@knymbus/sygnet
v1.0.6
Published
**Sygnet** is a secure, server-to-server (M2M) authentication library for Node.js/Express. It uses rotating, one-time-use JWTs to ensure every request between your microservices is uniquely signed and verified.
Readme
🖋️ Sygnet
Sygnet is a secure, server-to-server (M2M) authentication library for Node.js/Express. It uses rotating, one-time-use JWTs to ensure every request between your microservices is uniquely signed and verified.
Features
- One-Time Use Tokens: Every request "burns" the current token and provides a fresh one in the response headers.
- Injected DB Logic: Developers pass a
saveClientfunction to store registration data in their DB of choice. - Identity Persistence: Consumers save their identity locally to survive restarts.
- Automatic Re-sync: If a token chain breaks, the consumer automatically refreshes using a pre-shared secret.
Service Setup (The Provider)
When initializing the Service, you must provide your database logic for both retrieving and saving client information.
import { SygnetService } from '@knymbus/Sygnet';
import { myDb } from './database'; // Your DB client
const sygnet = new SygnetService({
jwtSecret: process.env.JWT_SECRET,
// Method to fetch secret from your choice of DB
getClientSecret: async (id) => {
const client = await myDb.query('SELECT secret FROM clients WHERE id = $1', [id]);
return client.rows[0]?.secret || null;
},
// Method to save new client during registration
saveClient: async (id, secret, metadata) => {
await myDb.query(
'INSERT INTO clients (id, secret, metadata) VALUES ($1, $2, $3)',
[id, secret, JSON.stringify(metadata)]
);
},
whitelist: ['/health', /^\/public\/.*/]
});
app.post('/register', sygnet.register);
app.post('/refresh', sygnet.refresh);
app.use(sygnet.authorize);Consumer Setup (The Client)
The Consumer handles its own registration and token rotation.
import { SygnetConsumer } from '@knymbus/Sygnet';
const client = new SygnetConsumer({
serviceUrl: 'http://auth-service:3000',
consumerId: 'billing-app',
clientSecret: 'secure-shared-key',
metadata: { version: '1.0.0', app_version: 2 }
});
await client.init(); // Handles /register or /refresh automatically
const data = await client.request('GET', '/api/v1/secure-endpoint');