@mantris/bearer
JWT/JWKS Express middleware with scope validation.
Usage sample:
const { HttpError } = require('@mantris/appify')
const bearer = require('@mantris/bearer')
// ...
const { jwt, scope, unauthorized } = bearer.factory({
jwks: {
uri: 'https://token-issuer.id.domain.com/.well-knonwn/jwks.json'
},
jwt: {
audience: 'urn:id:app:my-app-slug',
issuer: 'https://token-issuer.id.domain.com/'
}
})
api.get('/secure-endpoint', jwt, (req, res) => {
res.end('secured!')
})
api.get('/admin-only', jwt, scope('admin'), (req, res) => {
res.end('secured!')
})
api.use(unauthorized((err) => {
throw new HttpError.Unauthorized(err.reason, err.message)
}))