How to use the jwks-rsa.expressJwtSecret function in jwks-rsa
To help you get started, we’ve selected a few jwks-rsa examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
taskcluster / taskcluster / services / login / src / handlers / mozilla-auth0.js View on Github 
constructor({name, cfg}) {
let handlerCfg = cfg.handlers[name];
assert(handlerCfg.domain, `${name}.domain is required`);
assert(handlerCfg.apiAudience, `${name}.apiAudience is required`);
assert(handlerCfg.clientId, `${name}.clientId is required`);
assert(handlerCfg.clientSecret, `${name}.clientSecret is required`);
_.assign(this, handlerCfg);
// use express-jwt to validate JWTs against auth0
this.jwtCheck = expressJwt({
secret: jwks.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${this.domain}/.well-known/jwks.json`,
}),
// expect to see our audience in the JWT
audience: this.apiAudience,
// and expect a token issued by auth0
issuer: `https://${this.domain}/`,
algorithms: ['RS256'],
credentialsRequired: true,
});
this._managementApiExp = null;
this._managementApi = null;
this.identityProviderId = 'mozilla-auth0';import neo4jDriver from './db/neo4jDriver';
import schema from './graphql/schema';
const { NODE_ENV, PORT } = process.env;
const API_PORT = NODE_ENV && NODE_ENV.includes('prod') ? PORT || 3000 : 3100;
const app = express();
if (!NODE_ENV || NODE_ENV.includes('dev')) {
app.use(cors());
}
app.use(jwt({
credentialsRequired: false,
// Dynamically provide a signing key based on the kid in the header
// and the singing keys provided by the JWKS endpoint
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: 'https://theborderland.eu.auth0.com/.well-known/jwks.json',
}),
}));
function getUser(user) {
if (!user) return null;
return Object.assign(
{},
user,
{
email: user['https://realities.theborderland.se/email'],
role: user['https://realities.theborderland.se/role'],
},export function generateJwt(payload: object): string {
return jsonwebtoken.sign(payload, JWT_SECRET, {
algorithm: 'HS256',
});
}
/**
* Auth middleware for all normal users - who are authenticated by Auth0.
*/
const auth0Authenticate = jwt({
secret : jwksRsa.expressJwtSecret({
cache : true,
rateLimit : true,
jwksRequestsPerMinute : 5,
jwksUri : 'https://' + authvalues.DOMAIN + '/.well-known/jwks.json',
}),
// cf. https://github.com/auth0/express-jwt/issues/171#issuecomment-305876709
// audience : process.env[env.AUTH0_AUDIENCE],
aud : authvalues.AUDIENCE,
issuer : 'https://' + authvalues.CUSTOM_DOMAIN + '/',
algorithms : [ 'RS256' ],
});export default () => {
const ensureAuth = jwt({
// Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE || 'graphql',
issuer: process.env.AUTH0_DOMAIN,
algorithms: ['RS256']
});
return [
ensureAuth,
(req, res, next) => {
req.hasScope = hasScope;const app = express();
const jwt = require('express-jwt');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
const cors = require('cors');
require('dotenv').config();
if (!process.env.AUTH0_DOMAIN || !process.env.AUTH0_AUDIENCE) {
throw 'Make sure you have AUTH0_DOMAIN, and AUTH0_AUDIENCE in your .env file'
}
app.use(cors());
const checkJwt = jwt({
// Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE,
issuer: `https://${process.env.AUTH0_DOMAIN}/`,
algorithms: ['RS256']
});
const checkScopes = jwtAuthz([ 'read:messages' ]);
const checkScopesAdmin = jwtAuthz([ 'write:messages' ]);
app.get('/api/public', function(req, res) {private static checkIsPrivelegedUser_(
request: Request, response: Response, next: () => void): void {
if (!isPrivelegedUser(request.user.sub)) {
response
.status(403)
.send('Only priveleged users can do this.');
return;
}
next();
}
}
const AUTH0_DOMAIN = 'studyopenings.auth0.com';
const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${AUTH0_DOMAIN}/.well-known/jwks.json`
}),
audience: 'studyopenings-api',
issuer: `https://${AUTH0_DOMAIN}/`,
algorithms: ['RS256']
});const app = express();
const port = process.env.SERVER_PORT || 3001;
if (!authConfig.domain || !authConfig.audience) {
throw new Error(
"Please make sure that auth_config.json is in place and populated"
);
}
app.use(morgan("dev"));
app.use(helmet());
app.use(express.static(join(__dirname, "build")));
const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
}),
audience: authConfig.audience,
issuer: `https://${authConfig.domain}/`,
algorithm: ["RS256"]
});
app.get("/api/external", checkJwt, (req, res) => {
res.send({
msg: "Your access token was successfully validated!"
});
});const { join } = require("path");
const authConfig = require("./auth_config.json");
const app = express();
if (!authConfig.domain || !authConfig.audience) {
throw "Please make sure that auth_config.json is in place and populated";
}
app.use(morgan("dev"));
app.use(helmet());
app.use(cors());
app.use(express.static(join(__dirname, "dist")));
const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
}),
audience: authConfig.audience,
issuer: `https://${authConfig.domain}/`,
algorithm: ["RS256"]
});
app.get("/api/external", checkJwt, (req, res) => {
res.send({
msg: "Your access token was successfully validated!"
});
});function jwksVerifyConfig() {
return {
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 10,
jwksUri: JWKS_URL,
}),
audience: config.get('authorisationAudience'),
issuer: config.get('authorisationIssuer'),
algorithms: ['RS256'],
};
}jwks-rsa
Library to retrieve RSA public keys from a JWKS endpoint
