passport-jwt-google-auth-library v0.1.0
passport-jwt-google-auth-library
A Passport strategy for authenticating with a google JWT token.
This module lets you authenticate endpoints using a Google JWT web token. Once the user has authenticated with a google account, the token provided by google can be authorized by this module (Using Google Auth Library). It is intended to be used to secure RESTful endpoints without sessions.
This module is based on passport-jwt, and use it internally.
Install
npm install passport-jwt-google-auth-library
Usage
Configure Strategy
The JWT Google Auth Library authentication strategy is constructed as follows:
new JwtGoogleAuthLibraryStrategy(options, verify)
options
is an object literal containing options to control how the token is
extracted from the request.
clientID
is a REQUIRED string or array containing the audience to verify against the ID Token.secretOrKey
is a REQUIRED string containing the secret (symmetric) or PEM-encoded public key (asymmetric) for verifying the token's signature.jwtFromRequest
(REQUIRED) Function that accepts a request as the only parameter and returns either the JWT as a string or null. This approach is base on passport-jwt. See Extracting the JWT from the request for more details.passReqToCallback
: If true the request will be passed to the verify callback. i.e. verify(request, jwt_payload, done_callback).
verify
is a function with the parameters verify(jwt_payload, done)
jwt_payload
is an object literal containing the decoded JWT payload.done
is a passport error first callback accepting arguments done(error, user, info)
An example configuration which reads the JWT from the http Authorization header with the scheme 'JWT':
var passportStrategy = require('passport-jwt-google-auth-library'),
JwtGoogleAuthLibraryStrategy = passportStrategy.Strategy,
ExtractJwt = passportStrategy.ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.clientID = 'clientID';
opts.secretOrKey = 'secret';
passport.use(new JwtGoogleAuthLibraryStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
// or you could create a new account
}
});
}));
Extracting the JWT from the request
Extracting the JWT from the request for more details.
Authenticate requests
Use passport.authenticate()
specifying 'JWT'
as the strategy.
app.post('/profile', passport.authenticate('jwt-google-auth-library', { session: false }),
function(req, res) {
res.send(req.user.profile);
}
);
Include the JWT in requests
The strategy will first check the request for the standard Authorization
header. If this header is present and the scheme matches options.authScheme
or 'JWT' if no auth scheme was specified then the token will be retrieved from
it. e.g.
Authorization: JWT JSON_WEB_TOKEN_STRING.....
If the authorization header with the expected scheme is not found, the request
body will be checked for a field matching either options.tokenBodyField
or
auth_token
if the option was not specified.
Finally, the URL query parameters will be checked for a field matching either
options.tokenQueryParameterName
or auth_token
if the option was not
specified.
Tests
npm install
npm test
To generate test-coverage reports:
npm run-script testcov
License
The MIT License
7 years ago