predix-fast-token
Node module to verify UAA tokens used when protecting REST endpoints
Intro
Security is important, but having to make a POST call to UAA with every request to verify a token adds latency. Predix-fast-token reduces the number of network calls and is ~200+ times faster. We ran a test of 100,000 predix-fast-token calls and it came out to <1 ms. Don't trust us though, try youself and see what improvements you can get compared to your current method.
Installation
Install via npm
npm install --save predix-fast-token
Usage
Verify (Local)
Validates the token is a valid JWT, isn't expired, and was issued by a trusted issuer.
Basic usage with a JWT token and list of trusted issuers
const pft = ;pft;
As an expressjs middleware
'use strict';const express = ;const bearerToken = ;const predixFastToken = ;const app = ; const trusted_issuers = 'https://example.uaa.predix.io/oauth/token' 'https://another.uaa.predix.io/oauth/token'; app; // Ensure Authorization header has a bearer tokenappall'*' { console; ifreqtoken predixFastToken; else console; resstatus401; }; app; // Need to let CF set the port if we're deploying there.const port = processenvPORT || 9001;app;console;
Remote Verification
Validates a token is valid by sending it against the UAA's /check_token
endpoint, with optional in-memory caching.
Using remote verification adds network latency to the verification request, compared to local verification,
but is necessary if you need to validate opaque tokens
or check if a token has been revoked.
Parameters
token
- The access tokenissuer
- The UAA issuer URI to validate againstclientId
- Your client ID issued by the UAA serviceclientSecret
- Your client secret issued by the UAA serviceopts
ttl
- The maximum time to live in cache for a validated token, in seconds. If zero, does not cache.Default: 0
useCache
- Whether or not to look for the token in cache.Default: true
Example
const pft = ;const opts = ttl: 60*60*2 useCache: true; // Cache tokens for 2 hourspft;