{"id":18930051,"url":"https://github.com/labd/node-federated-token","last_synced_at":"2026-01-22T10:01:21.218Z","repository":{"id":176953459,"uuid":"657522382","full_name":"labd/node-federated-token","owner":"labd","description":"Tokens for federated services","archived":false,"fork":false,"pushed_at":"2026-01-20T16:15:51.000Z","size":674,"stargazers_count":1,"open_issues_count":6,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-21T01:22:58.635Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/labd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-06-23T08:46:22.000Z","updated_at":"2026-01-20T16:13:59.000Z","dependencies_parsed_at":"2024-02-20T16:40:47.081Z","dependency_job_id":"bd0e77d5-6ef1-47d6-baa3-0ca388454830","html_url":"https://github.com/labd/node-federated-token","commit_stats":null,"previous_names":["labd/node-federated-token"],"tags_count":106,"template":false,"template_full_name":null,"purl":"pkg:github/labd/node-federated-token","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labd%2Fnode-federated-token","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labd%2Fnode-federated-token/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labd%2Fnode-federated-token/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labd%2Fnode-federated-token/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/labd","download_url":"https://codeload.github.com/labd/node-federated-token/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labd%2Fnode-federated-token/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28661001,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T11:36:21.978Z","updated_at":"2026-01-22T10:01:21.205Z","avatar_url":"https://github.com/labd.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Federated Token\n\n[![npm](https://img.shields.io/npm/v/@labdigital/federated-token.svg)](https://www.npmjs.com/package/@labdigital/federated-token)\n\nThis repository contains multiple packages using JWT tokens for clients and\npassing that information to all federated services (upstream and downstream).\n\n## Packages\n - `@labdigital/federated-token` - The core package that provides the token\n\t handling and token sources.\n - `@labdigital/federated-token-apollo` - A plugin for Apollo Server (and gateway).\n - `@labdigital/federated-token-envelop` - An Envelop plugin for e.g. Yoga.\n - `@labdigital/federated-token-express-adapter` - An Express adapter for the\n\t `CookieTokenSource` and `HeaderTokenSource` to be used in an Express application.\n - `@labdigital/federated-token-fastify-adapter` - A Fastify adapter for the\n   `CookieTokenSource` and `HeaderTokenSource` to be used in a Fastify application.\n - `@labdigital/federated-token-react` - A React context provider for managing the\n\t token state in a React application.\n\n\n# Upgrading from 0.x to 1.x\nThe 1.x release is a considerable rewrite of the package to allow better\ndistinction between authenticated users and guest users. This primarily impacts\nthe `CookieTokenSource` This allows you to control on your CDN which cookies are\nwhite-listed and which are not.\n\nFor ease of implementation and migrating users with existing cookies you need to\nmake sure that both the refresh-token and the refresh-token-exists cookie names\nmatch the old names.\n\n```ts\nconst server = new ApolloServer({\n\t// ...\n\tplugins: [\n\t\t// ...\n\t\tnew GatewayAuthPlugin({\n\t\t\tsigner: createTokenSigner(),\n\t\t\tsource: new CompositeTokenSource([\n\t\t\t\tnew CookieTokenSource({\n\t\t\t\t\trefreshTokenPath: \"/auth/graphql\",\n\t\t\t\t\tsecure: true,\n\t\t\t\t\tsameSite: \"Lax\",\n\t\t\t\t\tpublicDomainFn: (request: express.Request) =\u003e config.COOKIE_DOMAIN,\n\t\t\t\t\tcookieNames: {\n\t\t\t\t\t\trefreshToken: \"authRefreshToken\",\n\t\t\t\t\t\tguestRefreshTokenExists: \"authRefreshTokenExist\",\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t\t\tnew HeaderTokenSource(),\n\t\t\t]),\n\t\t}),\n\t\t// ...\n\t],\n\t// ...\n});\n```\n\n\n# Token sources\nPublic tokens can be passed via either HTTP headers or cookies. For browser\nclients cookies are the preferred way since these are easiest to store safely in\nthe browser using a combination of HTTP_ONLY cookies and non-HTTP_ONLY cookies.\n\n\n## Cookie Token Source\nThis token source is used for browser clients to safely store the token. It\ndifferentiates the tokens using a prefix for user tokens and guest tokens.\n\n- `userToken` / `guestToken` - The JWT token, HTTP_ONLY\n- `userData` / `guestData` - Value data for keeping state, can be used to for\n\texample store some user information so it can be used in a frontend,\n\tnon-HTTP_ONLY\n- `refreshToken` - The refresh token, if any. It is stored as HTTP_ONLY cookie.\n- `userRefreshTokenExists` / `guestRefreshTokenExists` - A boolean value that\nindicates if a refresh token exists. It is used to determine if we can refresh\nan existing token.\n\n\nNote that this expects the \"cookie-parser\" express middleware to be used.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flabd%2Fnode-federated-token","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flabd%2Fnode-federated-token","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flabd%2Fnode-federated-token/lists"}