Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Secure REST API - Detect permissions & user making the call
import jwt = require('jsonwebtoken');
const aadKey: string = // aad public key used to sign oauth access token
try {
const authorizationHeader: string = req.headers.authorization;
// decode the token using the AzureAD public signing key
const decodedToken = (jwt.verify(authorizationHeader.replace('Bearer ','')) as any), aadKey);
const scopes: string = (decodedToken.scp as string)
// check for read / write ops
hasMissionReadScope = (scopes.indexOf('Mission.Read') >= 0);
hasMissionWriteScope = (scopes.indexOf('Mission.Write') >= 0);
// check if it's specific user
isUser = (decodedToken.upn.indexOf('') !== -1);
isValidRequest = true;
} catch (err) {
isValidRequest = false;
// <snip> .. throw error responses based on exception from "jsonwebtoken"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.