1. Advisor
  2. jwks-rsa
  3. functions
  4. jwks-rsa
View all jwks-rsa analysis

How to use the jwks-rsa function in jwks-rsa

To help you get started, we’ve selected a few jwks-rsa examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Levino / mock-jwks / __tests__ / jwksRsa.ts View on Github external
async (assert) => {
      assert.plan(1)
      auth0Mock.start()
      const client = jwksClient({
        jwksUri: 'https://hardfork.eu.auth0.com/.well-known/jwks.json',
        strictSsl: true, // Default value
      })

      const kid = auth0Mock.kid()
      client.getSigningKey(kid, (err) => {
        auth0Mock.stop()
        if (err) {
          return assert.fail()
        }
        assert.pass()
      })
    }
  )
github Levino / mock-jwks / __tests__ / jwksRsa.ts View on Github external
(assert) => {
      assert.plan(1)
      auth0Mock.start()
      const client = jwksClient({
        jwksUri: 'https://hardfork.eu.auth0.com/.well-known/jwks.json',
        strictSsl: true, // Default value
      })

      const kid = auth0Mock.kid()
      client.getSigningKey(kid, (err, key) => {
        if (err) {
          auth0Mock.stop()
          return assert.fail()
        }
        const signingKey = String(key.publicKey || key.rsaPublicKey)
        try {
          verify(auth0Mock.token({}), signingKey)
        } catch (err) {
          auth0Mock.stop()
          return assert.fail()
github domagojk / beenion / infrastructure / authentication / authorizer.ts View on Github external
token = getToken(event)
  } catch (err) {
    console.log('could not get token', event, err)
    return cb('could not get token')
  }

  const decoded = decode(token, { complete: true })
  if (!decoded) {
    return cb('could not decode token')
  }

  const kid = decoded.header.kid
  const TOKEN_ISSUER = `https://cognito-idp.${region}.amazonaws.com/${poolId}`
  const JWKS_URI = `${TOKEN_ISSUER}/.well-known/jwks.json`

  const client = jwksClient({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 10, // Default value
    jwksUri: JWKS_URI
  })

  client.getSigningKey(kid, function(err, key) {
    if (err) {
      cb(err)
    } else {
      const signingKey = key.publicKey || key.rsaPublicKey
      verify(token, signingKey, { issuer: TOKEN_ISSUER }, function(
        err,
        tokenPayload
      ) {
        if (err) {
github lakshmantgld / auth0-APIGateway-CustomAuthorizer / serverless / handler.js View on Github external
module.exports.auth = (event, context, callback) => {
  console.log(event);

  // jwt.decode may throw error in case of validating wrong/expired access_token
  try {
    let token, client, decoded, kid;

    token = getToken(event);
    client = jwksClient({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 10,
      jwksUri: process.env.JWKS_URI
    });

    decoded = jwt.decode(token, {complete: true});
    kid = decoded.header.kid;

    client.getSigningKey(kid, (err, key) => {
      if (err) {
        console.log("getSigningKey error:", err);
        callback(null, {policyDocument: getPolicyDocument('Deny', event.methodArn)});
      } else {
        let signingKey = key.publicKey || key.rsaPublicKey;
        let options = {
github netlify-labs / movie-app / functions / utils / checkAuth.js View on Github external
import jwt from 'jsonwebtoken'
import jwksClient from 'jwks-rsa'
import config from '../../src/_config'

/* initialize the JWKS client */
const auth0Domain = process.env.AUTH0_DOMAIN || config.auth0.domain
const authClient = jwksClient({
  cache: true,
  jwksUri: `https://${auth0Domain}/.well-known/jwks.json`,
  audience: 'universe-theater',
  issuer: 'https://adobot.auth0.com/',
})

/* Check authorization JWT */
export default function checkAuth(event) {
  const alg = 'RS256' // algorithm is RSA http://bit.ly/2xAYygk
  return new Promise((resolve, reject) => {
    console.log('event.headers', event.headers)
    if (!event.headers.authorization) {
      const reason = 'Missing event.headers.authorization. You must be signed in to call this function'
      return reject(new Error(reason))
    }
    console.log('event.headers', event.headers)
github coralproject / talk / src / core / server / app / middleware / passport / strategies / oidc / index.ts View on Github external
let tenantIntegration = this.cache.get(tenantID);
    if (!tenantIntegration) {
      const strategy = this.createStrategy(req, oidc);

      // Create the entry.
      tenantIntegration = {
        strategy,
      };

