brightspace-auth-token
Usage
const AuthToken = require('brightspace-auth-token');
// See brightspace-auth-validation to do this for you!
function authorizeRequest(req) {
const signature = req.headers.authorization.match(/Bearer (.+)/)[1];
const payload = parseAndValidateSignature(signature);
return new AuthToken(payload, signature);
}
require('http')
.createServer((req, res) => {
const token = authorizeRequest(req);
if (!token.hasScope('random', 'greetings', 'read')) {
res.statusCode = 403;
res.end('You don\'t have sufficient scope!\n');
return;
}
let msg;
if (token.isUserContext()) {
msg = 'Hello user!\n';
} else if (token.isTenantContext()) {
msg = 'Hello service, acting at the tenant level!\n';
} else if (token.isGlobalContext()) {
msg = 'Hello service, maintaining all of our systems!\n';
}
res.statusCode = 200;
res.end(msg);
})
.listen(3000);API
---new AuthToken(Object decodedPayload, String source) -> AuthToken
decodedPayload should be an already verified and parsed JWT body. source
should be the signature from which the payload was retrieved..user -> String|Undefined
The identifier for the user this token belongs to. Not present outside of user
context..tenant -> String|Undefined
The tenant UUID this token belongs to. Not present outside of user and tenant
contexts..actualUser -> String|Undefined
The identifier for the acting user. For convenience, this will always be the
same as user except in the case of impersonation. Not present outside of
user context.