SSO With AWS KMS
This package is utilized for authentication and authorization of server requests.
Prerequisites
you will require an AWS KMS Symmetric key with the appropriate permissions. Additionally, you need to provide the access key and secret key. The key usages must be set to "Encrypt" and "Decrypt"
Ready To Install
- To install the package run
npm i sso-aws-kms
in your project directory - you will need to add env variables in your
.env
file-
AWS_REGION
orAWS_KMS_REGION
-
AWS_ACCESS_KEY
orAWS_KMS_ACCESS_KEY
-
AWS_SECRET_ACCESS_KEY
orAWS_KMS_SECRET_ACCESS_KEY
-
AWS_KMS_ID
(Key ID Not arn) -
SSO_JWT_SECRET
(Optional) -
SSO_JWT_TIMEOUT
(Optional, default time out is 5 min)
-
How to Use
Suppose you have two different projects, P1 and P2, and neither of them has OAuth or SSO integrated yet. Now, the goal is to enable single-click login in both projects, similar to how SSO (Single Sign-On) functions.
To achieve this, follow these steps:
-
Install the package in both projects with the same environment values.
-
Utilize the following functions for encryption and decryption of the payload:
- To encrypt, use requestEncryptedToken and pass the username (Ensure that the same username is present in your second project). This will generate a JWT encrypted token, which you can then send to the second server.
- Upon receiving the token, verify and decrypt it using the verifyAndDecryptToken function to retrieve the username.
- Once you have the username, you can proceed to return the login token associated with the admin URL in the callback URL of the request or follow your preferred sign-in mechanism. Since you now have a valid username, you can perform the login operation without requiring a password.