@growsari/machine-auth
v1.0.1
Published
Utilize the IAM service to verify the validity and permission of a token.
Downloads
49
Keywords
Readme
Machine Auth
This package checks the validity and permission of a JSON Web Token using the keys provided by the IAM service.
Usage
This package uses the asynchronous invoke-lambda
function. You might need to call it within an async-await function.
const validate = require('@growsari/machine-auth')
const sampleFunction = async (token) => {
const claims = await validate(token, permission, APP_ID)
return claims
}
:exclamation: Important: Token must come from the
access_token
returned by any of the login APIs from MS-IAM. Login is required.
If the token is valid, validate
will return the token's decoded claims as a JSON object. Otherwise, it will throw an error.
Parameters
| Parameter | Description |
| --- | --- |
| token
| Token to be verified. Token must come from the access_token
returned by any of the login APIs from MS-IAM. |
| permission
| Permission name. Must be consistent with the permissions under API and Role in MS-IAM. e.g. 'POST /message'
, 'message_create'
, 'create-message'
, 'message:create'
|
| APP_ID
| (optional) App ID of the app where this validation will be used. Note: APP_ID must be present if the scopes
parameter is present at the time of login |
Errors
| Code | Message | Description | | --- | --- | --- | | MACHINE-AUTH-001 | Invalid access token | Token is invalid or expired | | MACHINE-AUTH-002 | You are not permitted to do this action | User does not have the permission to access the resource |