How to use jwks-rsa - 10 common examples

To help you get started, we’ve selected a few jwks-rsa examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Levino / mock-jwks / __tests__ / jwksRsa.ts View on Github external
async (assert) => {
      assert.plan(1)
      auth0Mock.start()
      const client = jwksClient({
        jwksUri: 'https://hardfork.eu.auth0.com/.well-known/jwks.json',
        strictSsl: true, // Default value
      })

      const kid = auth0Mock.kid()
      client.getSigningKey(kid, (err) => {
        auth0Mock.stop()
        if (err) {
          return assert.fail()
        }
        assert.pass()
      })
    }
  )
github Levino / mock-jwks / __tests__ / jwksRsa.ts View on Github external
(assert) => {
      assert.plan(1)
      auth0Mock.start()
      const client = jwksClient({
        jwksUri: 'https://hardfork.eu.auth0.com/.well-known/jwks.json',
        strictSsl: true, // Default value
      })

      const kid = auth0Mock.kid()
      client.getSigningKey(kid, (err, key) => {
        if (err) {
          auth0Mock.stop()
          return assert.fail()
        }
        const signingKey = String(key.publicKey || key.rsaPublicKey)
        try {
          verify(auth0Mock.token({}), signingKey)
        } catch (err) {
          auth0Mock.stop()
          return assert.fail()
github domagojk / beenion / infrastructure / authentication / authorizer.ts View on Github external
token = getToken(event)
  } catch (err) {
    console.log('could not get token', event, err)
    return cb('could not get token')
  }

  const decoded = decode(token, { complete: true })
  if (!decoded) {
    return cb('could not decode token')
  }

  const kid = decoded.header.kid
  const TOKEN_ISSUER = `https://cognito-idp.${region}.amazonaws.com/${poolId}`
  const JWKS_URI = `${TOKEN_ISSUER}/.well-known/jwks.json`

  const client = jwksClient({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 10, // Default value
    jwksUri: JWKS_URI
  })

  client.getSigningKey(kid, function(err, key) {
    if (err) {
      cb(err)
    } else {
      const signingKey = key.publicKey || key.rsaPublicKey
      verify(token, signingKey, { issuer: TOKEN_ISSUER }, function(
        err,
        tokenPayload
      ) {
        if (err) {
github lakshmantgld / auth0-APIGateway-CustomAuthorizer / serverless / handler.js View on Github external
module.exports.auth = (event, context, callback) => {
  console.log(event);

  // jwt.decode may throw error in case of validating wrong/expired access_token
  try {
    let token, client, decoded, kid;

    token = getToken(event);
    client = jwksClient({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 10,
      jwksUri: process.env.JWKS_URI
    });

    decoded = jwt.decode(token, {complete: true});
    kid = decoded.header.kid;

    client.getSigningKey(kid, (err, key) => {
      if (err) {
        console.log("getSigningKey error:", err);
        callback(null, {policyDocument: getPolicyDocument('Deny', event.methodArn)});
      } else {
        let signingKey = key.publicKey || key.rsaPublicKey;
        let options = {
github netlify-labs / movie-app / functions / utils / checkAuth.js View on Github external
import jwt from 'jsonwebtoken'
import jwksClient from 'jwks-rsa'
import config from '../../src/_config'

/* initialize the JWKS client */
const auth0Domain = process.env.AUTH0_DOMAIN || config.auth0.domain
const authClient = jwksClient({
  cache: true,
  jwksUri: `https://${auth0Domain}/.well-known/jwks.json`,
  audience: 'universe-theater',
  issuer: 'https://adobot.auth0.com/',
})

/* Check authorization JWT */
export default function checkAuth(event) {
  const alg = 'RS256' // algorithm is RSA http://bit.ly/2xAYygk
  return new Promise((resolve, reject) => {
    console.log('event.headers', event.headers)
    if (!event.headers.authorization) {
      const reason = 'Missing event.headers.authorization. You must be signed in to call this function'
      return reject(new Error(reason))
    }
    console.log('event.headers', event.headers)
github taskcluster / taskcluster / services / login / src / handlers / mozilla-auth0.js View on Github external
constructor({name, cfg}) {
    let handlerCfg = cfg.handlers[name];
    assert(handlerCfg.domain, `${name}.domain is required`);
    assert(handlerCfg.apiAudience, `${name}.apiAudience is required`);
    assert(handlerCfg.clientId, `${name}.clientId is required`);
    assert(handlerCfg.clientSecret, `${name}.clientSecret is required`);
    _.assign(this, handlerCfg);

