JS>> condor-jwt>> 返回
项目作者: devsu

项目描述 :
Authenticate GRPC calls in node using JWTs. Middleware for Condor GRPC Framework.
高级语言: JavaScript
项目地址: git://github.com/devsu/condor-jwt.git
创建时间: 2017-04-28T20:40:12Z
项目社区:https://github.com/devsu/condor-jwt
开源协议:MIT License
下载


condor-jwt

This module lets you authenticate GRPC calls using JSON Web Tokens (JWTs) in your Condor GRPC services.

Build Status
Coverage Status

Condor is a GRPC Framework for node.

Installation

  1. npm i --save condor-framework condor-jwt

How to use

The JWT middleware decodes and verifies a JsonWebToken passed in the authorization header. If the token is valid, context.token (by default) will be set with the JSON object decoded to be used by later middleware for authorization and access control.

  1. const Condor = require('condor-framework');
  2. const jwt = require('condor-jwt');
  3. const Greeter = require('./greeter');
  5. const app = new Condor()
  6.   .addService('./protos/greeter.proto', 'myapp.Greeter', new Greeter())
  7.   .use(jwt({'secretOrPublicKey': 'shhhhh'}))
  8.   // middleware below this line is only reached if JWT token is valid
  9.   .use((context, next) => {
  10.     console.log('valid token found: ', context.token);
  11.     next();
  12.   })
  13.   .start();

Custom Methods

By default, the token will be retrieved from the authorization metadata. Also, you can provide your own method to retrieve the token. The method can be sync or async (return a promise). It must return the token object if found and valid, or null otherwise. The method will be called with the context.

  1. options = {
  2.   'getToken': (context) => {
  3.     // do your magic here
  4.     return token;
  5.   },
  6. };

In the same manner, you can provide your isRevoked method to determine if a token is revoked. The method can be sync or async (return a promise). If the token is not revoked, the method must return false or resolve with false.

  1. options = {
  2.   'isRevoked': (context, token) => {
  3.     // do your magic here
  4.     return false;
  5.   },
  6. };

Options

Option Description
getToken Custom method to get the token
isRevoked Custom method to verify if a token is revoked
propertyName Where to store the token in the context. Default is token
passthrough Continue to next, even if no valid authorization token was found. Default is false
secretOrPublicKey a string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA

Additionaly, you can send any option of the verify method of the jsonwebtoken module:

  • algorithms
  • audience
  • issuer
  • ignoreExpiration
  • subject
  • clockTolerance
  • maxAge
  • clockTimestamp

Such options will be used to verify the token.

License and Credits

MIT License. Copyright 2017

Built by the GRPC experts at Devsu.