UNPKG

anvil-connect-nodejs

Version:

Anvil Connect JavaScript client for Node.js

github.com/anvilresearch/connect-nodejs

anvilresearch/connect-nodejs

115 lines (92 loc) 2.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/** * Module dependencies */ var JWT = require('anvil-connect-jwt') var IDTokenError = require('./IDTokenError') var nowSeconds = require('./time-utils').nowSeconds /** * Expires */ function expires (duration) { var fromNow = { day: (1000 * 60 * 60 * 24), week: (1000 * 60 * 60 * 24 * 7), month: (1000 * 60 * 60 * 24 * 30) } return function () { return nowSeconds(fromNow[duration]) } } /** * ID Token */ var IDToken = JWT.define({ // default header header: { alg: 'RS256' }, // permitted headers headers: [ 'alg' ], // modify header schema registeredHeaders: { alg: { format: 'StringOrURI', required: true, enum: ['RS256'] } }, // permitted claims claims: ['iss', 'sub', 'aud', 'exp', 'iat', 'nonce', 'acr', 'at_hash'], // modify payload schema registeredClaims: { iss: { format: 'StringOrURI', required: true }, sub: { format: 'StringOrURI', required: true }, aud: { format: 'StringOrURI', required: true }, exp: { format: 'IntDate', required: true, default: expires('day') }, iat: { format: 'IntDate', required: true, default: nowSeconds }, nonce: { format: 'String' }, acr: { format: 'String' }, at_hash: { format: 'String' } } }) /** * Verify */ IDToken.verify = function (jwt, options, callback) { var token = IDToken.decode(jwt, options.key) if (!token || token instanceof Error) { return callback(new IDTokenError({ error: 'Invalid JWT' })) } var header = token.header var claims = token.payload var alg = options.alg || 'RS256' // mismatching issuer if (claims.iss !== options.iss) { return callback(new IDTokenError({ error: 'Mismatching issuer' })) } // mismatching audience if (claims.aud.indexOf(options.aud) === -1) { return callback(new IDTokenError({ error: 'Mismatching audience' })) } // mismatching algorithm if (header.alg !== alg) { return callback(new IDTokenError({ error: 'Expected ' + alg + ' signature' })) } // expired token if (claims.exp < nowSeconds()) { return callback(new IDTokenError({ error: 'Expired token' })) } callback(null, token) } /** * Exports */ module.exports = IDToken