/ah-jwtauth-plugin

ActionHero plugin to add bare bone JSON Web Token (JWT) support

Primary LanguageJavaScript

ah-jwtauth2-plugin

Uses auth0 node-jsonwebtoken to allow token authentication of actions, It is a really slimmed down version of panjiesw's plugin over at https://github.com/panjiesw/ah-auth-plugin as I didn't want to make the assumptions around users and email systems. The original was developed by https://github.com/lookaflyingdonkey/ah-jwtauth-plugin and forked because of missing maintenance.

Installation

npm install ah-jwtauth2-plugin --save

Add the ah-jwtauth2-plugin plugin to your ActionHero config/plugins.js:

exports['default'] = {
  general: function(api)
  {
    return {
      plugins: [
        'ah-jwtauth2-plugin'
      ]
    };
  }
};

Usage

This plugin will check your action templates for a property called authenticate, if it exists and is true it will then require that a "Authorization" header has been sent with the request holding a valid JSON Web Token. I make use of the node-jsonwebtoken module (https://github.com/auth0/node-jsonwebtoken) to generate and validate the tokens.
The value of the header must start with Token to be picked up.

An example header would be:

Authorization: Token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpZCI6MTIzNCwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIiwiaWF0IjoxNDQ1Mjc2NDYyfQ.vB5yV2PGOj1oVIsqDDU7uWlkrf--a1TX2EtsqSDkjqyCGzho1rYO-AQgsDxsKcf5rocmeAx_4Jq4A3wHff2euQ

Test it with curl:

curl http://localhost:8080/yourAction --header "Authorization: Token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpZCI6MTIzNCwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIiwiaWF0IjoxNDQ1Mjc2NDYyfQ.vB5yV2PGOj1oVIsqDDU7uWlkrf--a1TX2EtsqSDkjqyCGzho1rYO-AQgsDxsKcf5rocmeAx_4Jq4A3wHff2euQ"

Token data sent via Authorization Headers will be provided in your action within data.connection._jwtTokenData:

[…]
run: function(api, data, next) {
    data.response.tokenData = data.connection._jwtTokenData;
[…]

Tests can be done with mockHeaders when running actions:

[…]
var connection = new api.specHelper.connection();
connection.mockHeaders = {
    authorization: "Token " + token
};
connection.params = {};

api.specHelper.runAction('<ACTION>', connection, function(response) {
[…]

Settings

Generate a token

You need to generate a token once a user has successfully authenticated against your API, this could be by signing in with a username/password or you could simply generate them through a CMS, print them out and post them to your users ;-)

api.jwtauth.generateToken({id: 1234, email: 'test@example.com'}, function(token) {

  // token will hold the generated token
  data.response.token = token;
  next();

}, function(err) {

  // An error occured generating a token
  data.error = err;
  next();

});

You can also add options like expiry time:

// token expires in 60s
api.jwtauth.generateToken({id: 1234, email: 'test@example.com'}, {expiresIn: "60s"}, function(token) {

  // token will hold the generated token
  data.response.token = token;
  next();

}, function(err) {

  // An error occured generating a token
  data.error = err;
  next();

});

Options are:

  • expiresIn: expressed in seconds or an string describing a time span rauchg/ms. Eg: 60, "2 days", "10h", "7d"
  • audience
  • subject
  • issuer
  • noTimestamp
  • headers

I would suggest not storing a huge amount of information in them as it will just mean more data transferred per request, but you can put some identifying info like email, name, etc. The beauty of this is that you don't need to hit the database every time to authenticate a user.

Validate a token

While the plugin will automatically validate a token and put it on the connection object for you as connection.user, you can also validate the tokens yourself like below.

api.jwtauth.processToken("abce1234==", function(data) {

  // Valid data, lets set it and continue
  console.log(data);

}, function(err) {

  console.log('Error', err);

});

If you want to skip processing (and validation) a token set the actions property ignoreJWT to true.