#vz-jwt-authentication
Package used for validating and refreshing JWT tokens when they only have 1/3 of their lifetime left. It will make sure that all the calls made will be authenticated, and creates 2 routes '/vz-jwt-auth/check/:returnUrl' and '/vz-jwt-auth/initialize'. The check route allows for checking if a user is still logged in and if not, it will return a 401 response with a Location header to which the client needs to redirect. The location will consist of the ssoUrl present in the config of the package (corresponding to the set NODE_ENV) to which a returnUrl will be appended. The returnUrl will consist of the clientAppProtocol://clientAppHostName[:clientAppPortNumber]/#parsed req.params.returnUrl The initialize route, provides the xsrf token and the user name if the token validation is successfull.
$npm install vz-jwt-authentication
Express Router:
var jwtauth = require('vz-jwt-authentication'),
express = require('express'),
app = express();
jwtauth.initialize(app, 'clientAppProtocol','clientAppHostName',['clientAppPortNumber');
Angular App:
$rootScope.$on('$stateChangeStart', function (event, toState, toParams) {
if(toState.name !='initialState') {
authentication.do(toState.name);
}
});
Authentication Service:
define (['./services'], function(module){
module.factory('authentication', function($http){
function authenticate(returnUrl) {
$http.get('/Vz-Jwt-Auth/Check/'+ returnUrl).then(function(response){
console.log('Authentication succeeded for user \'' + response.data.user.username + '\'');
});
}
return { do: authenticate};
});
});
Get XSRF Token and User Name Service:
define(['./services'], function(module) {
module.factory('getXsrfTokenAndUser', function($http, $window){
this.initialize = function (){
$http.get('/Vz-Jwt-Auth/Initialize').then(function(response){
$window.localStorage['user'] = response.data.user;
$window.localStorage['xsrfToken'] = response.data.xsrfToken;
});
};
return this;
});
});
Interceptors:
define([
'./interceptors',
'lodash'
], function (module, _) {
module.factory('JWTInterceptor', function ($q, $window) {
return {
request: function (request) {
if ($window.localStorage['xsrfToken']) {
request.headers.xsrfToken = $window.localStorage['xsrfToken'];
}
return request || $q.when(request);
},
response: function (response) {
if (response.status === 200 && response.data.user) {
$window.localStorage['user'] = response.data.user;
}
return response || $q.when(response);
},
responseError: function (rejection) {
var bodyArray = ["401 - xsrf attack.", "401 - Missing token.", "401 - Expired token.", "401 - Invalid token."];
if (rejection.status === 401 && bodyArray.indexOf(rejection.data) > -1) {
//check for
console.log("Response Error 401", rejection);
$window.location.href = rejection.headers('Location');
}
return $q.reject(rejection);
}
}
}
)
});
The module checks the request.cookies.jwtToken it also verifies that the xsrfToken provided in the request header is the same as the xsrfToken in the decoded jwt token. To validate the signature, it expects a certificate called PublicKey.cer in the root folder of your application. The certificate needs to contain a base64 encoded public key. If the validation of the token fails, the middleware will return 401 response with the following content: "401 - Missing token.", "401 - Invalid token.", "401 - Expired token.", "401 - xsrf attack."