8.2.1 • Published 4 years ago

brightspace-auth-provisioning v8.2.1

Weekly downloads
695
License
Apache-2.0
Repository
github
Last release
4 years ago

brightspace-auth-provisioning

Build Status

Library for making assertions against an auth service.

Install

npm install brightspace-auth-provisioning --save

Usage

var AuthTokenProvisioner = require('brightspace-auth-provisioning');

var provisioner = new AuthTokenProvisioner({
	issuer: 'ece083bc-e6ac-11e4-8e1b-54ee750fffa4',
	keyLookup: function () {
		return Promise.resolve({
			kid: '0a9e68f6-e6ad-11e4-8ab6-54ee750fffa4',
			pem: '...',
			alg: 'ES256'
		});
	}
});

var tokenPromise = provisioner
	.provisionToken({
		user: '32647',
		impersonator: '30882',
		tenant: '5492ff8a-e6ad-11e4-84d6-54ee750fffa4',
		scopes: ['updates:feed-items:read'],
		fsid: 'eyJhbGciOiJIUzI1Ni...'
	});

API

new AuthTokenProvisioner(Object options) -> AuthTokenProvisioner

Option: issuer String (required)

The String used to identify your local issuer/service. This must be registered with the auth service.

Option: keyLookup () -> Promise<Object> (required)

A function which returns a Promise to an Object representing your current signing key. The object must have the properties kid, which is a unique String, and pem which is the String representing the private key. The object should also have a String property alg representing the signing algorithm to use. alg must be one of ES256, ES384, ES512 or RS256. RS256 will be assumed if alg is not provided.

NOTE: alg will be required in the future.

Option: remoteIssuer String (https://auth.brightspace.com/core)

You may optionally specifiy the endpoint of the remote issuer, or auth service.

Option: cache AbstractProvisioningCache (AbstractProvisioningCache)

You may optionally specify an instance of an object inheriting from AuthTokenProvisioner.AbstractProvisioningCache.

.provisionToken(Object options) -> Promise<String>

Given the set of claims provided, will make an assertion against the auth service. Returns a promise to the encoded access token.

Option: scopes Array<String> (required)

The set of scopes to include in the auth token. The contained scopes should fit our semantic scope formatting: <group>:<resource>:<permission>.

Option: tenant String

The GUID of the tenant this token is meant for.

Option: user String

The id of the user this token is meant for. Requires the tenant option has been set.

Option: impersonator String

The id of the active user, who is impersonating user. Requires the user option has been set.

Option: fsid String

The Caliper FSID associated with this token.

.AbstractProvisioningCache

Available on the export is a reference to the AbstractProvisioningCache

jwssuperagentuuid
@infinitebrahmanuniverse/nolb-bri@everything-registry/sub-chunk-1263
8.2.1

4 years ago

8.2.0

4 years ago

8.1.0

4 years ago

8.0.0

6 years ago

7.0.1

6 years ago

7.0.0

7 years ago

6.0.2

8 years ago

6.0.1

8 years ago

6.0.0

8 years ago

2.2.0

9 years ago

2.1.3

9 years ago

2.1.2

10 years ago

2.1.1

10 years ago

2.1.0

10 years ago

2.0.2

10 years ago