npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jwt-key-auth

v0.1.0

Published

JWT and key-based authentication utility for microservices

Downloads

31

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

soanvigsoanvig

Keywords

Readme

JWT Key Auth

JWT Key Auth is an answer to the microservice communication problem: how one microservice can authorize itself in another microservices without creating authorization manager service.

jwt-key-auth essentialy works similar to how SSH client and SSH server work together. SSH client signes requests with it's private key, and SSH authorizes client with authorized_keys public keys list.

Practical example

  1. Developer wants backend service A to authorize in queue service B.
  2. Backend service A install jwt-key-auth, and so queue service B.
  3. Developer creates individual pair of keys for service A.
  4. Developer mounts private key in service A, and public key in service B.
  5. Developer creates JWT token in service A via jwt-key-auth, and sends it to service B.
  6. Service B validates received token via jwt-key-auth, and authorizes request or rejects it.

Advantages

jwt-key-auth is lightweight, and easy to use addition to any Node app working with another services, maintained as the same group.

It standarizes way how containers authenticate in each other.

Mounting directories with public keys, and mounting single private key to containers is easy and configurable operation performed by the container. For app it's 100% transparent - it's part of initial configuration.

jwt-key-auth doesn't reinvent the wheel - instead it relies on battle-tested JWT tokens, RSA security and SSH-like protocol.

Library allows for different permissions in different services. By mounting one set of public keys in one container, and another set in another one, developer can build complex authorization schemas.

Installation

npm install --save jwt-key-auth

or

yarn add jwt-key-auth

Usage

jwt-key-auth primary class is JwtKeyAuth, naturally.

Import it by:

import { JwtKeyAuth } from 'jwt-key-auth';

Now, JwtKeyAuth requires two services: one for JWT logic, and another one for key management. Fortunately, jwy-key-auth comes with built-in implementations:

import { JwsAdapter } from 'jwt-key-auth';

import { FileKeyStore } from 'jwt-key-auth';

Now, register everything:

import { JwtKeyAuth, JwsAdapter, FileKeyStore } from 'jwt-key-auth';

async function createAuthService () {
  const jwtService = new JwsAdapter();
  const keyStore = new FileKeyStore();
  const jwtKeyAuth = new JwtKeyAuth(jwtService, keyStore);

  await keyStore.fill('/absolute/path/to/public/keys');
  await keyStore.addPrivateKeyFile('/absolute/path/to/private/key.pem');

  return jwtKeyAuth;
}

(note: instead of using FileKeyStore, you may use KeyStore which manages key, but requires buffers instead of paths to files).

And now, we can start signing and verifying keys:

import { JwtKeyAuth, JwsAdapter, FileKeyStore } from 'jwt-key-auth';

async function createAuthService () {
  const jwtService = new JwsAdapter();
  const keyStore = new FileKeyStore();
  const jwtKeyAuth = new JwtKeyAuth(jwtService, keyStore);

  await keyStore.fill('/absolute/path/to/public/keys');
  await keyStore.addPrivateKeyFile('/absolute/path/to/private/key.pem');

  return jwtKeyAuth;
}

async function main () {
  const thisServiceName = 'my_name';
  const authService = await createAuthService();

  const receivedToken = '...'
  const myToken = await authService.generate(thisServiceName);
  const tokenVerification = await authService.verify(receivedToken);

  console.log(myToken); // token to send to another services
  console.log(tokenVerification); // true or false, depending if it is correct and if we have public key of the receive that wants to access us
}

main();