1.0.2 • Published 2 years ago

authomatic v1.0.2

Weekly downloads
3
License
MIT
Repository
github
Last release
2 years ago

authomatic

Build Status Maintainability

Description

An authentication library that uses JWT for access and refresh tokens with sensible defaults.

Install

npm install authomatic

Available stores

Redis

Please create an issue if you need another store.

Examples

Koa Example

Quickstart

const Store = require('authomatic-redis');
const Authomatic = require('authomatic');
const store = Store();
const authomatic = new Authomatic({store});

// Use authomatic functions

Test

npm test

Notes about migrating from version 0.0.1 to 1

  1. Access and refresh tokens from those old versions will not work with the new ones. If you just upgraded, users will be required to relog. If that is undesirable, and you want a seamless transition use two instances of Authomatic, but do not sign new tokens (or refresh) with the old instance.
  2. The refresh method now accepts a 4th argument, verify options.
  3. The invalidate refresh token method now requires a secret.
  4. aud in sign options and audience in verify options are now strictly an array.
  5. RefreshTokenExpiredOrNotFound became RefreshTokenNotFound, the expiration error is throw by the 'jsonwebtoken' library.
  6. InvalidAccessToken became InvalidToken, it is for both refresh and access tokens.
  7. TokensMismatch error is thrown if refresh and access token do not match.

The example has been updated to reflect all the new changes.

Documentation

Members

Typedefs

sign ⇒ Promise.<Tokens>

Returns access and refresh tokens

Kind: global variable
Throws:

  • TypeError typeError if any param was not sent exactly as specified
ParamTypeDescription
userIdString
secretSecret
contentObjectuser defined properties
prolongBooleanif true, the refreshToken will last 4 days and accessToken 1 hour, otherwise the refresh token will last 25 minutes and the accessToken 15 minutes.
signOptionsSignOptionsOptions to be passed to jwt.sign

verify ⇒ String

Verifies token, might throw jwt.verify errors

Kind: global variable
Returns: String - decoded token
Throws:

ParamTypeDescription
tokenString
secretSecret
verifyOptionsVerifyOptionsOptions to pass to jwt.verify.

refresh ⇒ Promise.<Tokens>

Issues a new access token using a refresh token and an old token (can be expired).

Kind: global variable
Throws:

ParamTypeDescription
refreshTokenString
accessTokenString
secretSecret
signOptionsSignOptionsOptions passed to jwt.sign, ignoreExpiration will be set to true

invalidateRefreshToken ⇒ Promise.<Boolean>

Invalidates refresh token

Kind: global variable
Returns: Promise.<Boolean> - true if successful, false otherwise.
Throws:

ParamType
refreshTokenString

invalidateAllRefreshTokens ⇒ Promise.<Boolean>

Invalidates all refresh tokens

Kind: global variable
Returns: Promise.<Boolean> - true if successful, false otherwise.
Throws:

  • TypeError typeError if any param was not sent exactly as specified
ParamType
userIdString

Secret : String

a string greater than 20 characters

Kind: global typedef

AccessToken : String

Regular JWT token. Its payload looks like this:

{
 "t": "Authomatic-AT",
 "uid": "userId",
 "exp": "someNumber",
 "jti": "randomBytes",
 ...otherClaims,
 "pld": {
   ...otherUserContent
 }
}

Kind: global typedef

RefreshToken : String

regular JWT token. Its payload looks like this:

{
  "t": "Authomatic-RT",
  "iss": "Authomatic",
  "aud": ["Authomatic"]
  "uid": "userId",
  "exp": "someNumber",
  "jti": "randomBytes",
  "accessTokenJTI": "randomBytes"
}

Kind: global typedef

Tokens : Object

Token pairs

Kind: global typedef
Properties

NameTypeDescription
accessTokenAccessToken
accessTokenExpiresAtNumberepoch
refreshTokenRefreshToken
refreshTokenExpiresAtNumberepoch

VerifyOptions : Object

Verify options to be used when verifying tokens

Kind: global typedef
Properties

NameTypeDescription
audienceArray | Stringchecks the aud field
issuerString | Arraychecks the iss field
ignoreExpirationBooleanif true, ignores the expiration check of access tokens
ignoreNotBeforeBooleanif true, ignores the not before check of access tokens
subjectStringchecks the sub field
clockToleranceNumber | String
maxAgeString | Number
clockTimestampNumberoverrides the clock for the verification process

SignOptions : Object

The allowed user options to for signing tokens

Kind: global typedef
Properties

NameType
nbfNumber
audArray | String
issString
subString

RefreshTokenNotFound : StandardError

The refresh token was not found.

Kind: global typedef
Properties

NameTypeDefault
nameString'RefreshTokenNotFound'

TokensMismatch : StandardError

The tokens provided do not match

Kind: global typedef
Properties

NameTypeDefault
nameString'TokensMismatch'

InvalidToken : StandardError

The provided input is not a valid token.

Kind: global typedef
Properties

NameTypeDefault
nameString'InvalidToken'

Creating a store

If you want to create a new store you need to expose the following functions:

  1. add
/**
* Register token and refresh token to the user
* @param {String} userId
* @param {String} refreshTokenJTI
* @param {String} accessTokenJTI
* @param {Number} ttl time to live in ms
* @returns {Promise<Boolean>} returns true when created.
*/
function add(userId, refreshTokenJTI, accessTokenJTI, ttl){...}
  1. remove
/**
* Remove a single refresh token from the user
* @param userId
* @param refreshTokenJTI
* @returns {Promise<Boolean>} true if found and deleted, otherwise false.
*/
function remove(userId, refreshTokenJTI) {...}
  1. removeAll
/**
* Removes all tokens for a particular user
* @param userId
* @returns {Promise<Boolean>} true if any were found and delete, false otherwise
*/
function removeAll(userId) {...}

You may need to expose a reference to the store if the user may need to handle connections during testing for example.

authenticationjwtrefresh-tokensecurity
jsonwebtokenstandard-errortcomb
@everything-registry/sub-chunk-1184
1.0.2

2 years ago

1.0.1

4 years ago

1.0.0

6 years ago

0.0.1

6 years ago

0.0.0

6 years ago