jwt-authentication - npm Package Compare versions

Comparing version 0.1.1 to 0.2.0

docs/API.md

@@ -116,3 +116,4 @@ #Index
 If the subject is generating tokens for itself the `sub` and `iss` should be the same.  
-  - aud `String` - Audience. The value that identifies the resource server.  
+  - aud `String` - Audience. The value that identifies the resource server. This can
+also be an array of strings when the token is intended for multiple resource servers.  
 - options `Object`  
@@ -151,3 +152,4 @@ - privateKey `String` - The private key to use when generating the token.
 If the subject is generating tokens for itself the `sub` and `iss` should be the same.  
-  - aud `String` - Audience. The value that identifies the resource server.  
+  - aud `String` - Audience. The value that identifies the resource server. This can also
+be an array of strings when the token is intended for multiple resource servers.  
 - options `Object`  
@@ -154,0 +156,0 @@ - privateKey `String` - The private key to use when generating the token.

docs/CHANGELOG.md

@@ -0,1 +1,10 @@
+<a name"0.2.0"></a>
+## 0.2.0 (2016-06-07)
+
+
+#### Features
+
+* Support an array of strings as an audience along with a single string value ([f2e54b1e](https://bitbucket.org/atlassianlabs/jwt-authentication/commits/f2e54b1ead7340154b7be53c4dba6a6f17457552))
+
+
 <a name"0.1.1"></a>
@@ -2,0 +11,0 @@ ### 0.1.1 (2016-01-27)

lib/client/jwt-generator.js

 var jsonWebToken = require('../jwt-authentication/json-web-token');
 var _ = require('lodash');
 
+var getRequiredClaimsValidators = function() {
+    return [
+        function (claims) {
+            return _.isString(claims.iss);
+        },
+        function (claims) {
+            return _.isString(claims.sub);
+        },
+        function (claims) {
+            return _.isString(claims.aud) || _.isArray(claims.aud);
+        }
+    ];
+};
+
 var validateClaims = function(claims) {
-    var requiredClaims = ['iss', 'sub', 'aud'];
-    var allRequiredClaimsProvided = _.every(requiredClaims, function (claim) {
-        return claims && _.isString(claims[claim]);
+    var allRequiredClaimsProvided = _.every(getRequiredClaimsValidators(), function (claimValidator) {
+        return claims && claimValidator(claims);
     });
@@ -53,3 +66,4 @@ if (!allRequiredClaimsProvided) {
      * If the subject is generating tokens for itself the `sub` and `iss` should be the same.
-     * @param {String} claims.aud - Audience. The value that identifies the resource server.
+     * @param {String} claims.aud - Audience. The value that identifies the resource server. This can
+     * also be an array of strings when the token is intended for multiple resource servers.
      * @param {Object} options
@@ -117,3 +131,4 @@ * @param {String} options.privateKey - The private key to use when generating the token.
      * If the subject is generating tokens for itself the `sub` and `iss` should be the same.
-     * @param {String} claims.aud - Audience. The value that identifies the resource server.
+     * @param {String} claims.aud - Audience. The value that identifies the resource server. This can also
+     * be an array of strings when the token is intended for multiple resource servers.
      * @param {Object} options
@@ -120,0 +135,0 @@ * @param {String} options.privateKey - The private key to use when generating the token.

lib/server/validator/jwt-claims-validator.js

@@ -55,3 +55,7 @@ var currentTime = require('../../common/current-time');
 var audienceValidation = function(audience, resourceServerAudience) {
-    if (audience !== resourceServerAudience) {
+    if (!_.isArray(audience)) {
+        audience = [audience];
+    }
+
+    if (audience.indexOf(resourceServerAudience) === -1) {
         return q.reject(new Error('Unrecognised audience'));
@@ -58,0 +62,0 @@ }

lib/server/validator/jwt-validator.js

@@ -88,3 +88,3 @@ var jsonWebToken = require('../../jwt-authentication/json-web-token');
         if (!verifiableToken) {
-            return callback(new Error('Token could not pe parsed'));
+            return callback(new Error('Token could not be parsed'));
         }
@@ -91,0 +91,0 @@

package.json

 {
   "name": "jwt-authentication",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Library that is used to create and verify json web tokens for service to service authentication purposes.",
@@ -5,0 +5,0 @@ "main": "index.js",

test/integration/jwt-auth-middleware.spec.js

@@ -46,2 +46,17 @@ var fs = require('fs');
 
