@learnersguild/idm-jwt-auth

Authenticate using JSON web tokens and Learners Guild IDM service.

Stats

stars 🌟issues ⚠️updated 🛠created 🐣size 🏋️‍♀️
14Jan 30, 2018Mar 26, 2016Minified + gzip package size for @learnersguild/idm-jwt-auth in KB

Readme

idm-jwt-auth

Code Climate Issue Count Test Coverage

Utilities for implementing JWT authentication against the Learners Guild IDM server on Node.js.

Getting Started

Read the instructions for contributing.

  1. Globally install nvm, avn, and avn-nvm.

    curl -o- https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
    npm install -g avn avn-nvm
    avn setup
    
  2. Clone the repository.

  3. Run the setup tasks:

     $ npm install
     $ npm run test
    

How to Use

  1. Install the module in your project

    $ npm install --save @learnersguild/idm-jwt-auth

  2. Install the middlewares that you want:

    import {
      addUserToRequestFromJWT,
      refreshUserFromIDMService,
      extendJWTExpiration
    } from '@learnersguild/idm-jwt-auth/lib/middlewares'
    
    # ...
    # ... set up your Express app ...
    # ...
    
    app.use(addUserToRequestFromJWT)
    app.use((req, res, next) => {
      refreshUserFromIDMService(req, res, err => {
        if (err) {
          // this is not enough to break things -- if we are unable to refresh the
          // user from IDM, but our JWT is still valid, it's okay, so we won't
          // allow this error to propagate beyond this point
          console.warn('WARNING: unable to refresh user from IDM service:', err)
        }
        next()
      })
    })
    app.use(extendJWTExpiration)
    

Middlewares

addUserToRequestFromJWT

Look for a valid Learners Guild JWT in:

  • the Authorization HTTP header
  • a cookie named lgJWT

If the token is found, verify it, then decode it into a Learners Guild user object and add it to the request in an attribute named user. Also add the token itself to the request in an attribute named lgJWT.

refreshUserFromIDMService

If the request has a user attribute on it, refresh that user data from the IDM service and update the user attribute with the new data.

extendJWTExpiration

If the request has a user attribute on it, create a new JWT from that user with an expiration date 24 hours into the future, then set the lgJWT cookie and update the lgJWT attribute of the request.

Utilities

There are also utility functions for working with the JWT within lib/utils. See the source for more information.

License

See the LICENSE file.

If you find any bugs or have a feature request, please open an issue on github!

The npm package download data comes from npm's download counts api and package details come from npms.io.