Akamai-edgeauth NPM

Akamai-EdgeAuth: Akamai Edge Authorization Token for Node

Akamai-EdgeAuth is Akamai Edge Authorization Token in the HTTP Cookie, Query String and Header for a client. You can configure it in the Property Manager at https://control.akamai.com. It's the behaviors which is Auth Token 2.0 Verification and Segmented Media Protection.

Akamai-EdgeAuth supports for Node.js 4.0+

Installation

To install Akamai Edge Authorization Token with npm:

$ npm install akamai-edgeauth --save

Example

const EdgeAuth = require('akamai-edgeauth')
const http = require('http') // Module for the test


var EA_HOSTNAME = 'edgeauth.akamaized.net'
var EA_ENCRYPTION_KEY = 'YourEncryptionKey' 
var DURATION = 500 // seconds


// Function just for the simple test
function makeRequest(options, callback) {
    var request = http.request(options, (res) => {
        callback(res)
    })
    request.on('error', (err) => {
        callback(err)
    })
    request.end()
}

EA_ENCRYPTION_KEY must be hexadecimal digit string with even-length.
Don't expose EA_ENCRYPTION_KEY on the public repository.

URL parameter option

// [EXAMPLE 1] Cookie
var ea = new EdgeAuth({
    key: EA_ENCRYPTION_KEY,
    windowSeconds: DURATION,
    escapeEarly: true
})
var token = ea.generateURLToken("/akamai/edgeauth")
var options = {
    hostname: EA_HOSTNAME,
    path: '/akamai/edgeauth',
    'Cookie': `${ea.options.tokenName}=${token}`
}
makeRequest(options, function(res) {
    console.log(res.statusCode) // If pass, it won't response 403 code.
})

// [EXAMPLE 2] Query string
token = ea.generateURLToken("/akamai/edgeauth")
options = {
    hostname: EA_HOSTNAME,
    path: `/akamai/edgeauth?${ea.options.tokenName}=${token}`
}
makeRequest(options, function(res) {
    console.log(res.statusCode)
})

'Escape token input' option in the Property Manager corresponds to 'escapeEarly' in the code.
Escape token input (on) == escapeEarly (true)
Escape token input (off) == escapeEarly (false)
In Example 2 for Query String, it's only okay for 'Ignore query string' option (on).
If you want to 'Ignore query string' option (off) using query string as your token, Please contact your Akamai representative.

ACL(Access Control List) parameter option

// [EXAMPLE 1] Header using *
var ea = new EdgeAuth({
    key: EA_ENCRYPTION_KEY,
    windowSeconds: DURATION,
    escapeEarly: false
})
var token = ea.generateURLToken("/akamai/edgeauth/*")
var options = {
    hostname: EA_HOSTNAME,
    path: "/akamai/edgeauth/something",
    headers: {[ea.options.tokenName]: token}
}
makeRequest(options, function(res) {
    console.log(res.statusCode)
})


// [EXAMPLE 2] Cookie using ACL delimiter
var ea = new EdgeAuth({
    key: EA_ENCRYPTION_KEY,
    windowSeconds: DURATION,
    escapeEarly: false
})
var acl = ["/akamai/edgeauth/??", "/akamai/edgeauth/list/*"]
var token = ea.generateURLToken(acl)
var options = {
    hostname: EA_HOSTNAME,
    path: "/akamai/edgeauth/22",
    Cookie: `${ea.options.tokenName}: ${token}`
}
makeRequest(options, function(res) {
    console.log(res.statusCode)
})

ACL can use the wildcard(*, ?) in the path.
Don't use '!' in your path because it's ACL Delimiter
Use 'escapeEarly=false' as default setting but it doesn't matter turning on/off 'Escape token input' option in the Property Manager

Usage

EdgeAuth Class

class EdgeAuth {
    constructor(options) {}
}

Parameter	Description
options.tokenType	Select a preset. (Not Supported Yet)
options.tokenName	Parameter name for the new token. Default: __token__
options.key	Secret required to generate the token. It must be hexadecimal digit string with even-length.
options.algorithm	Algorithm to use to generate the token. ('sha1', 'sha256', or 'md5') Default: 'sha256'
options.salt	Additional data validated by the token but NOT included in the token body. (It will be deprecated)
options.startTime	What is the start time? (Use string 'now' for the current time)
options.endTime	When does this token expire? endTime overrides windowSeconds
options.windowSeconds	How long is this token valid for?
options.fieldDelimiter	Character used to delimit token body fields. Default: ~
options.aclDelimiter	Character used to delimit acl. Default: !
options.escapeEarly	Causes strings to be url encoded before being used.
options.verbose	Print all parameters.

EdgeAuth's Method

generateURLToken(url) {}
generateACLToken(acl) {}

// both return the authorization token string.

Parameter	Description
url	Single URL path (String)
acl	Access Control List can use the wildcard(*, ?). It can be String (single path) or Array (multi paths)

Others

If you use the Segmented Media Protection behavior in AMD(Adaptive Media Delivery) Product, tokenName(options.tokenName) should be 'hdnts'.

Command

You can use the command with cms-edgeauth.js in your terminal with commander to generate the token.

$ npm install commander --save
$ node cms-edgeauth.js --key YourEncryptionKey --window 5000 --url /hello/world --escape_early

Use -h or --help option for the detail.

edgeauth akamai token authorization property manager

@everything-registry/sub-chunk-1112 @infinitebrahmanuniverse/nolb-ak @greendistrict/api @zalastax/nolb-ak

6 years ago

6 years ago

6 years ago

6 years ago