Class: JWTAuthenticator

x2node-ws-auth-jwt~ JWTAuthenticator

JWT authenticator.

new JWTAuthenticator(actorsRegistry, secretOrKey [, claimsTest] [, actorHandleClaim])

Create new authenticator.
Parameters:
Name Type Argument Description
actorsRegistry module:x2node-ws.ActorsRegistry Actors registry.
secretOrKey string | external:Buffer | function Secret or public key used to verify the JWT signature. If function, the function receives decoded JWT object as its only argument and returns the key (string or buffer) or a promise of it.
claimsTest Object <optional>
Optional additional tests for the JWT claims set. Each object element has the name of the tested claim (e.g. "iss", "aud", "hd", etc.) and the value can be a function, which gets the claim value as its first argument and the whole claims set object as the second argument and returns true if valid and false if invalid, a RegExp object for a valid claim value, or a value (string, number, etc.) to perform simple equivalency test. If the claim "aud" and the claim value in the JWT is an array, the claim test will succeed if any value in the array passes the specified claim test. Note, that token "nbf" and "exp" are always automatically tested.
actorHandleClaim string <optional>
Claim to use as the actor handle in the actor registry lookup. By default, "sub" claim is used.
Implements:

Methods


<static> jwksKey(jwksUri)

Create key provider function for the authenticator that reads the keys from a JWK Set (see RFC 7517).
Parameters:
Name Type Description
jwksUri string The JWK Set URI. Usually available as "jkws_uri" property in the OpenID Connect discovery document.
Returns:
Keys provider function that can be used as the secretOrKey argument to the authenticator constructor.
Type
function

addResponseHeaders(call, response)

If present on the authenticator, called before sending HTTP response to give the authenticator a chance to add any authenticator-specific headers to the response.
Parameters:
Name Type Description
call module:x2node-ws~ServiceCall The call.
response module:x2node-ws~ServiceResponse The response.
Implements:

authenticate(call)

Authenticate the call.
Parameters:
Name Type Description
call module:x2node-ws~ServiceCall The call.
Implements:
Returns:
Authenticated actor, null if could not authenticate, or a Promise of the above.
Type
module:x2node-common.Actor | Promise.<module:x2node-common.Actor>