npm
Sign UpSign In

This package has been deprecated

Author message:

Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

@ikoabo/auth
TypeScript icon, indicating that this package has built-in type declarations

2.0.3 • Public • Published

IKOABO Business Opportunity Auth API

Utility functions for IKOA Business Opportunity Identity Management Service integration. This library provide the middleware to handle security into backend API validating requests against the service.

The package is developed with the aim of being used in conjunction with the rest of the packages of the platform, but it don't restrict use it as standalone package.

Version npmnpm DownloadsBuild Statuscoverage testing report

NPM

Installation

npm install @ikoabo/auth

Initialize the middleware

The authententication middleware must be initialized with the address of the Identity Management Service

import { AuthenticationCtrl } from "@ikoabo/auth";
AuthenticationCtrl.setup("https://myserver.com", true);

After the middleware is initialized we can use it to authenticate the API Backend or to validate a received request. Validations can only done over authorization with bearer tokens, in other cases always return not authorized.

The second parameter can be used to inject the access token to each request performed with the axios if the Authorization header isn't set. If you don't want to set the authentication you must set the header noauth with any value. If you prefer not use the interceptor you can set it to false or omit.

API Backend authentication

When the API Backend is registered into the Identity Managemen Service a credentials account are generated with an id and a secret token. This values must be used to exchange them by an access token with the API scopes. The received access token can be used to perform requests agains other API Backends.

Backend authentication can be easily integrated with the cluster server initialization:

import { ClusterServer } from "@ikoabo/server";
import { AuthenticationCtrl } from "@ikoabo/auth";

/**
 * Authenticate agains auth service
 */
function requestCredentials(): Promise<void> {
  return new Promise<void>((resolve) => {
    AuthenticationCtrl.setup("https://myserver.com", true);
    AuthenticationCtrl.authService("miserviceid", "myservicesecret")
      .catch((err) => {
        console.error('Invalid authentication');
      }).finally(() => {
        resolve();
      });
  });
}

/* Initialize cluster server */
const clusterServer = ClusterServer.setup(
  { running: requestCredentials },
);

/* Run cluster with base routes */
clusterServer.run({
  ...
});

In this case each slave worker will authenticate against the server. The given access token can be accesed directly to allow to use it to send request to external APIs that validate against the same Identity Management Service.

const token: string = AuthenticationCtrl.token;

Validate authentication middleware

To authenticate the recived request we must use the middleware inside the expres router

import { Router, Request, Response, NextFunction } from "express";
import { AuthenticationCtrl, SCOPE_VALIDATION } from "@ikoabo/auth";
const router = Router();

router.get(
  "/hello",
  AuthenticationCtrl.middleware(["user", "admin"], SCOPE_VALIDATION.AND),
  (req: Request, res: Response, next: NextFunction) => {
    res.send("Hello World");
    res.end();
  }
);

export default router;

In this case we protect the request. This request can be performed only by an user that holds the user and admin scopes. If the user don't holds both scopes then can't access the resource.

AuthenticationCtrl.middleware(scope?: string | string[],validation?: SCOPE_VALIDATION)

In case of array of scopes, it can be validated using one of the following three operations.

enum SCOPE_VALIDATION {
  AND = 1, // Must contain all scopes
  OR = 2, // Must contain at least one scope
  NOT = 3 // Must not contain any scope
}

Once the request is authenticated, there is some information that can be used into the backedn api to handle the service data. After success authentication we can receive the user, application, project, domain or module that is doing the request and all the scopes authorized for that request.

interface IAuthentication {
  user: string;
  application: string;
  project: string;
  domain: string;
  module: string;
  scope: string[];
}

This information can be accessed for the express response o request:

req["user"];
res.locals["auth"];

If the get request can't sent the authorization token in the header request, the token can be taken from query parameters also, using the following middlewares combination:

import { Router, Request, Response, NextFunction } from "express";
import { AuthenticationCtrl, SCOPE_VALIDATION } from "@ikoabo/auth";
const router = Router();

router.get(
  "/hello",
  AuthenticationCtrl.forceAuthToken("token"),
  AuthenticationCtrl.middleware(["user", "admin"], SCOPE_VALIDATION.AND),
  (req: Request, res: Response, next: NextFunction) => {
    res.send("Hello World");
    res.end();
  }
);

export default router;

In this case the middleware receive the access token into the token query parameter. By default middleware parameter can be omited and token is set by default, or you can change the field name.

Readme

Keywords

Package Sidebar

Install

npm i @ikoabo/auth

Repository

gitlab.com/ikoabo/packages/auth

Homepage

gitlab.com/ikoabo/packages/auth#readme

Weekly Downloads

1

Version

2.0.3

License

MIT

Unpacked Size

63 kB

Total Files

25

Last publish

Collaborators

  • omorffa
  • rmillo
Try on RunKit
Report malware