1.0.0 • Published 5 years ago
@shoskens/koa-jwt-authz v1.0.0
koa-jwt-authz
forked this since the original disappeared from npm registry
Validate a JWTs scope to authorize access to an endpoint.
Install
$ npm i -S @shoskens/koa-jwt-authz
koa >=2is a peer dependency. Make sure it is installed in your project.
Usage
Use together with koa-jwt to both validate a JWT and make sure it has the correct permissions to call an endpoint.
const jwtAuthz = require('@tadashi/koa-jwt-authz')
const jwt = require('koa-jwt')
const Koa = require('koa')
const Router = require('koa-router')
const app = new Koa()
const router = new Router()
router.get('/', ctx => {
ctx.body = {home: 'free'}
})
router.get('/me',
jwt({secret: 'shared_secret'}),
jwtAuthz(['read:users']),
ctx => {
ctx.body = ctx.state.user
}
)
app.use(router.middleware())
const port = process.env.PORT || 3000
app.listen(port)The JWT must have a scope claim and it must either be a string of space-separated permissions or an array of strings. For example:
# String: "write:users read:users"
# Array: ["write:users", "read:users"]API
jwtAuthz(expectedScopes [, options])
| parameter | type | required | default | description |
|---|---|---|---|---|
| expectedScopes | Array | yes | - | List of permissions |
| options | Object | no | see below | Options |
options
| parameter | type | required | default | description |
|---|---|---|---|---|
| checkAllScopes | Boolean | no | false | When true, all the expected scopes will be checked against the user's scopes |
| customScopeKey | String | no | scope | The property name to check for the scope |
Author
License
MIT © Thiago Lagden
1.0.0
5 years ago