npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@makemydeal/dr-auth-utilities

v1.4.0

Published

JWT Token Validation and other utilities

Downloads

2,841

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mmd-devopsmmd-devops

Keywords

Readme

@makemydeal/dr-auth-utilities

This is a package to help with managing authorization and authentication within DR applications. This will assist with JWT Token Verification, Scopes Verification, Policy Document creation for API Gateway, etc.

VerifyTokenManager

In order to use VerifyTokenManager, you need to instantiate a copy of the class.

const vtm = new VerifyTokenManager();

This was done as a class so it can "manage it's own state." In an effort to speed up JWT Token Verifications along with Signing Verification, we only want to request the PEM once. This operation is async, so we would not want each request to slow down the application.

verify

This will verify an encoded token by checking against the SigningKey and other optional settings. It will also check if the token is Expired against the current date.

Options

| Parameter | Required | Description | --- | --- | --- | jwksUri | Yes | Location of the JWKS URI in order to acquire the SigningKey | encodedToken | Yes | The token to decode | options | No | Options that can be set when verifying the token. See IVerifyOptions

IVerifyOptions

| Options | Description | --- | --- | audience | To verify the audience against a known audience or audiences, pass the value here | issuer | To verify the issuer against a known issuer or issuers, pass the value here | algorithms | The algorithms used to encode the token. RS256 for example. You shouldn't need this option | ignoreExpiration | Pass TRUE to not validate the token against expiration | clockTolerance | If you wish to provide a "buffer", pass it here. For instance, if you want the token to be determined to be expired if we are within 30 seconds of expiration, pass 30 here.

verifyFromEvent

This function will perform the same operation as the verify function. However, instead of passing in the encodedToken, you will pass in the ITokenAuthorization object that comes from API Gateway. The function will then get the encodedToken and pass it to verify for the results.

decode

If you wish to decode a token, and check it against the criteria in IVerifyOptions, but you do not wish to verify against the SigningKey, then use this function

Options

| Parameter | Required | Description | --- | --- | --- | encodedToken | Yes | The token to decode | options | No | Options that can be set when verifying the token. See IVerifyOptions

OAuthTokenManager

This manager will request OAuth tokens and cache them for later used. It will check their expiration date with a 15m buffer and if they are expired, will also request a new token.

get

This method takes in the following parameters:

  • clientId
  • clientSecret
  • scope - the scopes requested
  • tokenEndpoint - the tokenEndpoint to use

With these parameters, it will check its cache, and if there is valid token, it will return this immediately. If it does not exist, or that token is no longer valid, it will make a request to tokenEndpoint using the clientId, clientSecret and scope as parameters to get a new token, cache it, and return it back.

considerations

The goal of this class is to allow you to instantiate it in the global space of a lambda, while calling get in the handler function. This handler function will most likely receive its configuration from the ConfigurationManager. This is why it does not take these parameters in during instantiation of the class.

const tokenManager = new TokenManager();

const handler = async (event, context) => {
    const token = await tokenManager.get({ clientId: 'clientId', clientSecret: 'secret', scope: 'scope', tokenEndpoint: 'https://tokenendpoint.com' });
    console.log(`the token was: ${token}`);
}

apiGateway

This object contains helpers to work with API Gateway method ARNs

parseMethodArn

This method will take a methodArn and parse it into it's parts.

createMethodArn

This method will take the parts of a methodArn and construct the arn. This is helpful for creating methodArns with wildcards

scopes

This object has tools for checking scopes against a known list

every

This method will tell you if every scope in the known list is in the token

some

This method will tell you if at least one scope in the known list is in the token

policyDocument

This object contains tools to create a PolicyDocument for API Gateway Authorizers

create

Given a set of resources, this will create the policy document. If the resources list is empty, or undefined, it will return a policy to deny access

createReadWrite

Given the token, the methodArn from the authorizer and a set of options, this will create the policy document. The options define the readScopes (scopes for read access), writeScopes (scopes for write access), readVerbs (verbs for read, defaults to GET) and writeVerbs (verbs for write, default to ['POST', 'PUT', 'PATCH])