DevStack token JWT validation

Koa middleware that propagates and validates JSON web tokens (JWT).

Usage

Our architecture, is validate with the use of a JWT token, so is mandatory propagate and validate the JWT token.

Configuration

Before use the koa-devstack-security is necessary configurate the file configuration.json, this file needs to:

• Url to get the public key.

• The key of identifier in our case sts_SHA1withRSA.

• The delay between calls to public server key.

• The attempts number when fail the public server key.

When do the library return an 401, Bad Authorization?

• If the token has bad format.
• If the date has expired.
• If the token is not authorization.
• If the header is bad formatted.

Retrieving the token

The token is normally provided in a HTTP header in our case ( Authorization ), so we can get the token with 'ctx.request.header.authorization'.

Example

var koaDevSec = require('koa-devstack-security');
var Koa = require('koa');

var app = new Koa();
app.use(koaDevSec());

Additional Information

If you want to use this library, you need at least node v.6.9.2 and Harmony or Babel.

How do I pass source quality?

If you have passed istanbul, the 'coverage' folder has been created.

We use 'sonar-project.properties' and 'sonar-scanner' for analyze this project with SonarQube.

This SonarQube must have installed http://docs.sonarqube.org/display/PLUG/JavaScript+Plugin[*javascript plugin*].

Install http://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner[*sonar-scanner*]:

Config 'sonar.host.url' with the SonarQube server url.

'sonar-runner -Dsonar.host.url=sonarUrl'