Seamlessly integrate with RingCentral Professional Services's JWKS solution.

npm install @ringcentral-pro-serv/psi-auth

Before using PSi Auth, you'll need to initialize it by calling initializeJWKS(). Here's an example:

initializeJWKS({
    url: `${process.env.JWKS_BASE_URL}/api/v1/public/token`,
    localCacheTtl: 10,
    localCaching: true,
    remoteCaching: true,
    jwt: process.env.JWKS_JWT,
    clientId: process.env.LOCAL_JWKS_CLIENT_ID,
    clientSecret: process.env.LOCAL_JWKS_CLIENT_SECRET
})

In the example above, PSi Auth is being initialized for local development. The giveaway here is the inclusion of the jwt, clientId, and clientSecret options. PSi Auth uses those values to facilitate the use of the public authentication endpoint.

Here's an example of initialization in production:

initializeJWKS({
    url: `${process.env.JWKS_BASE_URL}/api/v1/token`,
    localCacheTtl: 15,
    localCaching: true,
    remoteCaching: true
})

Getting an access token with PSi Auth is simple, just call getToken() and supply the appName and accounted.

const token = await getToken({
    appName: 'exampleApp',
    accountId: '62904886028'
})

Depending on how you initialized PSi Auth, you may receive a cached token, as such, you should make note of the expires_at property of the returned object. JWKS sets this to the true expiration of the token. JWKS does not alter the expires_in property returned by the RC platform, so it may not be accurate.

Here's an example response:

{
    "access_token": "U0pDMDFQMTNQQVMwM... truncated for brevity",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "U0pDMDFQMTNQQVMwMHxBQU... truncated for brevity",
    "refresh_token_expires_in": 604800,
    "scope": "ReadAccounts",
    "owner_id": "305655028",
    "endpoint_id": "ehhhoi3MRAGvu3wu2ALJpg",
    "session_id": "10bb4cc8-ed66-426b-886d-8f9259eff804",
    "session_idle_timeout": 30,
    "issued_at": 1716217482,
    "expires_at": 1716221082,
    "refresh_token_expires_at": 1716822282
}