Machine Auth
This package checks the validity and permission of a JSON Web Token using the keys provided by the IAM service.
Usage
This package uses the asynchronous invoke-lambda function. You might need to call it within an async-await function.
const validate = require('@growsari/machine-auth')
const sampleFunction = async (token) => {
const claims = await validate(token, permission, APP_ID)
return claims
}
❗ Important: Token must come from theaccess_tokenreturned by any of the login APIs from MS-IAM. Login is required.
If the token is valid, validate will return the token's decoded claims as a JSON object. Otherwise, it will throw an error.
Parameters
| Parameter | Description |
|---|---|
token |
Token to be verified. Token must come from the access_token returned by any of the login APIs from MS-IAM. |
permission |
Permission name. Must be consistent with the permissions under API and Role in MS-IAM. e.g. 'POST /message', 'message_create', 'create-message', 'message:create'
|
APP_ID |
(optional) App ID of the app where this validation will be used. Note: APP_ID must be present if the scopes parameter is present at the time of login |
Errors
| Code | Message | Description |
|---|---|---|
| MACHINE-AUTH-001 | Invalid access token | Token is invalid or expired |
| MACHINE-AUTH-002 | You are not permitted to do this action | User does not have the permission to access the resource |