koa-bearer-token
    TypeScript icon, indicating that this package has built-in type declarations

    2.0.2 • Public • Published

    koa-bearer-token

    npm version Build Status Coverage Status

    Bearer token parser middleware for koa

    Inspired by express-bearer-token

    Installation

    $ npm install koa-bearer-token

    What?

    Per RFC6750 this module will attempt to extract a bearer token from a request from these locations:

    • The key access_token in the request body.
    • The key access_token in the request query params.
    • The value from the header Authorization: Bearer <token>.
    • (Optional) Get a token from cookies header with key access_token.

    If a token is found, it will be stored on ctx.request.token. If one has been provided in more than one location, this will abort the request immediately by sending code 400 (per [RFC6750]).

    const Koa = require('koa');
    const bodyParser = require('koa-bodyparser');
    const { bearerToken } = require('koa-bearer-token');
    
    const app = new Koa();
    
    app.use(bodyParser());
    app.use(bearerToken());
    
    app.use((ctx) => {
      // ctx.request.token
    });
    
    app.listen(3000);

    For APIs which are not compliant with [RFC6750], the key for the token in each location is customizable, as is the key the token is bound to on the request (default configuration shown):

    app.use(
      bearerToken({
        bodyKey: 'access_token',
        queryKey: 'access_token',
        headerKey: 'Bearer',
        reqKey: 'token',
      }),
    );

    Get token from cookie key (it can be signed or not)

    Warning: by NOT passing { signed: true } you are accepting a non signed cookie and an attacker might spoof the cookies. so keep in mind to use signed cookies

    app.use(
      bearerToken({
        cookie: {
          signed: true, // if passed true you must pass secret otherwise will throw error
          secret: 'YOUR_APP_SECRET',
          key: 'access_token', // default value
        },
      }),
    );

    TypeScript

    As of version 2.0.1 we've added initial support for TypeScript.

    If you're using your custom reqKey, you must do module augmentation on your own:

    declare module 'koa' {
      interface Request {
        myToken?: string;
      }
    }
    
    app.use(
      bearerToken({
        reqKey: 'myToken',
      }),
    );

    Compatibility table

    koa version koa-bearer-token version
    <2 0.x.x
    2 >=1.x.x

    License

    MIT © C. T. Lin

    Install

    npm i koa-bearer-token

    DownloadsWeekly Downloads

    1,080

    Version

    2.0.2

    License

    MIT

    Unpacked Size

    10.7 kB

    Total Files

    6

    Last publish

    Collaborators

    • chentsulin