koa-devstack-security
v1.0.2
Published
JWT token propagation and validation
Downloads
8
Maintainers
Readme
DevStack token JWT validation
Koa middleware that propagates and validates JSON web tokens (JWT).
Usage
Our architecture, is validate with the use of a JWT token, so is mandatory propagate and validate the JWT token.
Configuration
Before use the koa-devstack-security is necessary configurate the file configuration.json, this file needs to:
Url to get the public key.
The key of identifier in our case sts_SHA1withRSA.
The delay between calls to public server key.
The attempts number when fail the public server key.
When do the library return an 401, Bad Authorization?
- If the token has bad format.
- If the date has expired.
- If the token is not authorization.
- If the header is bad formatted.
Retrieving the token
The token is normally provided in a HTTP header in our case ( Authorization ), so we can get the token with 'ctx.request.header.authorization'.
Example
var koaDevSec = require('koa-devstack-security');
var Koa = require('koa');
var app = new Koa();
app.use(koaDevSec());
Additional Information
If you want to use this library, you need at least node v.6.9.2 and Harmony or Babel.
How do I pass source quality?
If you have passed istanbul, the 'coverage' folder has been created.
We use 'sonar-project.properties' and 'sonar-scanner' for analyze this project with SonarQube.
This SonarQube must have installed http://docs.sonarqube.org/display/PLUG/JavaScript+Plugin[javascript plugin].
Install http://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner[sonar-scanner]:
Config 'sonar.host.url' with the SonarQube server url.
'sonar-runner -Dsonar.host.url=sonarUrl'