Helper for interacting with an incoming Brightspace JWT

Downloads in past


048.2.1a year ago7 years agoMinified + gzip package size for brightspace-auth-token in KB


Build Status


const AuthToken = require('brightspace-auth-token');

// See brightspace-auth-validation to do this for you!
function authorizeRequest(req) {
	const signature = req.headers.authorization.match(/Bearer (.+)/)[1];
	const payload = parseAndValidateSignature(signature);

	return new AuthToken(payload, signature);

	.createServer((req, res) => {
		const token = authorizeRequest(req);

		if (!token.hasScope('random', 'greetings', 'read')) {
			res.statusCode = 403;
			res.end('You don\'t have sufficient scope!\n');

		let msg;
		if (token.isUserContext()) {
			msg = 'Hello user!\n';
		} else if (token.isTenantContext()) {
			msg = 'Hello service, acting at the tenant level!\n';
		} else if (token.isGlobalContext()) {
			msg = 'Hello service, maintaining all of our systems!\n';

		res.statusCode = 200;



new AuthToken(Object decodedPayload, String source) -> AuthToken

decodedPayload should be an already verified and parsed JWT body. source should be the signature from which the payload was retrieved.

.user -> String|Undefined

The identifier for the user this token belongs to. Not present outside of user context.

.tenant -> String|Undefined

The tenant UUID this token belongs to. Not present outside of user and tenant contexts.

.actualUser -> String|Undefined

The identifier for the acting user. For convenience, this will always be the same as user except in the case of impersonation. Not present outside of user context.

.azp -> String|Undefined

The identifier for the party to whom this token was issued. If present it will contain the OAuth 2.0 Client ID of the party. The identifier is a case-sensitive string which may be a URI value.

.isGlobalContext() -> Boolean

.isTenantContext() -> Boolean


.isUserContext() -> Boolean


.isImpersonating() -> Boolean


.context -> String

.hasScope(String group, String resource, String permission) -> Boolean


.scope -> Map


.cacheKey -> String

A normalized string which could be used as part of cache keys when caching resources.

.source -> String

The source signature provider when creating the token.