secure-tokenize
v3.2.1
Published
A simplified authentication package
Downloads
25
Readme
Authentication Package
This package provides utilities for user authentication using JSON Web Tokens (JWT).
- Installation
- Usage
- Simple JWT Authentication
- Authenticate Via Facebook
- Authentication Via Google
- Others
- License
Installation
Install the package using npm:
npm install secure-tokenize
Usage
Import the Authentication
class from the package:
const Authentication = require("secure-tokenize");
Simple JWT Authentication
Creating Instance
Create an instance of the Authentication class by providing the JWT secret key.
const auth = new Authentication({
jwtSecretKey:"jwt_secret_key",
authMethod:"jwt",
});
Generate a JWT token for a user object:
const user = { userId: 123, username: 'john_doe' }; // Sample
const token = auth.generateToken({
user,
jwt:{
options:{
expiresIn:6000
}
}
});
Verify Token
Set middleware in express application.
const app = require("express")();
// Middleware
app.use('/protected', auth.authenticate(),(request, response, next) => {
// This will contain user data
req.auth;
next()
});
Authenticate Via Facebook
Creating Instance
const auth = new Authentication({
jwtSecretKey:"jwt_secret_key",
authMethod:"facebook",
facebookAppId:"<facebook_app_id>",
facebookAppSecret:"<facebook_app_secret_key>",
url:"http://localhost:3000",
callbackUrl:"/auth/facebook/callback",
facebookAPIVersion:"v19.0"
});
Creating Routes For Authentication And Callback
Use the auth.facebookRedirect
middleware to authenticate user and generate code.
// Route for initiating the authentication process
app.get('/auth/facebook', auth.facebookRedirect.bind(auth));
Here you will be redirected after successfully signed in. You will get code
in the query params which you can get and create a JWT token based on the facebook data you get.
app.get("/auth/facebook/callback", async (req,res,next) => {
const token = await auth.generateToken({
jwt:{
options:{
expiresIn:6000
}
},
faceBook:{
code:req.query.code
}
})
res.send(token)
});
After that the authenticate
middleware remains the same.
// Middleware
app.use('/protected', auth.authenticate(),(request, response, next) => {
// This will contain user data from facebook
req.auth;
next()
});
Authentication Via Google
Creating Instance
You can authenticate user via google by doing some minimal changes if required.
const auth = new Authentication({
jwtSecretKey:"AveryMuchSecretThatNoOneCanHack",
authMethod:"google",
googleAppClientId:"<GOOGLE_APP_CLIENT_ID>",
googleClientSecret:"<GOOGLE_CLIENT_SECRET>",
googleRedirectURL:"http://localhost:3000/auth/google/callback"
});
Setting Up Routes
These routes facilitate Google authentication, redirecting user to Google's login page and handling the callback to generate a token for authenticated user.
// Route for initiating the authentication process
app.get('/auth/google', auth.googleRedirect.bind(auth));
app.get("/auth/google/callback", async (req,res,next) => {
const token = await auth.generateToken({
jwt:{
options:{
expiresIn:6000
}
},
google:{
code: req.query.code
}
})
res.send(token)
});
Getting Authenticated Data
This route mandates authentication via auth.authenticate()
middleware and returns authenticated user data from Google in JSON format.
app.get("/protectedRoute",auth.authenticate(),(req, res, next) => {
// This will contain user data returned from google
res.json({
data: req.auth
});
})
The above will give the access token and bearer token for the user. You can get user specific details like emails, names etc by using the below method if needed.
The first param is access_token
and the second param is personFields
Available personFields
can be found on this link personFields
app.get("/protectedRoute",auth.authenticate(), async (req, res, next) => {
// This will contain user data returned from google
const accessToken = req.auth.access_token;
const user = await auth.getGoogleUserProfile(accessToken,"names,addresses");
res.status(200).send();
})
Others
Custom Function When Using auth.authenticate()
.
// In result you will get the verified data from the token.
const customFn = function (result) {
return {
keyToSetAgainst:"userData", // this will be the key set to request object. (Required)
data:{ // Modified data along with the verified data. (Optional)
...result,
timeStamp: new Date()
}
}
}
app.get("/protectedRoute",auth.authenticate({customFn}),(req, res, next) => {
res.json(req.userData);
})
License
This project is licensed under the MIT License - see the LICENSE.md file for details.