Node Identity Resource Service Authentication Middleware for Express JS
$ yarn add identity-rs
const authenticatePermissions = ;// add into ExpressJS
- resourceName is the name you use for your service
- qualifier is the access level for permissions, eg: read, write, * (read-write).
No configuration is required in order to start using this middleware. All options are optional.
realm– Value of "realm" parameter to use in WWW-Authenticate challenge header.
scopes– Array of scope values required to access this resource.
allow– Object with arrays of allowed issuers, audience and subjects.
deny– Object with arrays of restricted issuers, audience and subjects.
handleErrors– When set to false, error conditions will result in a call to
next(), passing control to the application's error handling.
tokenProperty– Name of property on
reqto assign decoded JWT object. The property will not be set unless defined.
claimsProperty– name of property on
reqto assign verified JWT claims. Defaults to "claims".
JWT token spec
The JWT needs to have custom claims called perms, like the following JWT payload.
The perms custom claims is needed for the middleware to check access using node-arn.
How to use
const authenticateMiddleware = ;router;
$ yarn test
MIT License - [Suhendra Ahmad]