How to use the jwks-rsa.expressJwtSecret function in jwks-rsa

To help you get started, we’ve selected a few jwks-rsa examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github taskcluster / taskcluster / services / login / src / handlers / mozilla-auth0.js View on Github external
constructor({name, cfg}) {
    let handlerCfg = cfg.handlers[name];
    assert(handlerCfg.domain, `${name}.domain is required`);
    assert(handlerCfg.apiAudience, `${name}.apiAudience is required`);
    assert(handlerCfg.clientId, `${name}.clientId is required`);
    assert(handlerCfg.clientSecret, `${name}.clientSecret is required`);
    _.assign(this, handlerCfg);

    // use express-jwt to validate JWTs against auth0
    this.jwtCheck = expressJwt({
      secret: jwks.expressJwtSecret({
        cache: true,
        rateLimit: true,
        jwksRequestsPerMinute: 5,
        jwksUri: `https://${this.domain}/.well-known/jwks.json`,
      }),
      // expect to see our audience in the JWT
      audience: this.apiAudience,
      // and expect a token issued by auth0
      issuer: `https://${this.domain}/`,
      algorithms: ['RS256'],
      credentialsRequired: true,
    });

    this._managementApiExp = null;
    this._managementApi = null;
    this.identityProviderId = 'mozilla-auth0';
github Edgeryders-Participio / realities / api / src / index.js View on Github external
import neo4jDriver from './db/neo4jDriver';
import schema from './graphql/schema';

const { NODE_ENV, PORT } = process.env;
const API_PORT = NODE_ENV && NODE_ENV.includes('prod') ? PORT || 3000 : 3100;
const app = express();

if (!NODE_ENV || NODE_ENV.includes('dev')) {
  app.use(cors());
}

app.use(jwt({
  credentialsRequired: false,
  // Dynamically provide a signing key based on the kid in the header
  // and the singing keys provided by the JWKS endpoint
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: 'https://theborderland.eu.auth0.com/.well-known/jwks.json',
  }),
}));

function getUser(user) {
  if (!user) return null;
  return Object.assign(
    {},
    user,
    {
      email: user['https://realities.theborderland.se/email'],
      role: user['https://realities.theborderland.se/role'],
    },
github IBM / taxinomitis / src / lib / restapi / auth.ts View on Github external
export function generateJwt(payload: object): string {
    return jsonwebtoken.sign(payload, JWT_SECRET, {
        algorithm: 'HS256',
    });
}




/**
 * Auth middleware for all normal users - who are authenticated by Auth0.
 */
const auth0Authenticate = jwt({
    secret : jwksRsa.expressJwtSecret({
        cache : true,
        rateLimit : true,
        jwksRequestsPerMinute : 5,
        jwksUri : 'https://' + authvalues.DOMAIN + '/.well-known/jwks.json',
    }),

    // cf. https://github.com/auth0/express-jwt/issues/171#issuecomment-305876709
    // audience : process.env[env.AUTH0_AUDIENCE],
    aud : authvalues.AUDIENCE,

    issuer : 'https://' + authvalues.CUSTOM_DOMAIN + '/',
    algorithms : [ 'RS256' ],
});
github olymp / olymp / packages / auth / server / index.es6 View on Github external
export default () => {
  const ensureAuth = jwt({
    // Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
    secret: jwksRsa.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
    }),

    // Validate the audience and the issuer.
    audience: process.env.AUTH0_AUDIENCE || 'graphql',
    issuer: process.env.AUTH0_DOMAIN,
    algorithms: ['RS256']
  });

  return [
    ensureAuth,
    (req, res, next) => {
      req.hasScope = hasScope;
github auth0-samples / auth0-angular-samples / 04-Authorization / server.js View on Github external
const app = express();
const jwt = require('express-jwt');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
const cors = require('cors');
require('dotenv').config();

if (!process.env.AUTH0_DOMAIN || !process.env.AUTH0_AUDIENCE) {
  throw 'Make sure you have AUTH0_DOMAIN, and AUTH0_AUDIENCE in your .env file'
}

app.use(cors());

const checkJwt = jwt({
  // Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
  }),

  // Validate the audience and the issuer.
  audience: process.env.AUTH0_AUDIENCE,
  issuer: `https://${process.env.AUTH0_DOMAIN}/`,
  algorithms: ['RS256']
});

const checkScopes = jwtAuthz([ 'read:messages' ]);
const checkScopesAdmin = jwtAuthz([ 'write:messages' ]);

app.get('/api/public', function(req, res) {
github jven / studyopenings / src / server / endpointregistry.ts View on Github external
private static checkIsPrivelegedUser_(
      request: Request, response: Response, next: () => void): void {
    if (!isPrivelegedUser(request.user.sub)) {
      response
          .status(403)
          .send('Only priveleged users can do this.');
      return;
    }

    next();
  }
}

const AUTH0_DOMAIN = 'studyopenings.auth0.com';
const checkJwt = jwt({
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${AUTH0_DOMAIN}/.well-known/jwks.json`
  }),
  audience: 'studyopenings-api',
  issuer: `https://${AUTH0_DOMAIN}/`,
  algorithms: ['RS256']
});
github auth0-samples / auth0-react-samples / 02-Calling-an-API / server.js View on Github external
const app = express();

const port = process.env.SERVER_PORT || 3001;

if (!authConfig.domain || !authConfig.audience) {
  throw new Error(
    "Please make sure that auth_config.json is in place and populated"
  );
}

app.use(morgan("dev"));
app.use(helmet());
app.use(express.static(join(__dirname, "build")));

const checkJwt = jwt({
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
  }),

  audience: authConfig.audience,
  issuer: `https://${authConfig.domain}/`,
  algorithm: ["RS256"]
});

app.get("/api/external", checkJwt, (req, res) => {
  res.send({
    msg: "Your access token was successfully validated!"
  });
});
github auth0-samples / auth0-vue-samples / 03-Calling-an-API / web-server.js View on Github external
const { join } = require("path");
const authConfig = require("./auth_config.json");

const app = express();

if (!authConfig.domain || !authConfig.audience) {
  throw "Please make sure that auth_config.json is in place and populated";
}

app.use(morgan("dev"));
app.use(helmet());
app.use(cors());
app.use(express.static(join(__dirname, "dist")));

const checkJwt = jwt({
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
  }),

  audience: authConfig.audience,
  issuer: `https://${authConfig.domain}/`,
  algorithm: ["RS256"]
});

app.get("/api/external", checkJwt, (req, res) => {
  res.send({
    msg: "Your access token was successfully validated!"
  });
});
github NERC-CEH / datalab / code / workspaces / client-api / src / auth / authServiceClient.js View on Github external
function jwksVerifyConfig() {
  return {
    secret: jwksRsa.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 10,
      jwksUri: JWKS_URL,
    }),
    audience: config.get('authorisationAudience'),
    issuer: config.get('authorisationIssuer'),
    algorithms: ['RS256'],
  };
}

jwks-rsa

Library to retrieve RSA public keys from a JWKS endpoint

MIT
Latest version published 1 year ago

Package Health Score

78 / 100
Full package analysis