npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

whodis-client

v0.12.0

Published

A simple client for easy, typed interactions with the whodis.io api in clientside/insecure environments

Downloads

120

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

uladkasachuladkasach

Keywords

whodisjwtjson web tokenjsonwebtokenauthenticationauthorizationauthverificationverifyclaimstoken

Readme

whodis-client

ci_on_commit deploy_on_tag

A simple client for easy, typed interactions with the whodis.io api in clientside/insecure environments

Install

npm install --save whodis-client

Example

ask auth challenge

To ask a user to signup or login, you must ask them an authentication challenge.

import { askAuthChallenge, ChallengeGoal, ChallengeType, ContactMethodType } from 'whodis';

const { challengeUuid } = await askAuthChallenge({
  directoryUuid, // specify which directory you want to to challenge the user for (note: users only exist in the context of a specific directory)
  clientUuid, // specify which credential gives you access to this directory (note: this is a public key and can be used in the browser / insecure environments)
  goal: ChallengeGoal.SIGNUP, // alternatively, you could request a challenge with a goal of `LOGIN` if the account already exists
  type: ChallengeType.CONFIRMATION_CODE,
  contactMethod: {
    type: ContactMethodType.EMAIL, // alternatively, you could request a challenge to a contact method type of 'PHONE'
    address: '[email protected]', // an email address - or a phone number if contact method type = 'PHONE'
  },
});

In the example above, we sent this user a confirmation code challenge. The user will receive a message, ${5-digit-code} is your ${titleCase(namespace)} confirmation code., to the specified contact method.

answer auth challenge

Now that the challenge has been asked, the user can answer it in order to authenticate their ownership of that contact method and receive an AuthToken, a JSON Web Token (JWT) issued by whodis.io, in exchange.

import { answerAuthChallenge } from 'whodis-client';

const { token } = await answerAuthChallenge({
  challengeUuid, // the challengeUuid you got from askAuthChallenge,
  challengeAnswer: '12345', // the user's input, which should match the confirmation code they were sent in the message
});

This token can now be used with standard authentication libraries like simple-jwt-auth in order to authenticate and authorize access to apis. That library exposes methods by which you can easily getAuthedClaims and extract the userUuid from the token for downstream usage.

refresh token

The tokens generated by whodis have separate expiration dates for when they can be used for authentication and when they can be refreshed. If your user's token is expired, instead of forcing them to login again, you can first try to refresh their token.

import { isTokenExpired, isTokenRefreshable, refreshToken } from 'whodis-client';

if (isTokenExpired({ token }) && isTokenRefreshable({ token })) {
  const { token: refreshedToken } = await refreshToken({ token });
}

Note: this method will only make an api call to the whodis servers if the token is still refreshable.