@ssense/jwt-active-directory
    TypeScript icon, indicating that this package has built-in type declarations

    0.3.0 • Public • Published

    JWT - Active Directory

    Authorization Middleware and Authenticator for Active Directory and JWT token

    Build Status Coverage Status Latest Stable Version Known Vulnerabilities

    Table of Contents

    Ways of passing a token for validation

    There are four ways to pass the token for validation: (1) in the Authorization header, (2) as a cookie, (3) as a POST parameter, and (4) as a URL query parameter. The middleware will look in those places in the order listed and return 401 if it can't find any valid token.

    Method Format
    Authorization Header Authorization: Bearer <token>
    Cookie "jwt_token": <token>
    URL Query Parameter /protected?access_token=<token>
    Body Parameter POST access_token=<token>

    Installation

    npm install --save @ssense/jwt-active-directory

    Constructing a token

    const authenticator = new Authenticator({
        url: 'ldap://127.0.0.1:1389',
        baseDN: 'dc=domain,dc=com',
        username: 'auth@domain.com',
        //username: 'CN=Authenticator,OU=Special Users,DC=domain,DC=com',
        password: 'password',
        logging: {
            name: 'ActiveDirectory',
            streams: [
                {
                    level: 'error',
                    stream: process.stdout
                }
            ]
        }
    });
     
    authenticator.authenticate('user@domain.com', 'password')
    .then(({auth, user, groups}) => {
        if (auth) {
            const token: string = authenticator.sign({user, groups}, 'no-so-secret-key', {
                expiresIn: '1 day'
            });
     
            // your script ...
        }
    })
    .catch((err) => {
        console.log(err);
    });

    or you can use authenticateAndSign(email: string, password: string, jwtKey: string, jwtOptions, jwtExtraClaims?: {})

    authenticator.authenticateAndSign('user@domain.com', 'password', 'no-so-secret-key', {
        expiresIn: '1 day'
    },
    // Optional claims argument
    {
        extra: 'payload options',
        foo: 'bar',
        hello: 'Worl!'
    })
    .then(({auth, user, groups, token}) => {
        console.log('auth', auth);
        console.log('user', user);
        console.log('groups', groups);
        console.log('token', token);
    })
    .catch((err) => {
        console.log(err);
    });

    Using middleware to validate token

    import {authenticated} from 'jwt-active-directory';
     
    // ... your code ...
     
    app.get('*', authenticated({
        allowed: ['*', 'Group 1', 'Antoher Group Allowed'], // list of groups allowed to enter this route
        jwtKey: 'no-so-secret-key' // your jwt secret key
    }), (req, res) => {
        // your code
        // access token with **req.token**
        // do what you want we the new generate token
    });

    Middleware default options

    options = {
        allowed: [],
        jwtKey: null,
        queryKey: 'access_token',
        bodyKey: 'access_token',
        cookieKey: 'jwt_token',
        headerKey: 'Bearer',
        reqKey: 'token', // req.token
        validateGroupKey: 'cn'
    };

    Caveats

    JWT validation depends only on validating the correct signature and that the token is unexpired.

    License

    This project is licensed under the MIT License - see the LICENSE.md file for details.

    Install

    npm i @ssense/jwt-active-directory

    DownloadsWeekly Downloads

    0

    Version

    0.3.0

    License

    MIT

    Last publish

    Collaborators

    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar