npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

microgateway-edgeauth

v3.2.2

Published

this proxy is used by microgateway to get a list of products, oauth tokens and api keys

Downloads

322

Readme

edgemicro-auth

edgemicro-auth is an open source project that implements the edgemicro-auth Apigee Edge proxy.

When configuring Apigee Edge Microgateway (please refer to docs here), an Apigee Edge proxy called edgemicro-auth gets install on the org and environment.

The edgemicro-auth proxy provides four functions:

  • Provides a list of all products in the org (/products)
  • Provides a signed JWT if the API Key is valid (/verifyApiKey)
  • Provides the public key that can be used to validate the JWT (/publicKey)
  • Generates an access token, which is a signed JWT. Supports client_credentials grant type (/token)

Purpose

The original implementation is node.js implementation which leverages volos plugins and Apigee a127. If no customizations are needed, then this implementation works just fine. Customizations that users frequently ask for include:

  • Include additional/custom claims to JWT
  • Support for other grant types
  • Support for refresh tokens
  • Set custom expiry on tokens

Some of these customizations would have been been possible by modifying the node.js implementation, this project reimplements the edgemicro-auth the ENTIRE implementation using Apigee Edge policies. In addition to a 1:1 implementation, the customizations mentioned above are also implemented.

Support

This is an open-source project of the Apigee Corporation. It is not covered by Apigee support contracts. However, we will support you as best we can. For help, please open an issue in this GitHub project. You are also always welcome to submit a pull request.

Certificate management and Setup

The original implementation of of edgemicro-auth uses Apigee's secure storage. However, this implementation uses KVM entries to store public-key and private-key. The proxy expects a mapIdentifier called 'microgateway' Contained within the 'microgateway' is one entry called 'publicKey' with the RSA public key and one entry called 'privateKey' with one entry called 'privateKey'

Customizations

How do I set custom expiry?

In the flow named 'Obtain Access Token' you'll find an Assign Message Policy called 'Create OAuth Request'. Change the value here

<AssignVariable>
    <Name>token_expiry</Name>
    <Value>300000</Value>
</AssignVariable>

How do I add or modify claims?

The "Obtain Access Token" flow has a assign message policy called "Add Custom Claims". This policy is disabled by default. After enabling the policy, you can add claims inside the policy. Here is a sample:

    <AssignVariable>
        <Name>claims</Name>
        <Value>{"claim1": "abc", "claim2": "efg"}</Value>
    </AssignVariable>

The claims must be set as a JSON (stringifyed) in the claims variable.

How can I get refresh tokens?

The OAuth v2 policy supports password grant. If a request is sent as below:

POST /token
{
  "client_id":"foo",
  "client_secret":"foo",
  "grant_type":"password",
  "username":"blah",
  "password": "blah"
}

If valid, the response will contain a refresh token.

How do I refresh an access_token?

Send a request as below:

POST /refresh
{
	"grant_type": "refresh_token",
	"refresh_token": "foo",
	"client_id":"blah",
        "client_secret":"blah"
}

If valid, the response will contain a new access_token.

What grant types are supported?

client_credentials, password and refresh_token Users can extend the Apigee OAuth v2 policy to add support for the remaining grant types.

Support for JSON Web Keys

Microgateway stores private keys and public keys in an encrypted kvm. The proxy exposes an endpoint '/jwkPublicKeys' to return public keys as JWK.

  • Support for "kid" - Key Identifiers. If the KVM includes a field called 'private_key_kid' (value can be any string), the JWT header will include the "kid"
{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "1"
}

* The "kid" can be leveraged during validation of the JWT (not yet implemented in microgateway)

Release Notes

v2.4.13 - 3/1/19 Bug Fix: Improve character escaping for JSON formatting