Client library for service-auth-provider service

Client library to obtain service to service call tokens.

Requirements

• Node >=8.0
• yarn

Installation

As of now, this module is published only in a private repository. We are working on publishing this project to NPM. Until then, the package can be installed from its github URL, examples:

# Install the latest version
yarn add https://github.com/hmcts/div-service-auht-provider-client

# Install a specific version
yarn add https://github.com/hmcts/div-service-auth-provider-client#2.1.4

Usage

First get a client

const serviceAuthProviderClient = require('@hmcts/div-service-auth-provider-client')

const client = serviceAuthProviderClient.init({
  apiBaseUrl: 'https://service-auth-provider-api:4502', // Base URL of service-auth-provider API
  microservice: 'reference', // The name of the IDAM service role
  secret: 'AAAAAAAAAAAAAAAA' // Service secret
})

Obtain a token

client.lease()
  .then(token => {
    // The response payload contains the token in plain text.
    console.log(token)
  })
  .catch(err => {
    // Or an error in case of an error.
    console.error(err)
  })

Check if a token is expired

client.isTokenExpired(token) // true if expired, false otherwise.

Implementation notes

Token expiry

Tokens returned contain an expiry date as a unix timestamp under exp. Ideally, this expiry date should be respected and the token should be renewed using the lease method.

Service secrets

The service needs to be registered with IDAM and a secret is required in order to generate a token.

For early implementations where IDAM registration has not finished yet, the reference details (microservice, secret) can be used from the above example.