1.0.3 • Published 18 days ago

@berlingske-media/bm.node-module.gateway_jwt v1.0.3

Weekly downloads
-
License
Apache-2.0
Repository
github
Last release
18 days ago

@berlingske-media/bm.node-module.gateway_jwt

JWKS processing library with cache/rateLimiting using jose library to verify tokens

Usage

As this repository doesnt strictly provide integration middewares - to prevent inclusion of every framework as deps here - here is how to integrate with it.

import { JwksClient } from './JwksClient';
import * as jose from 'jose';
// this client definition should be on top level of your module/plugin
const client = new JwksClient({
  jwksUri: 'https://oauth.berlingskemedia-testing.net/.well-known/jwks.json',
  requestHeaders: {
    'Content-Type': 'application/json',
    'User-Agent': 'NodeJS',
  }, // Optional
  timeout: 30000, // Defaults to 30s
});

// your access_token - should be only fetched from Authorization: Bearer <access_token> header.
const jwt = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2Jlcmxpbmdza2UuZGsiLCJhdWQiOiJhcnRpY2xlLXJlYWRlciIsInN1YiI6ImVlOTdiYmMxODI3NTQ3YjZiNGI3MWQ4ZmE5ODRhNjI5IiwibmFtZSI6ImFkbWluIEt1cmVrIiwiZW1haWwiOiJ4cGlrdUBiZXJsaW5nc2tlbWVkaWEuZGsiLCJleHAiOjE3MTE2MjAzNzQsInJvbGVzIjpbXSwic3Vic2NyaXB0aW9uVHlwZXMiOltdLCJjb21wYW55IjoiIiwiaWF0IjoxNzExNjE5NDc0fQ.AKOsMq8Gcnw4C1OkzVmbGQQtVSPfh9kH39FaeO6Q1UIEqeIaSot1azI48-dusR-mao918hzJcWWc4N9mzW02nqTj2blh5DqG8Lc5fnwFrCLEaY59wMFqwVpcUoJZC8IZk8wUx9oI5LR2FDXUdWQVg3j6DPNKH85BYoJ84i3C0dyiRRWAq9VNBc0ibuF3L_qqMUaQkO7uhx9yxS9lLpKFM8d-KFxwR_AZ76WRKuDgDd48QPXy2bHevWCFk6mPdT2mWx4N8kWOVVsJXJVmHL7nGHPR5xc-WqqtlZp4ZOhFo0WhrULKufaCl8fDsGJvsf77fXceWNvgKnsw6Gc_zpZSDg';
const jwtHeader = jose.decodeProtectedHeader(jwt);
// keyid isn't strictly required but verification will fail if there is more then 1 key in jwksUri
const key = await client.getSigningKey(jwtHeader.kid || undefined);

const publicKey = await jose.importSPKI(key.publicKey, key.alg);
// issuer and audience verification is optional but it adds security
const { payload, protectedHeader } = await jose.jwtVerify(jwt, publicKey, {
  // issuer: 'https://oauth.berlingskemedia-testing.net',
  // audience: 'article-reader',
});

For examples see /src/integrations

JWTJWKS
joselimiterlru-memoizer
1.0.3-canary.9.33.0

18 days ago

1.0.3-canary.8.32.0

18 days ago

1.0.3

18 days ago

1.0.2

29 days ago

1.0.1

1 month ago

1.0.2-canary.6.26.0

29 days ago

1.0.2-canary.6.27.0

29 days ago

1.0.1-canary.5.24.0

1 month ago

1.0.1-canary.5.23.0

1 month ago

1.0.1-canary.5.22.0

1 month ago