1.1.3 • Published 3 years ago

gurant v1.1.3

Weekly downloads
-
License
MIT
Repository
github
Last release
3 years ago

gurant

Gurant is an OAuth 2.0 provider built with Typescript/NodeJS. It is an authorization framework based on the OAuth 2.0 Specification.

Additionally, it also has a built-in authentication using Firebase. Currently, it is opinionated and will only support Firebase.

Lastly, this project uses Hasura's GrahpQL Engine for handling database queries and mutations. That would also mean that Gurant is database agnostic as long as Hasura supports it.

Environment Variables

CRYPTO_SECRET_KEY=
CRYPTO_INIT_VECTOR=
FIREBASE_PROJECT_ID=
FIREBASE_DATABASE_URL=
FIREBASE_CLIENT_EMAIL=
FIREBASE_PRIVATE_KEY=
HASURA_ADMIN_SECRET=
JWT_PUBLIC_KEY=
JWT_PRIVATE_KEY=

Change the GraphQL Endpoint (https://gurant.hasura.app/v1/graphql) in the codegen.config.js to the GraphQL Endpoint of your Hasura Project.

Endpoints

Resource Owner Endpoints

GET /user

Fetches the resource owner's profile details.

Response Payload

propertytypedescription
idstringthe resource owner's identifier
created_attimestamptimestamp when the resource is created
updated_attimestamptimestamp when the resource is updated
display_namestringthe resource owner's display name
emailstringthe resource owner's email
client_liveobjectrefer to the table below
client_testobjectrefer to the table below

Client Object

propertytypedescription
idstringthe client identifier
created_attimestamptimestamp when the resource is created
updated_attimestamptimestamp when the resource is updated
secretstringthe client secret
is_livebooleandetermines whether the credentias is for a live or test enviroment
redirect_uristringthe client's redirect enpoint

POST /user

Register clients after the user has been registed. Requires the user's Firebase token to their info.

Request Payload

propertytypedescription
redirect_uristringthe user specified redirect enpoint

Response Payload

propertytypedescription
idstringthe resource owner's identifier
created_attimestamptimestamp when the resource is created
updated_attimestamptimestamp when the resource is updated
display_namestringthe resource owner's display name
emailstringthe resource owner's email
client_live_idstringthe resource owner's live client identifier
client_test_idstringthe resource owner's test client identifier

PUT /user/clients/:client_id

Update the specified client's redirect endpoint, requires Firebase token for authorization.

Request Payload

propertytypedescription
redirect_uristring *The new redirect enpoint for the client

Response Payload

propertytypedescription
idstringthe updated client's client identifier
redirect_uristringthe new redirect enpoint for the client

OAuth 2.0 Endpoints

GET /oauth2/authorize

Retrieve the authrization code after the authorization grant, requires Firebase token authorization.

Request Parameters

propertytypedescription
response_typestring *value MUST be code
client_idstring *the registered client's client identifier
redirect_urlstring *value MUST be the same with the client's redirect_url
scopestring *the scope of which the authorization is applicable
statestringadditional state to be passed, could be user info

Response Parameters

The response is the redirect url injected with the parameters below | property | type | description | | -------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------- | | code | string | the authorization code that'll be exchanged to the access token | | state | string | value MUST be the same with state parameter passed in the request |

POST /oauth2/token?grant_type=authorization_code

This endpoint is responsible for generating tokens using the previously generated authorization code. This also requires client authentication (HTTP Basic Auth).

The generated access and refresh tokens comply with the JSON Web Token (JWT) Specification.

Request Parameter

propertytypedescription
grant_typestring *the type of request in how the access token should be generated, value MUST be authorization_code
codestring *the authorization code that'll be exchanged to the access token
redirect_uristring *the redirect enpoint used in the previous authorization grant
client_idstring *the registered client's client identifier

Response Payload

propertytypedescription
access_tokenstringthe access token used to access protected resources
refresh_tokenstringthe refresh token used to refresh an access token
scopestringthe scope of which access is applicable
expires_innumberthe lifetime in seconds of the access token
token_typestringthe type of the access token, value is always bearer

POST /oauth2/token?grant_type=refresh_token

This endpoint is responsible for generating tokens using a refresh_token. This also requires client authentication (HTTP Basic Auth).

Request Parameter

propertytypedescription
grant_typestring *the type of request in how the access token should be generated, value MUST be refresh_token
refresh_tokenstring *the refresh token used to refresh an access token

Response Payload

propertytypedescription
access_tokenstringthe access token used to access protected resources
refresh_tokenstringthe refresh token used to refresh an access token
scopestringthe scope of which access is applicable
expires_innumberthe lifetime in seconds of the access token
token_typestringthe type of the access token, value is always bearer

POST /oauth2/revoke

Revoke an access token, requires client authentication (HTTP Basic Auth). This follows the OAuth 2.0 Token Revocation Specification

Request Parameter

propertytypedescription
tokenstring *The token the client wants to revoke
token_type_hintstring *A hint about the type of the token submitted for revocation. For now, the value MUST be access_token only

Response Payload

propertytypedescription
statusstringthe HTTP status
statusCodenumberthe HTTP status code

Utility Endpoints

GET /health

This endpoint is used for health checks

Response Payload

propertytypedescription
statusstringthe HTTP status
statusCodenumberthe HTTP status code

GET /generate-crypto-keys

This endpoint SHOULD NOT be exposed in production as it SHOULD only be used for debugging purposes. Generates a secret_key and an initialization vector.

Response Payload

propertytypedescription
secret_keystringthe raw key used by the algorithm and the initialization vector
initialization_vectorstringa cryptographically random 16 byte string

GET /generate-jwt-keys

This endpoint SHOULD NOT be exposed in production as it SHOULD only be used for debugging purposes. Generates a public and private signed with the secp256r1 elliptic curve.

Response Payload

propertytypedescription
public_keystringthe public key in a PEM format
private_keystringthe private key in a PEM format

GET /verify-token

This endpoint SHOULD NOT be exposed in production as it SHOULD only be used for debugging purposes. Verifies and decodes a given JSON Web Token (JWT).

Request Parameters

propertytypedescription
tokenstring *the token to be verified and decoded
token_type_hintstring *the token's type, value could eiher be access_token or refresh_token

Response Payload

propertytypedescription
decodedobjectthe value of the decoded token

TODO

  • Add tests :')
oauthoauth2authorizationauthorization-code-grant
axiosdate-fnsdotenvecdsa-secp256r1fastifyfastify-corsfastify-formbodyfastify-healthcheckfastify-helmetfirebase-admingraphqlgraphql-requestgraphql-tagjosequery-stringuuid
@infinitebrahmanuniverse/nolb-gur@everything-registry/sub-chunk-1815@zalastax/nolb-gur
1.1.1

3 years ago

1.1.0

3 years ago

1.0.1

3 years ago

1.0.0

3 years ago

1.1.3

3 years ago

1.1.2

3 years ago

0.1.1

3 years ago

0.1.0

3 years ago