@designo/designauth-verifier
v0.1.2
Published
Small verifier package for DesignAuth-issued tokens.
Readme
@designo/designauth-verifier
Small verifier package for DesignAuth-issued tokens.
Current scope:
- verify DesignAuth access tokens
- verify DesignAuth identity tokens
- verify DesignAuth session cookies
- fetch and cache public keys from DesignAuth certificate endpoints
Example:
import {
createAccessTokenVerifier,
createIdTokenVerifier,
AuthTokenType,
DesignAuthAudience,
} from "@designo/designauth-verifier";
const accessTokenVerifier = createAccessTokenVerifier();
const idTokenVerifier = createIdTokenVerifier();
const accessToken = await accessTokenVerifier.verifyJWT(
token,
DesignAuthAudience.HYPTO_SERVICE,
);
if (accessToken.authTokenType !== AuthTokenType.ACCESS_TOKEN) {
throw new Error("Unexpected token type");
}
const idToken = await idTokenVerifier.verifyJWT(token, "https://idp.designø.com/designo.identity.v1.accounts.designo");You can also bind the expected audience when creating the verifier:
const accessTokenVerifier = createAccessTokenVerifier({
audience: DesignAuthAudience.HYPTO_SERVICE,
});
const accessToken = await accessTokenVerifier.verifyJWT(token);By default, the verifier resolves DesignAuth certificate endpoints from env:
USE_PRODUCTION_AUTH=trueResolution order:
USE_PRODUCTION_AUTH=true->https://accounts.xm--design-gya.comUSE_STAGING_AUTH=true->https://accounts-staging.designø.com- otherwise ->
http://127.0.0.1:8080
You can still override this explicitly per verifier:
const accessTokenVerifier = createAccessTokenVerifier({
certUrl: "https://accounts.designø.com/robot/v1/metadata/x509/securetoken",
audience: DesignAuthAudience.HYPTO_SERVICE,
});For local development from another repo, this package can be consumed with a file: dependency:
{
"dependencies": {
"@designo/designauth-verifier": "file:../DesignAuth/packages/designauth-verifier"
}
}