npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

apigee-tokens

v1.0.1

Published

Promised based functions to create Apigee multi-factor auth tokens and OAuth tokens. Used to access Apigee API Management APIs.

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tripotttripott

Keywords

Apigee MFA 2FA API Management OAuth

Readme

apigee-tokens

npm version Licence MIT Open Issues

Promised based functions to create Apigee multi-factor auth tokens and OAuth tokens. Used to access Apigee API Management APIs which are used to automate deployment of API proxies, products, etc. to the Apigee Edge platform.

Setup

  • Clone and install dependencies

    git clone https://github.com/tripott/apigee-tokens.git
cd apigee-tokens
npm install

Environment variables

  • Copy sample-env as .env.
  • Supply values for the following environment variables:
    • SHARED_SECRET - See Obtaining a Shared Secret section below.
    • EDGE_USER_EMAIL - Your Apigee user account email address
    • EDGE_USER_PWD - Your Apigee user account password.

Keep the environment variables safe! Do not share in source code control.

Usage

require("dotenv").config();
const { getTokens, getMFAToken } = require("apigee-tokens");

getMFAToken({ secret: process.env.SHARED_SECRET })
  .then(mfaToken =>
    getTokens({
      mfaToken,
      email: process.env.EDGE_USER_EMAIL,
      pwd: process.env.EDGE_USER_PWD
    })
  )
  .then(({ access_token }) => {
    console.log({ access_token });
  });

Overview

You can use Apigee Edge RESTful management APIs to create, configure, and manage API proxies and API products, policies for logic in your API proxies, apps and app developers, and caches.

Calls to the Apigee Edge Management API require authentication so that Apigee can be sure that you are who you say you are.

Calls require credentials with the appropriate rights, such as an organization administrator or similar account used for continuous integration and continuous delivery (CI/CD).

Two-Factor Authentication is also referred to as 2FA and is sometimes called generically as MFA (Multi-Factor Authentication) or simply OTP (One Time Password).

Apigee recommends that you enable 2-factor authentication for your Apigee account. When 2-factor authentication is enabled, you get a randomly generated number from Apigee and send it along with your credentials.

MFA provides an additional layer of security to access Apigee Edge. The MFA uses here is based on the TOTP (Time-based One Time Password) algorithm commonly setup using the Google Authenticator mobile app.

When Multi-Factor Authentication is enabled for an Apigee login, Apigee Edge Management API access is also protected using Two-Factor Authentication. Ouch!

apigee-tokens is concerned with using OAuth2 to exchange your Edge Basic Auth credentials and an Multi-Factor Authentication (MFA) Token for an OAuth2 access token and refresh token. Once you have an access token, you can make calls to the Edge management API by passing the access token in the API call.

The lib folder contains 2 promised-based helper libraries to help with obtaining a Multi-Factor Authentication (MFA) Token (mfatoken.js) and an OAuth2 token (edge-oauth-tokens.js). The test folder contains examples to demonstrate usage of obtaining an MFA Token and OAuth2 token.

Obtaining a Shared Secret

Before you can generate an MFA token, you need a shared secret from Apigee. To obtain the value for the SHARED_SECRET environment variable you must Extract the Shared Secret for your Apigee Edge organization admin account as part of the Apigee multi factor auth setup process. The code in this repo, reads a shared secret from the SHARED_SECRET environment variable.

Keep the SHARED_SECRET environment variable value safe!

Auth High Level Steps

  1. Get a shared secret. Details in Obtaining a Shared Secret.
  2. Use getMFAToken function to generate a Multi-Factor Token.
  3. Use the Multi-Factor Token and your Edge email and password in a call getEdgeOAuth2Tokens function to generate an OAuth2 access token.
  4. Sign requests to the API Edge Management API with the access token.

Prerequisites

If you are unfamiliar, read up on using OAuth2 to access the Apigee Management API.

mfatoken.js

\lib\mfatoken.js is a promise-based library to generate an Multi-Factor Authentication (MFA) Token that represents the token you typically obtain during a manual MFA workflow using something like the Google Authenticator mobile app. In short, use this library to get a randomly generated number from Apigee. You'll send this MFA Token along with your email and password credentials when it's time to get an OAuth2 token. If your Apigee Edge account that you plan to use for CI automation for the Apigee Edge Management API is protected with MFA, then you will benefit from this library.

It is based on the mfatoken.js code within the apigee-edge-maven-plugin repo. I simply "promisified" it.

Test

npm test

or for more signal, run tests in verbose mode:

npm run testV

Build

npm run build

Prepublish

Run prepublish before you publish to npm. prepublish will run lint, prettier and the build process.

npm run prepublish