authier

5.0.9 • Public • Published

Authier

Simple Authenticator Library

Authier is a simple library helper to make it easier to implement and serve authentication methods using OAuth2.0.

Index

Features

  • No Dependencies
  • Simple to Use

Install

To install Authier is simple:

with npm

npm i authier

Test It

Testing it locally:

  • Clone this project into your local machine.
  • Inside the project folder auth_server_example, run npm install
  • Then just run node index.js or nodemon index.js
  • It will simple use a local file to example a Database and runs some tests
  • Edit at your will to help you understand how the lib works, but it is very simple.

Example

Create an extension to override or implement the required functions as showed in the example here:
Example of Authier Extension

Auth Flow

Fields

  /**
   * Client option to issue or not a refresh client token - default is true
   * @type {Boolean}
   */
  issues_refresh_token;

  /**
   * Client's option whether the redirect_uri is required
   * @type {Boolean}
   */
  redirect_uri_required;

  /**
   * Client's option whether the scope is required
   * @type {Boolean}
   */
  scope_required;

  /**
   * Client's option whether the state is required
   * @type {Boolean}
   */
  state_required;

  /**
   * Refresh Token TTL - default is 7200 seconds
   * @type {Number}
   */
  refresh_token_expires_in;

  /**
   * Token TTL - default is 3600 seconds
   * @type {Number}
   */
  token_expires_in;

  /**
   * Match all scope option
   * @param {Object}
   */
  match_all_scopes;

Example of Functions of Auth Flow Implemented

// ------------------------------------------------------------------------------------

AuthFlow.prototype.generateToken = async function generateToken(args) {
  return await signToken({
    exp: Math.floor(Date.now() / 1000) + this.token_expires_in,
    sub: args.token_info.sub,
    iss: args.token_info.iss,
    scopes: args.scopes_granted || "",
    redirect_uri: args.redirect_uri, // present only in authorization code flow
  });
};

// ------------------------------------------------------------------------------------

AuthFlow.prototype.validateToken = async function validateToken(token) {
  try {
    return await checkToken(token);
  } catch (error) {
    throw error;
  }
};

// ------------------------------------------------------------------------------------

Client Credentials Flow

Fields

It inherits from Auth Flow fields

Example of Functions of Code Flow Implemented

There is no need to implement functions as long as you implemented Auth Flow Functions


Code Flow

Fields

It inherits from Auth Flow fields and adds the following:

  /**
   * Authorization Code flow code string.
   * @type {String}
   */
  code;

  /**
   * Authorization Code TTL - Default is 5 minutes.
   * @type {Number}
   * @default 300
   */
  code_expires_in;

  /**
   * is_uri_encoded - Whether the redirect_uri is encoded or not
   * @param {Boolean}
   * @default false
   */
  is_uri_encoded;

  /**
   * pkce_required - Whether the pkce is required or not
   * @param {Boolean}
   * @default true
   */
  pkce_required;

  /**
   * mapping_challenge_methods - The mapper for code challenge methods
   * @param {Object}
   * @default { plain: "plain", "S256": "sha256" }
   */
  mapping_challenge_methods;

  /**
   * allow_plain_pkce_method - Whether the pkce plain method is allowed
   * @param {Boolean}
   * @default false
   */
  allow_plain_pkce_method;

Example of Functions of Code Flow Implemented

It inherits from Auth Flow functions and adds the following:

// --------------------------  AUTHORIZATION CODE FUNCTIONS  --------------------------

AuthorizationCodeFlow.prototype.generateCode = async function generateToken(
  args
) {
  return await signToken({
    exp: Math.floor(Date.now() / 1000) + 55 * this.code_expires_in,
    sub: args.code_info.sub,
    iss: args.code_info.iss,
    scopes: args.scopes_granted || "",
    redirect_uri: args.redirect_uri,
  });
};

// ------------------------------------------------------------------------------------

AuthorizationCodeFlow.prototype.validateCode = async function validateCode(
  code
) {
  try {
    return await checkToken(code);
  } catch (error) {
    throw error;
  }
};

// ------------------------------------------------------------------------------------

Device Code Flow

Fields

It inherits from Auth Flow fields and adds the following:

  static slow_down = { error: "slow_down" };
  static authorization_pending = { error: "authorization_pending" };
  static access_denied = { error: "access_denied" };
  static expired_token = { error: "expired_token" };

Example of Functions of Code Flow Implemented

It inherits from Auth Flow functions and adds the following:

// --------------------------  DEVICE CODE FUNCTIONS  ---------------------------------------------

DeviceCodeFlow.prototype.generateDeviceCode = async function generateDeviceCode(
  args
) {
  return await signToken({
    ...device_code_info,
    exp: Math.floor(Date.now() / 1000) + args.expires_in,
    scopes: args.scopes_granted || "",
    verification_uri: args.verification_uri,
    user_code: args.user_code,
    interval: args.interval,
  });
};

DeviceCodeFlow.prototype.validateDeviceCode = async function validateDeviceCode(
  args
) {
  try {
    return await checkToken(args.device_code);
  } catch (error) {
    throw error;
  }
};

// ------------------------------------------------------------------------------------------------

Refresh Token Flow

Example of Functions of Refresh Token Flow Implemented

It inherits from Auth Flow functions and adds the following:

// --------------------------  REFRESH TOKEN FUNCTIONS  -------------------------------

RefreshTokenFlow.prototype.generateRefreshToken =
  async function generateRefreshToken(args) {
    return await signToken({
      exp: Math.floor(Date.now() / 1000) + this.refresh_token_expires_in,
      sub: args.token_info.sub,
      iss: args.token_info.iss,
      scopes: args.scopes_granted || "",
    });
  };

// ------------------------------------------------------------------------------------

RefreshTokenFlow.prototype.validateRefreshToken =
  async function validateRefreshToken(refresh_token) {
    try {
      return await checkToken(refresh_token);
    } catch (error) {
      throw error;
    }
  };

// ------------------------------------------------------------------------------------

Example of All Methods to be Implemented

The example of all methods that should be implemented:
Example of Authier Extension

Package Sidebar

Install

npm i authier

Weekly Downloads

3

Version

5.0.9

License

MIT

Unpacked Size

44.4 kB

Total Files

13

Last publish

Collaborators

  • arthurgermano