      // We don't reset the entry in the cache here because if we just created
      // it, we'll be creating the jwksClient anyways, so we'll update it there.
    }

    if (!tenantIntegration.jwksClient) {
      // Create the new JWKS client.
      const jwksClient = jwks({
        jwksUri: oidc.jwksURI,
      });

      // Set the jwksClient on the entry.
      tenantIntegration.jwksClient = jwksClient;

      // Update the cached entry.
      this.cache.set(tenantID, tenantIntegration);
    }

    return tenantIntegration.jwksClient;
  }
github microsoft / BotFramework-Composer / Composer / packages / server / src / router / absh.ts View on Github external
COMPOSER_AUTH_CLIENT_ID,
      COMPOSER_AUTH_REDIRECT_URI,
      COMPOSER_AUTH_JWKS_URL,
      COMPOSER_AUTH_RESOURCE,
      MicrosoftAppId,
    } = process.env;

    // validate required config settings
    const botId = validateConfig('COMPOSER_BOT_ID', COMPOSER_BOT_ID);
    const clientId = validateConfig('COMPOSER_AUTH_CLIENT_ID', COMPOSER_AUTH_CLIENT_ID);
    const redirectUri = validateConfig('COMPOSER_AUTH_REDIRECT_URI', COMPOSER_AUTH_REDIRECT_URI);
    const jwksUri = validateConfig('COMPOSER_AUTH_JWKS_URL', COMPOSER_AUTH_JWKS_URL);
    const resource = validateConfig('COMPOSER_AUTH_RESOURCE', COMPOSER_AUTH_RESOURCE);
    const msAppId = validateConfig('MicrosoftAppId', MicrosoftAppId);

    const jwksClient = JWKSClient({ jwksUri });

    const getKey: GetPublicKeyOrSecret = (header, callback) => {
      const { kid } = header;

      if (!kid || kid.length === 0) {
        callback('kid missing');
        return;
      }

      jwksClient.getSigningKey(kid, (err, key) => {
        if (err) {
          callback(err);
          return;
        }

        if (!key) {
github olymp / olymp / packages / auth0 / lambda.es6 View on Github external
const auth = tokenString => {
  if (!tokenString) {
    return Promise.resolve(null);
  }
  const token = getToken(tokenString);
  const client = jwksClient({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 10, // Default value
    jwksUri: JWKS_URI
  });

  return new Promise((yay, nay) => {
    const decoded = jwt.decode(token, { complete: true });
    if (!decoded) {
      return nay(new Error('Malformed jwt'));
    }
    const { kid } = decoded.header;

    client.getSigningKey(kid, (err, key) => {
      if (err) {
        nay(err);
github coralproject / talk / src / core / server / app / middleware / passport / strategies / verifiers / oidc.ts View on Github external
public async verify(
    tokenString: string,
    token: OIDCIDToken,
    tenant: Tenant,
    now: Date
  ) {
    // Ensure that the integration is enabled.
    const integration = getEnabledIntegration(tenant.auth.integrations.oidc);

    // Grab the JWKS client to verify the SSO ID token.
    let client = this.cache.get(tenant.id);
    if (!client) {
      logger.trace({ tenantID: tenant.id }, "jwks client not cached");
      client = jwks({
        jwksUri: integration.jwksURI,
      });

      this.cache.set(tenant.id, client);
    } else {
      logger.trace({ tenantID: tenant.id }, "jwks client cached");
    }

    return findOrCreateOIDCUserWithToken(
      this.mongo,
      tenant,
      client,
      integration,
      tokenString,
      now
    );
github frandiox / vue-graphql-enterprise-boilerplate / server / src / resolvers / mutation / auth.js View on Github external
import jwksClient from 'jwks-rsa'
import jwt from 'jsonwebtoken'
import { AuthenticationError } from '../../errors'
import { findUser, createUser, deleteUser } from '../../models/user'
import got from 'got'

const jwks = jwksClient({
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 1,
  jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`,
})

function verifyAndDecodeIdToken(idToken) {
  const invalidTokenMessage = 'Invalid id token.'

  return new Promise((resolve, reject) => {
    const { header, payload } = jwt.decode(idToken, { complete: true }) || {}

    if (!header || !header.kid || !payload) {
      return reject(new AuthenticationError(invalidTokenMessage))
    }

jwks-rsa

Library to retrieve RSA public keys from a JWKS endpoint

GitHub
MIT
Latest version published 7 months ago

Package Health Score

81 / 100
Full package analysis

Popular jwks-rsa functions

Similar packages