves, so it's very useful to have this "demo" apps while developing to see how your library would look like to consumers.
You can build the library by running npm run build.
This will generate a dist/ directory with all the entry points described above.
All the logic for creating the build can be found in ./gulpfile.js. It consists of:
The CIDP API NODE SDK includes a directory called test containing unit tests to verify it works.
To run the unit tests, do npm run test
Install node package in your app : npm install cidp-node-api-sdk --save
Import the module in your app. Set the authSettings properties to match the server configuration.
var cidp = require('cidp-node-api-sdk');
var app = express();
//Settings defines
//1.authorityURI - a CIDP instance uri, used by sdk to check if token issuer is a trusted one
//2.The received token should have the required audiece in order to be authorized
var settings = {
authorityUri: "IdentityServerUri",
audience: "audience"
};
// use validateJwt middleware to:
//1.Retrieve from authorityUri trusted issuer host names
//2.Check if token issuer host name is trusted
//3.Connect to issuer that generate the received access token
//4.Get metadata about token signing key.
//5.Validate token is not expired and is valid for the audience specified
app.use(cidp.validateJwt(settings));
//use hasClaim middleware to check token contains the claim
//hasClaim(claimKey,claimValue)
//claimValue should be an array of strings.It allows to give access to profile resource if user role is Admin or Dev
app.get('/profile', cidp.hasClaim('role', ['Admin','Dev']), function (req, res) {
const user = req.user;
return res.json(user);
});
//or we can grant access to profile resource if token has profile scope
app.get('/profile', cidp.hasClaim('scope', ['profile']), function (req, res) {
const user = req.user;
return res.json(user);
});
FAQs
JWT validator middleware to authorize requests to api resources
The npm package cidp-node-api-sdk receives a total of 1 weekly downloads. As such, cidp-node-api-sdk popularity was classified as not popular.
We found that cidp-node-api-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.