@learnersguild/idm-jwt-auth

2.1.1 • Public • Published

idm-jwt-auth

Code Climate Issue Count Test Coverage

Utilities for implementing JWT authentication against the Learners Guild IDM server on Node.js.

Getting Started

Read the instructions for contributing.

  1. Globally install nvm, avn, and avn-nvm.

    curl -o- https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
    npm install -g avn avn-nvm
    avn setup
  2. Clone the repository.

  3. Run the setup tasks:

     $ npm install
     $ npm run test
    

How to Use

  1. Install the module in your project

    $ npm install --save @learnersguild/idm-jwt-auth

  2. Install the middlewares that you want:

    import {
      addUserToRequestFromJWT,
      refreshUserFromIDMService,
      extendJWTExpiration
    } from '@learnersguild/idm-jwt-auth/lib/middlewares'
    
    # ...
    # ... set up your Express app ...
    # ...
    
    app.use(addUserToRequestFromJWT)
    app.use((req, res, next) => {
      refreshUserFromIDMService(req, res, err => {
        if (err) {
          // this is not enough to break things -- if we are unable to refresh the
          // user from IDM, but our JWT is still valid, it's okay, so we won't
          // allow this error to propagate beyond this point
          console.warn('WARNING: unable to refresh user from IDM service:', err)
        }
        next()
      })
    })
    app.use(extendJWTExpiration)

Middlewares

addUserToRequestFromJWT

Look for a valid Learners Guild JWT in:

  • the Authorization HTTP header
  • a cookie named lgJWT

If the token is found, verify it, then decode it into a Learners Guild user object and add it to the request in an attribute named user. Also add the token itself to the request in an attribute named lgJWT.

refreshUserFromIDMService

If the request has a user attribute on it, refresh that user data from the IDM service and update the user attribute with the new data.

extendJWTExpiration

If the request has a user attribute on it, create a new JWT from that user with an expiration date 24 hours into the future, then set the lgJWT cookie and update the lgJWT attribute of the request.

Utilities

There are also utility functions for working with the JWT within lib/utils. See the source for more information.

License

See the LICENSE file.

Readme

Keywords

Package Sidebar

Install

npm i @learnersguild/idm-jwt-auth

Weekly Downloads

4

Version

2.1.1

License

UNLICENSED

Last publish

Collaborators

  • learnersguild-dev