AuthRocket

AuthRocket provides Auth as a Service, making it quick and easy to add signups, logins, social auth, a full user management UI, and much more to your app.

The authrocket-node library covers all of our Core API. It also covers select portions of the Configuration API.

See also authrocket-middleware for our streamlined integration with Express and other compatible frameworks.

Installation

The library is designed to be installed using npm or yarn.

For installation, run one of:

npm install @authrocket/authrocket-node

yarn add @authrocket/authrocket-node

Client Basics

Using environment variables

If you are using environment variables to manage external services like AuthRocket, then it's very easy to initialize the AuthRocket client:

const { AuthRocket } = require('@authrocket/authrocket-node')
const authrocket = new AuthRocket()

Ensure these environment variables are set:

# If only validating tokens (including use with authrocket-middleware)
LOGINROCKET_URL    = https://SAMPLE.e2.loginrocket.com/

# If only validating tokens and default JWT key type has been changed to HS256
LOGINROCKET_URL    = https://SAMPLE.e2.loginrocket.com/
AUTHROCKET_JWT_KEY = SAMPLE

# To use the AuthRocket API
AUTHROCKET_API_KEY = ks_SAMPLE
AUTHROCKET_URL     = https://api-e2.authrocket.com/v2
AUTHROCKET_REALM   = rl_SAMPLE  # optional, but recommended (see below)
# plus LOGINROCKET_URL and/or AUTHROCKET_JWT_KEY if also validating tokens or using authrocket-middleware

AUTHROCKET_API_KEY = ks_SAMPLE Your AuthRocket API key. Required to use the API (but not if only performing JWT verification of login tokens).

AUTHROCKET_JWT_KEY = SAMPLE Used to perform JWT signing verification of login tokens. Not required if validating all tokens using the API instead. Also not required if LOGINROCKET_URL is set and RS256 keys are being used, as public keys will be auto-retrieved. This is a realm-specific value, so like AUTHROCKET_REALM, set it directly if using multiple realms (see below).

AUTHROCKET_REALM = rl_SAMPLE Sets an application-wide default realm ID. If you're using a single realm, this is definitely easiest. Certain multi-tenant apps might use multiple realms. In this case, don't set this globally, but directly when constructing the client (see below).

AUTHROCKET_URL = https://api-e2.authrocket.com/v2 The URL of the AuthRocket API server. This may vary depending on which cluster your service is provisioned on.

LOGINROCKET_URL = https://SAMPLE.e2.loginrocket.com/ The LoginRocket URL for your Connected App. Used by authrocket-middleware (for redirects) and for auto-retrieval of RS256 JWT keys (if AUTHROCKET_JWT_KEY is not set). If your app uses multiple realms, you may need to set this directly instead (see below). If you're using a custom domain, this will be that domain and will not contain 'loginrocket.com'.

If you are using multiple realms, we recommend building a new client for each realm, directly setting realm, jwtKey, and/or loginrocketUrl:

const authrocket = new AuthRocket({
  realm:          'rl_SAMPLE',
  jwtKey:         'SAMPLE',
  loginrocketUrl: 'https://SAMPLE.e2.loginrocket.com/'
})

Similarly, if changing locales between requests, build a new client for each:

const authrocket = new AuthRocket({
  locale: 'es'
})

Direct configuration

It's also possible to directly configure all AuthRocket client instance options:

const { AuthRocket } = require('@authrocket/authrocket-node')
const authrocket = new AuthRocket({
  apiKey:         'ks_SAMPLE',
  url:            'https://api-e2.authrocket.com/v2',
  realm:          'rl_SAMPLE',
  jwtKey:         'SAMPLE',
  loginrocketUrl: 'https://SAMPLE.e2.loginrocket.com/',
  locale:         'en'
})

Remember that it's insecure to commit apiKey into your code. You may safely commit url, realm, and loginrocketUrl.

If jwtKey is an RSA key (starts with 'MIIB' or with 'PUBLIC KEY'), it is also safe to commit. If it starts with 'jsk' or anything else, it is unsafe to commit with your code.

Usage

Documentation is provided on our site:

• Node.js Integration Guide
• Node.js SDK Docs (Expands on this README)
• API Docs with Node.js examples

Contributing

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create new Pull Request

License

MIT