![Introducing Enhanced Alert Actions and Triage Functionality](https://cdn.sanity.io/images/cgdhsj6q/production/fe71306d515f85de6139b46745ea7180362324f0-2530x946.png?w=800&fit=max&auto=format)
Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
koa-azuread-jwt
Advanced tools
Readme
Handles fetching and caching of Azure AD validation certficates.
Though this module is basically functional it's still in development and has not been heavily tested or vetted.
let kao = require('koa')
let azureadJWT = require('koa-azuread-jwt')
let app = koa()
app.use(azureadJWT('tentantidstring', 'appliationidstring')
app.use(function *() {
this.status = 200
})
app.listen(3000)
koa-azuread-jwt(<string>tentantId, <string>applicationId) returns a generator to be used as koa middleware
Cert cache attempts to refresh when a legitimate looking cert without and signing cert in the cache is requested. Or when a call is made and the cert cache has exceed the refresh interval. The refresh interval is currently 24 hours.
Certificates are currently pulled directly from https://login.windows.net/common/discovery/keys. This will change in the future to use the tenant oauth discovery.
The test current just loads a koa server and allows requests with JWT to be sent and validated or rejected.
Tokens can be passed either in the authorizatin header or the query (eg. ?jwt=encoded_jwt), if found in both the authorization header will be preferred.
A basic prevalidation is performed on the jwt before the actual jwt verification with the cert is completed. This is to avoid refreshing the cache when an invalid it token is sent.
If an invalid JWT is found a 401 is returned and next will not be called.
FAQs
Azure AD JWT Validation Middleware for Koa
The npm package koa-azuread-jwt receives a total of 2 weekly downloads. As such, koa-azuread-jwt popularity was classified as not popular.
We found that koa-azuread-jwt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.