    // use express-jwt to validate JWTs against auth0
    this.jwtCheck = expressJwt({
      secret: jwks.expressJwtSecret({
        cache: true,
        rateLimit: true,
        jwksRequestsPerMinute: 5,
        jwksUri: `https://${this.domain}/.well-known/jwks.json`,
      }),
      // expect to see our audience in the JWT
      audience: this.apiAudience,
      // and expect a token issued by auth0
      issuer: `https://${this.domain}/`,
      algorithms: ['RS256'],
      credentialsRequired: true,
    });

    this._managementApiExp = null;
    this._managementApi = null;
    this.identityProviderId = 'mozilla-auth0';
github Edgeryders-Participio / realities / api / src / index.js View on Github external
import neo4jDriver from './db/neo4jDriver';
import schema from './graphql/schema';

const { NODE_ENV, PORT } = process.env;
const API_PORT = NODE_ENV && NODE_ENV.includes('prod') ? PORT || 3000 : 3100;
const app = express();

if (!NODE_ENV || NODE_ENV.includes('dev')) {
  app.use(cors());
}

app.use(jwt({
  credentialsRequired: false,
  // Dynamically provide a signing key based on the kid in the header
  // and the singing keys provided by the JWKS endpoint
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: 'https://theborderland.eu.auth0.com/.well-known/jwks.json',
  }),
}));

function getUser(user) {
  if (!user) return null;
  return Object.assign(
    {},
    user,
    {
      email: user['https://realities.theborderland.se/email'],
      role: user['https://realities.theborderland.se/role'],
    },
github IBM / taxinomitis / src / lib / restapi / auth.ts View on Github external
export function generateJwt(payload: object): string {
    return jsonwebtoken.sign(payload, JWT_SECRET, {
        algorithm: 'HS256',
    });
}




/**
 * Auth middleware for all normal users - who are authenticated by Auth0.
 */
const auth0Authenticate = jwt({
    secret : jwksRsa.expressJwtSecret({
        cache : true,
        rateLimit : true,
        jwksRequestsPerMinute : 5,
        jwksUri : 'https://' + authvalues.DOMAIN + '/.well-known/jwks.json',
    }),

    // cf. https://github.com/auth0/express-jwt/issues/171#issuecomment-305876709
    // audience : process.env[env.AUTH0_AUDIENCE],
    aud : authvalues.AUDIENCE,

    issuer : 'https://' + authvalues.CUSTOM_DOMAIN + '/',
    algorithms : [ 'RS256' ],
});
github olymp / olymp / packages / auth / server / index.es6 View on Github external
export default () => {
  const ensureAuth = jwt({
    // Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
    secret: jwksRsa.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
    }),

    // Validate the audience and the issuer.
    audience: process.env.AUTH0_AUDIENCE || 'graphql',
    issuer: process.env.AUTH0_DOMAIN,
    algorithms: ['RS256']
  });

  return [
    ensureAuth,
    (req, res, next) => {
      req.hasScope = hasScope;
github auth0-samples / auth0-angular-samples / 04-Authorization / server.js View on Github external
const app = express();
const jwt = require('express-jwt');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
const cors = require('cors');
require('dotenv').config();

if (!process.env.AUTH0_DOMAIN || !process.env.AUTH0_AUDIENCE) {
  throw 'Make sure you have AUTH0_DOMAIN, and AUTH0_AUDIENCE in your .env file'
}

app.use(cors());

const checkJwt = jwt({
  // Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
  }),

  // Validate the audience and the issuer.
  audience: process.env.AUTH0_AUDIENCE,
  issuer: `https://${process.env.AUTH0_DOMAIN}/`,
  algorithms: ['RS256']
});

const checkScopes = jwtAuthz([ 'read:messages' ]);
const checkScopesAdmin = jwtAuthz([ 'write:messages' ]);

app.get('/api/public', function(req, res) {

jwks-rsa

Library to retrieve RSA public keys from a JWKS endpoint

MIT
Latest version published 1 year ago

Package Health Score

78 / 100
Full package analysis