Machine Auth
This package checks the validity and permission of a JSON Web Token using the keys provided by the IAM service.
Usage
This package uses the asynchronous invoke-lambda
function. You might need to call it within an async-await function.
const validate = require('@growsari/machine-auth')
const sampleFunction = async (token) => {
const claims = await validate(token, permission, APP_ID)
return claims
}
❗ Important: Token must come from theaccess_token
returned by any of the login APIs from MS-IAM. Login is required.
If the token is valid, validate
will return the token's decoded claims as a JSON object. Otherwise, it will throw an error.
Parameters
Parameter | Description |
---|---|
token |
Token to be verified. Token must come from the access_token returned by any of the login APIs from MS-IAM. |
permission |
Permission name. Must be consistent with the permissions under API and Role in MS-IAM. e.g. 'POST /message' , 'message_create' , 'create-message' , 'message:create'
|
APP_ID |
(optional) App ID of the app where this validation will be used. Note: APP_ID must be present if the scopes parameter is present at the time of login |
Errors
Code | Message | Description |
---|---|---|
MACHINE-AUTH-001 | Invalid access token | Token is invalid or expired |
MACHINE-AUTH-002 | You are not permitted to do this action | User does not have the permission to access the resource |