Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
new Promise(resolve => {
// Decode the JWT Token
const decoded = jwt.decode(token, { complete: true });
if (!decoded || !decoded.header || !decoded.header.kid) {
throw new Error('Unable to retrieve key identifier from token');
}
if (decoded.header.alg !== 'RS256') {
throw new Error(`Wrong signature algorithm, expected RS256, got ${decoded.header.alg}`);
}
const jkwsClient = jwkRsa({
cache: true,
jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`,
});
// Retrieve the JKWS's signing key using the decode token's key identifier (kid)
jkwsClient.getSigningKey(decoded.header.kid, (err, key) => {
if (err) throw new Error(err);
const signingKey = key.publicKey || key.rsaPublicKey;
// If the JWT Token was valid, verify its validity against the JKWS's signing key
jwt.verify(
}
// TODO think more about this special case... I really want this logic to be in sp-plugin-auth
// but here we are.
const AUTH0_HEADER = "auth0|";
if (subject.indexOf(AUTH0_HEADER) === 0) {
const uuidSubject = aguid(subject.slice(AUTH0_HEADER.length));
subject = `https://${DOMAIN}/api/users/${uuidSubject}`;
}
const newToken = jwt.sign({}, JWT_SECRET, {
algorithm: "HS256",
expiresIn: `${JWT_EXPIRATION}ms`,
audience: JWT_AUDIENCE,
issuer: JWT_ISSUER,
subject: subject
});
this.jwt = jwt.decode(newToken);
this._replaceToken(newToken);
}
}
.then(data => {
// Decode Cognito's id token and get user's sub.
const idToken = jwt.decode(data.AuthenticationResult.IdToken)
return {
sub: idToken.sub,
raw: data
}
})
}
let ValidateToken = function(pems, event, authorizedRoles, callback) {
let _ticket = {
auth_status: 'Unauthorized',
auth_status_reason: ''
};
let token = event.authorizationToken.substr(3);
//Fail if the token is not jwt
let decodedJwt = jwt.decode(token, {
complete: true
});
console.log(decodedJwt);
if (!decodedJwt) {
_ticket.auth_status_reason = 'Not a valid JWT token';
console.log(_ticket);
return callback(_ticket, null);
}
//Fail if token is not from your UserPool
if (decodedJwt.payload.iss != iss) {
_ticket.auth_status_reason = 'invalid issuer';
console.log(_ticket);
return callback(_ticket, null);
}
const parts = request.headers.authorization.split(' ')
if (parts.length === 2) {
const scheme = parts[0]
token = parts[1]
if (!/^Bearer$/i.test(scheme)) {
return next(new BadRequest(messagesOptions.badRequestErrorMessage))
}
} else {
return next(new BadRequest(messagesOptions.badRequestErrorMessage))
}
} else {
return next(new Unauthorized(messagesOptions.noAuthorizationInHeaderMessage))
}
const decodedToken = jwt.decode(token, decodeOptions)
steed.waterfall([
function getSecret (callback) {
secretCallbackVerify(request, decodedToken, callback)
},
function verify (secretOrPublicKey, callback) {
jwt.verify(token, secretOrPublicKey, options, (err, result) => {
if (err instanceof jwt.TokenExpiredError) {
return callback(new Unauthorized(messagesOptions.authorizationTokenExpiredMessage))
}
if (err instanceof jwt.JsonWebTokenError) {
return callback(new Unauthorized(typeof messagesOptions.authorizationTokenInvalid === 'function' ? messagesOptions.authorizationTokenInvalid(err) : messagesOptions.authorizationTokenInvalid))
}
callback(err, result)
})
},
setToken(token) {
const { aud } = jwt.decode(token, { complete: false });
if (!aud) {
throw new Error("Invalid token");
}
const [, userId] = aud.split(":");
if (!userId) {
throw new Error("Invalid token");
}
this.userId = userId;
this.token = token;
saveToken(token);
}
function validateToken (token) {
const header = jwt.decode(token)
const now = Math.floor(Date.now() / 1000)
return header && header.exp > now
}
private validateAADInformation(keys: any, issuerTemplateUrl: string, idToken: string): any {
let claims = jwt.decode(idToken, { complete: true });
if (!claims) {
return false;
}
let type = claims["header"].typ;
let algorithm = claims["header"].alg;
let signingKeyId = claims["header"].kid;
let tenantId = claims["payload"].tid;
if (type !== "JWT") {
return false;
}
let issuer = issuerTemplateUrl.replace("{tenantid}", tenantId);
let signingKey = keys.find((element) =>
var decodeToken = (token)=>{
if(!token){
throw Error("Incomplete Details.");
}
var decoded = jwt.decode(token,{complete:true});
return new Promise((resolve,reject)=>{
resolve(decoded);
});
}
beforeEnter: (to, from, next) => {
const token = localStorage.getItem('github-profile-token')
if (!token || jwt.decode(token).username !== to.params.username) {
axios.get(`/api/check-status/${to.params.username}`)
.then(res => {
if (res.data.success) {
localStorage.setItem('github-profile-token', res.data.token)
next()
} else {
next({
name: 'Welcome',
query: {
redirect: 'invalid',
username: to.params.username
}
})
}
})
.catch(err => {