Skip to content

Instantly share code, notes, and snippets.

@sjensenihi

sjensenihi/authorizer.js

Created April 30, 2018 15:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sjensenihi/b318885d338f960b439996d94dc8dd90 to your computer and use it in GitHub Desktop.
Save sjensenihi/b318885d338f960b439996d94dc8dd90 to your computer and use it in GitHub Desktop.
Download ZIP
custom authorizer
Raw
authorizer.js
import jwksClient from "jwks-rsa";
import jwt from "jsonwebtoken";
import _ from "lodash";
const jwks = jwksClient({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 10, // Default value
jwksUri: process.env.JWKS_URI
});
export const verifyToken = idToken =>
new Promise((resolve, reject) => {
try {
const { header, payload } = jwt.decode(idToken, { complete: true });
if (!header || !header.kid || !payload) {
reject(new Error("Invalid token."));
}
jwks.getSigningKey(header.kid, (fetchError, key) => {
if (fetchError) {
reject(new Error(`Error getting signing key: ${fetchError.message}`));
}
return jwt.verify(
idToken,
key.publicKey,
{ algorithms: ["RS256"] },
(verificationError, decoded) => {
if (verificationError) {
reject(`Verification error: ${verificationError.message}`);
}
resolve(decoded);
}
);
});
} catch (e) {
reject(new Error("Bad Token"));
}
}).catch(error => {
console.log(error); //Not distinguishing between different types of token rejections
return {};
});
export const formatAuth0User = auth0User => {
if (_.isEmpty(auth0User)) {
return {};
}
return {
role: auth0User["https://www.example.com/userType"],
id: auth0User.sub,
};
};
export const authenticate = async idToken => {
const auth0User = await verifyToken(idToken);
return formatAuth0User(auth0User);
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment