How to use @authx/authx - 10 common examples
To help you get started, we’ve selected a few @authx/authx examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
the-control-group / authx / src / server.ts View on Github 
UEVIBMF0upDJMA53AFFx+0Fb/i76JFPTY7SxzvioIFeKRwY8evIRWQWYO95Os6gK
Bac/x5qiUn5fh2xM+wIDAQAB
-----END PUBLIC KEY-----`,
...(process.env.KEYPUBLIC2 ? [process.env.KEYPUBLIC2] : [])
],
async sendMail(options: {
to: string;
subject: string;
text: string;
html: string;
from?: string;
}): Promise {
console.log("--- SENDING EMAIL MESSAGE -------------------------");
console.log(options);
},
strategies: new StrategyCollection([email, password, openid]),
pg: {
database: process.env.PGDATABASE ?? undefined,
host: process.env.PGHOST ?? undefined,
password: process.env.PGPASSWORD ?? undefined,
port: process.env.PGPORT ? parseInt(process.env.PGPORT, 10) : undefined,
ssl: process.env.PGSSL === "true" ? true : false,
user: process.env.PGUSER ?? undefined
}
});
// Apply the AuthX routes to the app.
app.use(authx.routes());
// Log errors - everything as JSON makes a happier you.
app.on(
"error",!authority.details.publicKeys.some(key => {
try {
const payload = jwt.verify(proof, key, {
algorithms: ["RS512"]
});
// Make sure we're using the same email
if ((payload as any).email !== input.email) {
throw new ForbiddenError(
"This proof was generated for a different email address."
);
}
// Make sure this is for the same user
if ((payload as any).sub !== a.userId) {
throw new ForbiddenError(
"This proof was generated for a different user."
);
}
return true;
} catch (error) {
if (error instanceof ForbiddenError) {
throw error;
}
return false;
}
})
) {async resolve(source, args, context): Promise[]> {
const {
pool,
authorization: a,
realm,
strategies: { authorityMap }
} = context;
if (!a) {
throw new ForbiddenError(
"You must be authenticated to update an authority."
);
}
return args.authorities.map(async input => {
// Validate `id`.
if (!validateIdFormat(input.id)) {
throw new ValidationError("The provided `id` is an invalid ID.");
}
const tx = await pool.connect();
try {
await tx.query("BEGIN DEFERRABLE");
const before = await Authority.read(tx, input.id, authorityMap, {
forUpdate: trueasync resolve(source, args, context): Promise[]> {
const {
pool,
authorization: a,
realm,
strategies: { authorityMap }
} = context;
if (!a) {
throw new ForbiddenError(
"You must be authenticated to update an authority."
);
}
return args.authorities.map(async input => {
// Validate `id`.
if (!validateIdFormat(input.id)) {
throw new ValidationError("The provided `id` is an invalid ID.");
}
// Validate `emailAuthorityId`.
if (
typeof input.emailAuthorityId === "string" &&
!validateIdFormat(input.emailAuthorityId)
) {
throw new ValidationError({
type: "authorization",
authorizationId: "",
grantId: "",
clientId: "",
userId: user.id
},
{
basic: "*",
scopes: "*",
secrets: "*"
}
)
)
) {
throw new ForbiddenError(
"You do not have permission to create this authorization"
);
}
// Create a new authorization.
const authorization = await Authorization.write(
tx,
{
id: authorizationId,
enabled: true,
userId: credential.userId,
grantId: null,
secret: randomBytes(16).toString("hex"),
scopes: [`${realm}:**:**`]
},
{async resolve(source, args, context): Promise {
const {
pool,
authorization: a,
realm,
strategies: { authorityMap },
sendMail,
base
} = context;
if (a) {
throw new ForbiddenError("You area already authenticated.");
}
const tx = await pool.connect();
try {
await tx.query("BEGIN DEFERRABLE");
// fetch the authority
const authority = await Authority.read(
tx,
args.authorityId,
authorityMap
);
if (!(authority instanceof EmailAuthority)) {
throw new AuthenticationError(
__DEV__!authority.details.publicKeys.some(key => {
try {
const payload = jwt.verify(proof, key, {
algorithms: ["RS512"]
});
// Make sure we're using the same email
if ((payload as any).email !== args.email) {
throw new ForbiddenError(
"This proof was generated for a different email address."
);
}
// Make sure this is for the same user
if ((payload as any).sub) {
throw new ForbiddenError(
"This proof was generated for a specific user."
);
}
return true;
} catch (error) {
if (error instanceof ForbiddenError) {
throw error;
}
return false;
}
})
) {async resolve(source, args, context): Promise {
const {
pool,
authorization: a,
realm,
strategies: { authorityMap },
base
} = context;
if (a) {
throw new ForbiddenError("You area already authenticated.");
}
const tx = await pool.connect();
try {
await tx.query("BEGIN DEFERRABLE");
// Fetch the authority.
const authority = await Authority.read(
tx,
args.authorityId,
authorityMap
);
if (!(authority instanceof OpenIdAuthority)) {
throw new AuthenticationError(
"The authority uses a strategy other than openid."throw new ForbiddenError(
"This proof was generated for a specific user."
);
}
return true;
} catch (error) {
if (error instanceof ForbiddenError) {
throw error;
}
return false;
}
})
) {
throw new ForbiddenError("The proof is invalid.");
}
}
// The user needs to be sent a proof.
else {
const proofId = v4();
// Generate a new proof
const proof = jwt.sign(
{
email: args.email
},
authority.details.privateKey,
{
algorithm: "RS512",
expiresIn: authority.details.proofValidityDuration,return args.credentials.map(async input => {
// Validate `id`.
if (typeof input.id === "string" && !validateIdFormat(input.id)) {
throw new ValidationError("The provided `id` is an invalid ID.");
}
// Validate `authorityId`.
if (!validateIdFormat(input.authorityId)) {
throw new ValidationError(
"The provided `authorityId` is an invalid ID."
);
}
// Validate `userId`.
if (!validateIdFormat(input.userId)) {
throw new ValidationError("The provided `userId` is an invalid ID.");
}
// Validate `administration`.
for (const { roleId, scopes } of input.administration) {
if (!validateIdFormat(roleId)) {
throw new ValidationError(
"The provided `administration` list contains a `roleId` that is an invalid ID."
);
}@authx/authx
This is AuthX. It's named AuthX because it's an "exchange" of sorts, consolidating identities from several upstream authorities into a single identity for downstream clients. AuthX uses the OAuth2 framework in both directions, and adds a robust access con
Package Health Score
76 / 100Popular @authx/authx functions
- @authx/authx.AuthenticationError
- @authx/authx.Authority.read
- @authx/authx.Authorization
- @authx/authx.Authorization.write
- @authx/authx.Client.write
- @authx/authx.Credential.read
- @authx/authx.ForbiddenError
- @authx/authx.Grant.write
- @authx/authx.NotFoundError
- @authx/authx.Role
- @authx/authx.Role.read
- @authx/authx.Role.write
- @authx/authx.StrategyCollection
- @authx/authx.User.read
- @authx/authx.User.write
- @authx/authx.validateIdFormat
- @authx/authx.ValidationError
- @authx/authx/dist/util/explanations.match
- @authx/authx/dist/util/scopes.createV2AuthXScope
- @authx/authx