UNPKG

authentic-service

Version:

This is the service component of Authentic. This will help decode tokens so that you can authenticate users within a microservice.

github.com/davidguttman/authentic-service

davidguttman/authentic-service

72 lines (49 loc) 2.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# AuthenticService # This is the service component of [authentic](https://github.com/davidguttman/authentic). This will help decode tokens so that you can authenticate users within a microservice. ## Example ## ```js const http = require('http') const Authentic = require('authentic-service') const auth = Authentic({ server: 'https://auth.scalehaus.io' }) http.createServer(function (req, res) { // Step 1: decrypt the token auth(req, res, function (err, authData) { if (err) return console.error(err) // Step 2: if we get an email and it's one we like, let them in! if (authData && authData.email.match(/@scalehaus\.io$/)) { res.writeHead(200) res.end('You\'re in!') // otherwise, keep them out! } else { res.writeHead(403) res.end('Nope.') } }) }).listen(1338) console.log('Protected microservice listening on port', 1338) ``` ## Installation ## ``` npm install --save authentic-service ``` ## API ## ### Authentic(opts) ### This is the main entry point. Accepts an options object and returns a function that can parse and decrypt tokens from http requests. ```js const auth = Authentic({ server: 'https://auth.scalehaus.io' }) // auth is now a function that accepts req, res, and a callback auth(req, res, function(err, authData) { ... }) ``` #### options #### `Authentic()` takes an options object as its first argument, one of them is required: * `server`: the url of the `authentic-server`, e.g. `'http://auth.yourdomain.com'` Optional: * `prefix`: defaults to `'/auth'` if you set a custom prefix for your `authentic-server`, use that same prefix here * `cacheDuration`: defaults to `3600000` (1 hour in milliseconds). To minimize latency and requests, this is how long `authentic-service` will cache the `authentic-server` public key. * `checkExpiredList`: will check email against the expired list on `authentic-server`, this will reject any token issued before a remote expiration (e.g. password change). This feature must also be enabled on `authentic-server`. # License # MIT