1.0.0 • Published 2 years ago
express-jwt-validator v1.0.0
express-jwt-validator
Helper for validating oauth2/openid-connect JWT tokens using public keys loaded from identity providers.
Config
| Name | Description | 
|---|---|
| JWT_ISSUER | JWT Issuer | 
| JWT_ALGORITHM | Algorithm of the private key that was used to sign the JWT token | 
| JWT_JWKS_URI | URL to JWKS (json web keys) endpoint | 
| JWT_JWKS_TIMEOUT | Timeout for http client when fetching JWKS | 
| JWT_JWKS_CACHE | Enables/disables JWK local cache | 
| JWT_JWKS_CACHE_MAX_ENTRIES | Max entries to keep in the JWK local cache | 
| JWT_JWKS_CACHE_MAX_AGE | Max age of items in the local JWK cache | 
| JWT_JWKS_RATE_LIMIT | Enables/disables JWKS http client rate limiting | 
| JWT_JWKS_RATE_LIMIT_RPM | Number of allowed JWKS http client calls per minute | 
| cookieToken | Sets which token to extract from cookie for jwt validation (id, access default) | 
Usage
// init validator instance (should use 1 instance per app)
import { jwtValidator, Config } from 'express-jwt-validator`';
const config: Config = {
  jwtJwksUri: 'https://testing.well-known.uri/jwks.json',
  jwtJwksTimeout: 1000,
  jwtJwksCache: false,
  jwtJwksCacheMaxEntries: 1,
  jwtJwksCacheMaxAge: 1000,
  jwtJwksRateLimit: false,
  jwtJwksRateLimitRpm: 100,
  jwtIssuer: 'test-issuer',
  jwtAlgorithm: 'RS256',
  cookieToken: 'id'; // optional, default is 'access'
};
const validateJwt = jwtValidator(config);
// register jwt validator in a specific express route
this.router.get('/user-info', validateJwt, authController.userInfo);
// use token information in route handlers
import { AuthorizedRequest } from 'express-jwt-validator';
getResource: RequestHandler = forwardError(async (req: AuthorizedRequest, res: Response): Promise<void> => {
  // access token information under user field
  const userName = req.user.username;
  const scope = req.user.scope;
  const clientId = req.user.client_id;
  const roles = req.user['cognito:groups'];
}
// For this to work you have to include cookieToken config set to 'id'
getResourceIdToken: RequestHandler = forwardError(async (req: IdAuthorizedRequest, res: Response): Promise<void> => {
  // id token information under user field
  const scope = req.user.email;
  const clientId = req.user['custom:workspaceId'];
    const roles = req.user['cognito:groups'];
}1.0.0
2 years ago