@ssense/jwt-active-directory
TypeScript icon, indicating that this package has built-in type declarations

0.3.0 • Public • Published

JWT - Active Directory

Authorization Middleware and Authenticator for Active Directory and JWT token

Build Status Coverage Status Latest Stable Version Known Vulnerabilities

Table of Contents

Ways of passing a token for validation

There are four ways to pass the token for validation: (1) in the Authorization header, (2) as a cookie, (3) as a POST parameter, and (4) as a URL query parameter. The middleware will look in those places in the order listed and return 401 if it can't find any valid token.

Method Format
Authorization Header Authorization: Bearer <token>
Cookie "jwt_token": <token>
URL Query Parameter /protected?access_token=<token>
Body Parameter POST access_token=<token>

Installation

npm install --save @ssense/jwt-active-directory

Constructing a token

const authenticator = new Authenticator({
    url: 'ldap://127.0.0.1:1389',
    baseDN: 'dc=domain,dc=com',
    username: 'auth@domain.com',
    //username: 'CN=Authenticator,OU=Special Users,DC=domain,DC=com',
    password: 'password',
    logging: {
        name: 'ActiveDirectory',
        streams: [
            {
                level: 'error',
                stream: process.stdout
            }
        ]
    }
});

authenticator.authenticate('user@domain.com', 'password')
.then(({auth, user, groups}) => {
    if (auth) {
        const token: string = authenticator.sign({user, groups}, 'no-so-secret-key', {
            expiresIn: '1 day'
        });

        // your script ...
    }
})
.catch((err) => {
    console.log(err);
});

or you can use authenticateAndSign(email: string, password: string, jwtKey: string, jwtOptions, jwtExtraClaims?: {})

authenticator.authenticateAndSign('user@domain.com', 'password', 'no-so-secret-key', {
    expiresIn: '1 day'
},
// Optional claims argument
{
    extra: 'payload options',
    foo: 'bar',
    hello: 'Worl!'
})
.then(({auth, user, groups, token}) => {
    console.log('auth', auth);
    console.log('user', user);
    console.log('groups', groups);
    console.log('token', token);
})
.catch((err) => {
    console.log(err);
});

Using middleware to validate token

import {authenticated} from 'jwt-active-directory';

// ... your code ...

app.get('*', authenticated({
    allowed: ['*', 'Group 1', 'Antoher Group Allowed'], // list of groups allowed to enter this route
    jwtKey: 'no-so-secret-key' // your jwt secret key
}), (req, res) => {
    // your code
    // access token with **req.token**
    // do what you want we the new generate token
});

Middleware default options

options = {
    allowed: [],
    jwtKey: null,
    queryKey: 'access_token',
    bodyKey: 'access_token',
    cookieKey: 'jwt_token',
    headerKey: 'Bearer',
    reqKey: 'token', // req.token
    validateGroupKey: 'cn'
};

Caveats

JWT validation depends only on validating the correct signature and that the token is unexpired.

License

This project is licensed under the MIT License - see the LICENSE.md file for details.

Package Sidebar

Install

npm i @ssense/jwt-active-directory

Weekly Downloads

13

Version

0.3.0

License

MIT

Last publish

Collaborators

  • cmoroney
  • alessandro.commodari
  • jeegna.patel
  • jamesslomka
  • ssenses-agupta
  • expense_ssense
  • toya.okeke
  • quinnlangille
  • ssense-admin
  • kaiz
  • maxime.servonnet.ssense
  • ephremsaour
  • non-senses
  • sam-nicolai.johnston
  • carlossense
  • npm1
  • vijayrajasekar
  • dimitrios.nicolacopoulos
  • sikkavarun
  • lclemence
  • nodir.fayzullaev
  • alexnorms
  • mahdieft