glg-jwt v1.1.12
glg-jwt
Standard Helper Library To integrate JWT Authentication Into Node Apps Quickly
What is it?
Out of the box JWT handles "Auth" and "Session" well. It does a poor job of granularly handling "Access". The tokens also have size limitations. This repo exists to explore utilizing easy bitmasks for ACL.
I just want to get started
Set the following variable in your orders:
export SECURITY_MODE="jwt"
export JWT_ACCESS_FLAGS="${JWT_ROLE_GLG_USER}"Bitmasks (and tools)
It's really important before you proceed you understand the very basics. Specifically, the bitwise and ("&") operation. You can read the quickstart guide for bitmasks here.
Using the Command line tool
There is a command line tool anyone can use to help them with bitmasks and epiquery templates. You can use this tool to adjust the bitmask of your epiquery template, query what roles are included in a bitmask, and even pipe a template through to have the 'friendly names' appear in the template.
Installation
Install the tool like so:
➜ ~ npm install -g glg/glg-jwt
└── glg-jwt@1.1.9 (git+ssh://git@github.com/glg/glg-jwt.git#f8c677d41c10182bfb636a9e17d23a159daa4b5a)Required Environment Variables
The easiest way to configure your environment to use the tools available here would be to grab the latest settings from Starphleet's configuration here.
Create a token from the command line
➜ ~ glg-jwt -e bhudgens@glgroup.com[Info]
{
"token": "eyJhbGciOiJIUddzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlLWdsZyI6MSwiYWYiOjEsImlkcyI6W3sicGVyc29uaWQiOjEwMjc0ODksInVpZCI6NDI2M31dLCJ1aWQiOjQyNjMsInVuIjoiYmh1ZGdlbnMiLCJqaWQiOiJZbWgxWkdkbGJuTT0iLCJpYXQiOjE0NzgyOTY0OTgsImV4cCI6MTQ3ODMwMDA5OH0.8zc-H-jTXCKk9NlJY_1RcH7Y07w6a4DANT-LsNQV_-c",
"urlWithToken": "?jwt=eyJhbGciOiJddIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlLWdsZyI6MSwiYWYiOjEsImlkcyI6W3sicGVyc29uaWQiOjEwMjc0ODksInVpZCI6NDI2M31dLCJ1aWQiOjQyNjMsInVuIjoiYmh1ZGdlbnMiLCJqaWQiOiJZbWgxWkdkbGJuTT0iLCJpYXQiOjE0NzgyOTY0OTgsImV4cCI6MTQ3ODMwMDA5OH0.8zc-H-jTXCKk9NlJY_1RcH7Y07w6a4DANT-LsNQV_-c",
"url": ""
}How do I determine what flags are enabled in an integer?
➜ ~ glg-jwt -r 5
[Info] Flag [5] Includes = COUNCILMEMBER
[Info] Flag [5] Includes = USERHow do I change the flags in an epiquery-template?
You can do this manually. However, if you feel uncomfortable changing the templates by hand, you are free to use the command line tool like this:
➜ glg-jwt -f ./jwt-user.mustache -c 5
[Warn] Diff Detected [1] to [5] | ./jwt-user.mustacheHow do I see what flags are set in a JWT token?
Notice the section below that says Roles.
➜ glg-jwt -x eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlLWdsZyI6MSwiYWYiOjEsImlkcyI6W3sicGVyc29uaWQiOjEwMjc0ODksInVpZCI6NDI2M31dLCJ1aWQiOjQyNjMsInVuIjoiYmh1ZGdlbnMiLCJqaWQiOiJZbWgxWkdkbGJuTT0iLCJpYXQiOjE0NzY5NTE3NzksImV4cCI6MTQ3Njk1NTM3OX0.Pabf2enzmTj5dN03AyllKXYBFU_Ceqf0IITbztjUBRM
[Data] Token Info:
[Data]
{
"role-glg": 1,
"af": 1,
"ids": [
{
"personid": 1027489,
"uid": 4263
}
],
"uid": 4263,
"un": "bhudgens",
"jid": "Ymh1ZGdlbnM=",
"iat": 1476951779,
"exp": 1476955379
}
[Help] Roles [1] Includes = USER
[Info] Token Status:
[Info] Issued : Thu Oct 20 2016 03:22:59 GMT-0500 (CDT)
[Info] Expires : Thu Oct 20 2016 04:22:59 GMT-0500 (CDT)What else can this thing do?
➜ glg-jwt -h
Usage:
command [options]
Options:
-a --app <app> Generate an app token
-c --change <bitmask> Change the epi-templates bitmask
-d --debug Enable Debug Logging
-e --email <email> Generate a token based on this email
-f --file <file> The file intended to be adjusted
-h --help Show this help
-l --login <token> Login with app token
-r --roles <bitmask> Parse and emit the roles associated with an int
-s --stdin Pass an EPI template via STDIN
-t --tests <path> Generate Test Tokens based on JSON Test File
-v --verbose Enable Verbose Logging
-x --decode <path> Verify and Decode a Token