npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@digicatapult/tsoa-oauth-express

v0.1.69

Published

Authentication handler for TSOA using OAuth2 JWT tokens

Downloads

6,956

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

it-ops-digicatit-ops-digicatjonmattgrayjonmattgraymattdean-digicatapultmattdean-digicatapultdhblanedhblane

Keywords

Readme

tsoa-oauth-express

This library enables easy implementation of OAuth2 authentication for tsoa on express. To use this library first add it as an npm dependency to your existing tsoa application.

npm i @digicatapult/tsoa-oauth-express

Your authentication file (see tsoa's documentation on authentication setup here) will then need to contain something like:

import type express from 'express'
import type * as jwt from 'jsonwebtoken'

import mkExpressAuthentication, { AuthOptions } from '@digicatapult/tsoa-oauth-express'

// module options
const options: AuthOptions = {
  ...
}

export const expressAuthentication = mkExpressAuthentication(options)

where the options value is an object with the following type and properties:

interface AuthOptions {
  securityName?: string
  verifyOptions?: jwt.VerifyOptions & { complete?: false }
  jwksUri: () => Promise<string>
  getAccessToken: (req: express.Request) => Promise<string | undefined>
  getScopesFromToken: (decoded: string | jwt.JwtPayload) => Promise<string[]>
  tryRefreshTokens: (req: express.Request) => Promise<boolean>
}

| property | required | description | | ------------------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | jwksUri | true | Resolves to the uri for your identity providers jwks configuration | | getAccessToken | true | Resolves a JWT from the Request. For example this may come from an authorization header or a cookie based on requirements | | getScopesFromToken | true | Resolves to an array of OAuth scopes that the provided token supports | | securityName | false | OpenAPI Security scheme name to be secured | | verifyOptions | false | jsonwebtoken verification options. See the jsonwebtoken documentation for details | | tryRefreshTokens | false | Performs a token refresh. Resolves to true if the refressh succeeded otherwise false. By default this always resolves to false |

Example

An example implementation of using the OAuth client-credential flow to authenticate a machine-to-machine (m2m) API is included in the package repository. This consists of two parts, a pre-configured Keycloak instance which can be instantiated with docker compose to act as our identity provider and an example application under ./example which implements to tsoa server. For further information please see the tsoa authentication documentation and our authentication handler example at ./example/authentication.ts.

To get started first bring up the Keycloak instance by executing from the repository root:

docker compose up -d

This will automatically pre-configure a client called example with client secret example. We can then fetch a m2m token by executing:

curl --request POST \
  --url 'http://localhost:3080/realms/example/protocol/openid-connect/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=example \
  --data client_secret=example

This will return a JSON object with a JWT auth token in the access_token property that takes the form like eyJhbGci...r8TIOfRQ.

The example server can then be run with:

npm run example

This server listens on port 3000 and exposes two routes /authenticated and /unauthenticated where only the first route requires an auth token. So we can for example call

curl http://localhost:3000/unauthenticated

which should return something like

{ "message": "This route is unauthenticated", "authenticated": false }

But calling the authenticated route (curl http://localhost:3000/authenticated) in the same was will return an error

{ "message": "unauthenticated" }

Providing the JWT auth token as part of an authentication header:

curl http://localhost:3000/authenticated --header 'authorization: bearer eyJhbGci...r8TIOfRQ'

causes the call to succeed:

{ "message": "This route is authenticated", "authenticated": true }