Skip to content

Latest commit

 

History

History
56 lines (45 loc) · 2.87 KB

readme.md

File metadata and controls

56 lines (45 loc) · 2.87 KB

oidc-jwks-verify

Coverage Status npm version

Code inspired from express-oidc-jwks-verify. The reason why this project exists was for my project that needed to connect and validate the JWT token without using the express library.

Scenario

  1. Server is having a Validation Key to validate the user tokens (AddValidationKey in IdentityServer)
  2. The client want to validate the token against the server (basically a key check)
  3. We validate the id_token and then consider the user really authenticated

Installation [Not yet deployed as a npm package]

The installation is simple:

npm install oidc-jwks-verify

Usage

Example in typescript:

import { VerifyOidc, VerifyStatusCode } from 'oidc-jwks-verify'
let oidcValidator = new VerifyOidc({ issuer: `http://localhost:5000` })

// Somewhere in your code
oidcValidator.verify(accessToken).then((result: VerifyStatusCode) => {
  // Result returns [Authorized|Unauthorized|Unknown] (Unknown should never happen)
  console.log(result)
})

When building locally

$ npm install
$ npm run build
$ # Now a folder called lib will be available.

Build Dependencies

Package: x509

Running tests?

npm run test

Some tests might fail since you need to update the token to be validated. The default max-age for the token is 30 minutes. If you want to create a new token, please create a certificate (pfx) add it to your identity server and then get the well known data and update the mock. I can't fake the x509 validation process. I would say, that at this moment I don't know how to mock it.

Side note

While working on this OIDC validator, I found also an another interesting project called Oidc. It might be worth for some people depending on their needs. The idea is similar.

License

MIT (Enjoy)