koa-jwt-authz
Validate a JWTs scope to authorize access to an endpoint.
Install
$ npm i -S @tadashi/koa-jwt-authz
koa >=2is a peer dependency. Make sure it is installed in your project.
Usage
Use together with koa-jwt to both validate a JWT and make sure it has the correct permissions to call an endpoint.
import jwtAuthz from '@tadashi/koa-jwt-authz'
import jwt from 'koa-jwt'
import Koa from 'koa'
import Router from '@koa/router'
const app = new Koa()
const router = new Router()
router.get('/', ctx => {
ctx.body = {home: 'free'}
})
router.get('/me',
jwt({secret: 'shared_secret'}),
jwtAuthz(['read:users']),
ctx => {
ctx.body = ctx.state.user
}
)
app.use(router.middleware())
app.listen(process.env.PORT ?? 3000)The JWT must have a scope claim and it must either be a string of space-separated permissions or an array of strings. For example:
# String: "write:users read:users"
# Array: ["write:users", "read:users"]
API
jwtAuthz(expectedScopes [, options])
| parameter | type | required | default | description |
|---|---|---|---|---|
| expectedScopes | Array | yes | - | List of permissions |
| options | Object | no | see below | Options |
options
| parameter | type | required | default | description |
|---|---|---|---|---|
| checkAllScopes | Boolean | no | false | When true, all the expected scopes will be checked against the user's scopes |
| customScopeKey | String | no | scope | The property name to check for the scope |
Author
License
MIT © Thiago Lagden