Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/devsu/condor-jwt
Authenticate GRPC calls in node using JWTs. Middleware for Condor GRPC Framework.
https://github.com/devsu/condor-jwt
condor grpc grpc-framework jsonwebtoken jwt middleware nodejs
Last synced: about 1 month ago
JSON representation
Authenticate GRPC calls in node using JWTs. Middleware for Condor GRPC Framework.
- Host: GitHub
- URL: https://github.com/devsu/condor-jwt
- Owner: devsu
- License: mit
- Created: 2017-04-28T20:40:12.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-05-05T19:36:10.000Z (over 7 years ago)
- Last Synced: 2024-08-09T01:37:27.366Z (5 months ago)
- Topics: condor, grpc, grpc-framework, jsonwebtoken, jwt, middleware, nodejs
- Language: JavaScript
- Homepage:
- Size: 18.6 KB
- Stars: 2
- Watchers: 6
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# condor-jwt
This module lets you authenticate GRPC calls using JSON Web Tokens (**JWTs**) in your [Condor](https://github.com/devsu/condor-framework) GRPC services.
[![Build Status](https://travis-ci.org/devsu/condor-jwt.svg?branch=master)](https://travis-ci.org/devsu/condor-jwt)
[![Coverage Status](https://coveralls.io/repos/github/devsu/condor-jwt/badge.svg?branch=master)](https://coveralls.io/github/devsu/condor-jwt?branch=master)**Condor** is a [GRPC Framework for node](https://github.com/devsu/condor-framework).
## Installation
```bash
npm i --save condor-framework condor-jwt
```## How to use
The JWT middleware decodes and verifies a JsonWebToken passed in the `authorization` header. If the token is valid, `context.token` (by default) will be set with the JSON object decoded to be used by later middleware for authorization and access control.
```js
const Condor = require('condor-framework');
const jwt = require('condor-jwt');
const Greeter = require('./greeter');const app = new Condor()
.addService('./protos/greeter.proto', 'myapp.Greeter', new Greeter())
.use(jwt({'secretOrPublicKey': 'shhhhh'}))
// middleware below this line is only reached if JWT token is valid
.use((context, next) => {
console.log('valid token found: ', context.token);
next();
})
.start();
```## Custom Methods
By default, the token will be retrieved from the `authorization` metadata. Also, you can provide your own method to retrieve the token. The method can be sync or async (return a promise). It must return the token object if found and valid, or null otherwise. The method will be called with the context.
```js
options = {
'getToken': (context) => {
// do your magic here
return token;
},
};
```In the same manner, you can provide your `isRevoked` method to determine if a token is revoked. The method can be sync or async (return a promise). If the token is not revoked, the method must return false or resolve with false.
```js
options = {
'isRevoked': (context, token) => {
// do your magic here
return false;
},
};
```## Options
| Option | Description |
|-------------------|-------------------------------------------------------------------------------------------------------------------------|
| getToken | Custom method to get the token |
| isRevoked | Custom method to verify if a token is revoked |
| propertyName | Where to store the token in the context. Default is `token` |
| passthrough | Continue to next, even if no valid authorization token was found. Default is `false` |
| secretOrPublicKey | a string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA |Additionaly, you can send any option of the [verify](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) method of the [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) module:
- algorithms
- audience
- issuer
- ignoreExpiration
- subject
- clockTolerance
- maxAge
- clockTimestampSuch options will be used to verify the token.
## License and Credits
MIT License. Copyright 2017
Built by the [GRPC experts](https://devsu.com) at Devsu.