+    it('should authenticate valid token with audience array', function (done) {
+        var claims = {iss: 'an-issuer', sub: 'an-issuer', aud: ['an-audience', 'another-audience']};
+        var options = {kid: 'an-issuer/public.pem', privateKey: privateKey};
+        invokeGenerateToken(claims, options, function (error, headerValue) {
+            requestWithAuthHeader(headerValue)
+                .then(function(responseAndBody) {
+                    var response = responseAndBody[0];
+                    var body = responseAndBody[1];
+                    expect(body).toBe('Ok');
+                    expect(response.statusCode).toBe(200);
+                    done();
+                }).fail(failTest(done));
+        });
+    });
+
     it('should return 401, if the token is invalid', function (done) {
@@ -48,0 +63,0 @@ var claims = {iss: 'an-issuer', sub: 'an-issuer', aud: 'an-audience'};

test/integration/jwt-authentication.spec.js

@@ -56,2 +56,24 @@ var _ = require('lodash');
 
+        it('should create a correctly signed jwt token with audience as an array', function (done) {
+            var claims = {
+                iss: 'an-issuer',
+                sub: 'a-subject',
+                aud: ['an-audience', 'another-audience'],
+                foo: 'abc',
+                bar: 123
+            };
+            var options = {kid: 'path/to/publicKey', privateKey: privateKey};
+            generateToken(claims, options, function (error, token) {
+                expect(error).toBeNull('error');
+
+                var actualClaims = validateJwtToken(token, 'public');
+                expect(actualClaims.iss).toEqual('an-issuer');
+                expect(actualClaims.sub).toEqual('a-subject');
+                expect(actualClaims.aud).toEqual(['an-audience', 'another-audience']);
+                expect(actualClaims.foo).toEqual('abc');
+                expect(actualClaims.bar).toEqual(123);
+                done();
+            });
+        });
+
         it('should contain the kid header in the token', function (done) {
@@ -58,0 +80,0 @@ var claims = {iss: 'an-issuer', sub: 'a-subject', aud: 'an-audience', foo: 'abc', bar: 123};

test/unit/client/jwt-generator.spec.js

@@ -46,2 +46,14 @@ var q = require('q');
 
+        it('should create a jwt token with audience as an array', function (done) {
+            var claims = {iss: 'iss', sub: 'sub', aud: ['aud1', 'aud2'], foo: 'bar'};
+            var options = {kid: 'kid', privateKey: 'key'};
+            generateToken(claims, options, function () {
+                var expectedClaims = {iss: 'iss', sub: 'sub', aud: ['aud1', 'aud2'], foo: 'bar'};
+                var expectedOptions = {expiresInSeconds: undefined, kid: 'kid', privateKey: 'key',
+                    iat: undefined, notBefore: undefined};
+                expect(jsonWebToken.create).toHaveBeenCalledWith(expectedClaims, expectedOptions);
+                done();
+            });
+        });
+
         it('should allow the expiry to be set on the token', function (done) {
@@ -48,0 +60,0 @@ var claims = {iss: 'iss', sub: 'sub', aud: 'aud'};

test/unit/server/validator/jwt-claims-validator.spec.js

@@ -16,2 +16,12 @@ var specHelpers = require('../../support/spec-helpers');
 
+var VALID_JWT_CLAIMS_WITH_AUD_ARR = {
+    'iss': 'an-issuer',
+    'sub': 'an-issuer',
+    'aud': ['an-audience', 'another-audience'],
+    'jti': '1a880a9a38ab4890044a7b8f06baefca34bbf6e3',
+    'iat': NOW,
+    'exp': NOW + 30,
+    'nbf': NOW
+};
+
 var VALID_JWT_HEADER = {
@@ -89,2 +99,14 @@ kid: 'an-issuer/key.pem'
 
+    it('should reject jwt if the audience array is invalid', function(done) {
+        var invalidToken = _.clone(VALID_JWT_CLAIMS_WITH_AUD_ARR);
+        invalidToken.aud = ['invalid-audience-1', 'invalid-audience-1'];
+        validator.validate([VALID_ISSUER], VALID_AUD, VALID_JWT_HEADER, invalidToken)
+            .then(failTest(done))
+            .fail(function(error) {
+                expect(error).toBeDefined();
+                expect(error.message).toBe('Unrecognised audience');
+                done();
+            });
+    });
+
     it('should reject jwt that was issued immediately after its expiry', function(done) {
@@ -200,2 +222,11 @@ var invalidToken = _.clone(VALID_JWT_CLAIMS);
     });
+
+    it('should accept a valid jwt token with an audience array in claims', function(done) {
+        validator.validate([VALID_ISSUER], VALID_AUD, VALID_JWT_HEADER, VALID_JWT_CLAIMS_WITH_AUD_ARR)
+            .then(function(claims) {
+                expect(claims).toBeDefined();
+                done();
+            })
+            .fail(failTest(done));
+    });
 });

test/unit/server/validator/jwt-validator.spec.js

@@ -53,3 +53,3 @@ var specHelpers = require('../../support/spec-helpers');
             expect(error).toBeDefined();
-            expect(error.message).toBe('Token could not pe parsed');
+            expect(error.message).toBe('Token could not be parsed');
             done();
@@ -152,2 +152,2 @@ });
 
-});
+});

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

125371

increased by3.8%

Lines of code

2281

increased by4.16%

No dependency changes