authress-login

v2.1.213

Universal login sdk for Authress authentication as a service. Provides managed authentication for user identity, authentication, and token verification. For more information about how to use this package see README

Latest version published 1 year ago

License: Apache-2.0

NPM

GitHub

Package Health Score

53 / 100

security
Security review needed
popularity
Limited
maintenance
Sustainable
community
Limited

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
2.1.213	\|	03/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.0.198	\|	03/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.4.169	\|	12/2022	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.3.114	\|	09/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.2.107	\|	07/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

Apache-2.0

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (142)

GitHub Stars: 5
Forks: 1
Contributors: 4

Direct Usage Popularity

The npm package authress-login receives a total of 142 downloads a week. As such, we scored authress-login popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package authress-login, we found that it has been starred 5 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Limited

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 4
Funding: No

This project has seen only 10 or less contributors.

We found a way for you to contribute to the project! Looks like authress-login is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Sustainable

Commit Frequency

Open Issues: 0
Open PR: 0
Last Release: 1 year ago
Last Commit: 23 days ago

Further analysis of the maintenance status of authress-login based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

An important project maintenance signal to consider for authress-login is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=14

Age: 3 years
Dependencies: 4 Direct
Versions: 131
Install Size: 141 kB
Dist-tags: 1
# of Files: 15
Maintainers: 2
TS Typings: Yes

authress-login has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Authress Login SDK for UIs

The Authress Universal Login SDK for javascript app websites and user identity authentication. Used to integrate with the authentication as a service provider Authress at https://authress.io.

Usage

npm install @authress/login

Then required the package:

const { LoginClient } = require('@authress/login');

Troubleshooting usage

Troubles with esbuild or another bundler, checkout the build tools troubleshooting page.

Getting Started

Part 0: Setup Authress Login

You'll want to create:

at least one provider connection - https://authress.io/app/#/manage?focus=connections
an application which represents your web app - https://authress.io/app/#/manage?focus=applications

Part 1: Web App UI

On every route change check to see if the user exists, and if they don't redirect them to a login prompt.

const { LoginClient } = require('@authress/login');

// What is my applicationId => https://authress.io/app/#/manage?focus=applications
// What is my authressLoginHostUrl? => https://authress.io/app/#/setup?focus=domain
const loginClient = new LoginClient({ authressLoginHostUrl: 'https://login.application.com', applicationId: 'YOUR_APPLICATION_ID' });
const isUserLoggedIn = await loginClient.userSessionExists();
if (!isUserLoggedIn) {
  window.location.assign('/login');
}

In your app's login screen when the user selects how they would like to login, direct them there. And also specify where you would like Authress to redirect the user to after login. By default this is the user's current location.

await loginClient.authenticate({ connectionId: 'SELECTED_CONNECTION_ID', redirectUrl: window.location.href });
// Or if you know which tenant the user wants to log in with:
await loginClient.authenticate({ tenantLookupIdentifier: 'tenant-subdomain.app.com', redirectUrl: window.location.href });
return;

Then get the user access token associated with the user's login to be used for authorization in the next part:

const userToken = await loginClient.ensureToken();

Part 2: User Authentication in Service APIs

To authenticate the user in your service API, the token generated by the library in Part 1 needs to be passed to your service. The standard is pulling it from the loginClient, and putting it into an Authorization header:

const userToken = await loginClient.ensureToken();
const result = await fetch('https://api.application.com/v1/route', {
  method: 'GET',
  headers: {
    'Authorization': `Bearer ${userToken}`
  }
})

On the service API side, pull in the Authress service client companion library, and then verify the access token.

First install the companion library: npm install authress-sdk
Then verify the incoming tokens from the Authorization header:

const { TokenVerifier } = require('authress-sdk');

try {
  // Grab authorization token from the request header, the best way to do this will be framework specific.
  const userToken = request.headers['Authorization'];
  // Specify your custom domain for tokens. Configurable at https://authress.io/app/#/manage?focus=applications
  const userIdentity = await TokenVerifier('https://login.application.com', userToken);
} catch (error) {
  console.log('User is unauthorized', error);
  return { statusCode: 401 };
}

Platform Extension Login

The goal of the platform extension is to make it easy for your platform extension developers to login with Authress. Embed the ExtensionClient in your javascript UI SDK, and pass in the extensionId.

const { ExtensionClient } = require('@authress/login');

// What is my custom Domain? => https://authress.io/app/#/setup?focus=domain
// What is my extensionId => https://authress.io/app/#/manage?focus=extensions
const extensionClient = new ExtensionClient('https://login.application.io', extensionId);

// redirectUrl is where the extension would like to return the user to after login
// * This method will redirect the user to the Authress Login UI screen with an auth code
const { accessToken } = await extensionClient.login(redirectUrl);

// .... After login the user is redirected to the redirectUrl
// * So try the login again:
const { accessToken } = await extensionClient.login(redirectUrl);

// * Or get the user claims from the token
await userData = await this.getUserIdentity();

Advanced

Curious exactly how these methods work and when they should be used? We have some advanced guidance available for each of the methods on the method documentation.

Contributing

Validating index.d.ts type definitions

For validation it helps to generate and compare the types to the generated files using:

npx typescript index.js --declaration --allowJs --emitDeclarationOnly --outDir types

authress-login dependencies

@authress/login axios cookie lodash.take

FAQs

What is authress-login?

Universal login sdk for Authress authentication as a service. Provides managed authentication for user identity, authen... Visit Snyk Advisor to see a full health score report for authress-login, including popularity, security, maintenance & community analysis.

Is authress-login popular?

The npm package authress-login receives a total of 142 weekly downloads. As such, authress-login popularity was classified as limited. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is authress-login well maintained?

We found indications that authress-login maintenance is sustainable demonstrating some project activity. We saw a total of 4 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is authress-login safe to use?

While scanning the latest version of authress-login, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 21 April-2024, at 08:19 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP