https://github.com/xtuple/oauth2orize-jwt-bearer

This repository contains the source code for the JSON Web Token (JWT) bearer token exchange middleware for OAuth2orize.
https://github.com/xtuple/oauth2orize-jwt-bearer

Last synced: 7 months ago
JSON representation

This repository contains the source code for the JSON Web Token (JWT) bearer token exchange middleware for OAuth2orize.

• Host: GitHub
• URL: https://github.com/xtuple/oauth2orize-jwt-bearer
• Owner: xtuple
• License: mit
• Created: 2013-03-21T20:52:04.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2023-11-06T18:41:09.000Z (almost 2 years ago)
• Last Synced: 2024-04-25T23:04:42.606Z (over 1 year ago)
• Language: JavaScript
• Homepage:
• Size: 9.77 KB
• Stars: 81
• Watchers: 7
• Forks: 24
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-starred - xtuple/oauth2orize-jwt-bearer - This repository contains the source code for the JSON Web Token (JWT) bearer token exchange middleware for OAuth2orize. (others)

README

          
oauth2orize-jwt-bearer

======================

JSON Web Token (JWT) Bearer Token Exchange Middleware for [OAuth2orize](https://github.com/jaredhanson/oauth2orize).

This module exchanges a JWT for an access token after authenticated, as [defined](http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-01#section-2.1) by the JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 draft.  This module is modeled off of Google's OAuth 2.0 [Server to Server Applications](https://developers.google.com/accounts/docs/OAuth2ServiceAccount).  This module can be used with the [passport-oauth2-jwt-bearer](https://github.com/xtuple/passport-oauth2-jwt-bearer) module to create a JWT OAuth 2.0 exchange scenario server.

## Install

    $ npm install oauth2orize-jwt-bearer

## Usage

#### Register Exchange Middleware

This exchange middleware is used to by clients to request an access token by using a JSON Web Token (JWT) generated by the client and verified by a Public Key stored on the OAuth 2.0 server.  The exchange requires a verify callback, which accepts the client, JWT data and signature, then calls done providing a access token. 

##### Key Generation Tips

generate private key

openssl genrsa -out private.pem 1024 

abstract public key

openssl rsa -in private.pem -out public.pem -outform PEM -pubout 

sign the data

signing data: echo -n "data-to-sign" | openssl dgst -RSA-SHA256 -sign private.pem > signed 

convert the signed file (binary) into base64 to be sent.

base64 signed

```javascript

var jwtBearer = require('oauth2orize-jwt-bearer').Exchange;

server.exchange('urn:ietf:params:oauth:grant-type:jwt-bearer', jwtBearer(function(client, data, signature, done) {

 var crypto = require('crypto')

   , fs = require('fs') //load file system so you can grab the public key to read.

   , pub = fs.readFileSync('/path/to/public.pem').toString() //load PEM format public key as string, should be clients public key

   , verifier = crypto.createVerify("RSA-SHA256");

 //verifier.update takes in a string of the data that is encrypted in the signature  

 verifier.update(JSON.stringify(data));

 if (verifier.verify(pub, signature, 'base64')) {

   //base64url decode data 

   var b64string = data;

   var buf = new Buffer(b64string, 'base64').toString('ascii');

 

   // TODO - verify client_id, scope and expiration are valid from the buf variable above

   AccessToken.create(client, scope, function(err, accessToken) {

     if (err) { return done(err); }

     done(null, accessToken);

   });

 }

}));

```

## Tests

    $ npm install --dev

    $ make test

## Credits

  - [bendiy](http://github.com/bendiy)

## License

[The MIT License](http://opensource.org/licenses/MIT)

Copyright (c) 2012-2013 xTuple <[http://www.xtuple.com/](http://www.xtuple.com/)>