search

krypton-org / krypton-auth

Express authentication middleware, using GraphQL and JSON Web Tokens.
https://krypton-org.github.io/krypton-auth
MIT License
9 stars 0 forks source link

Implement JSON Web Key Set endpoints #51

Closed maxmouchet closed 4 years ago

maxmouchet commented 4 years ago

https://blog.angular-university.io/angular-jwt/ https://auth0.com/docs/tokens/concepts/jwks https://auth0.com/docs/tokens/guides/locate-jwks

maxmouchet commented 4 years ago

https://github.com/auth0/node-jwks-rsa/tree/master/examples/express-demo

jrebecchi commented 4 years ago

If Krypton is set directly in express like below: 

app.use(kryptonAuth());

The JSON Web Key Set endpoints are available at http://the-adress-of-krypton/.well-known/jwks.json.

If Krypton is set after a subroute in express like below: 

app.use('auth', kryptonAuth());

The JSON Web Key Set endpoints are available at http://the-adress-of-krypton/auth/.well-known/jwks.json.

With that, you can easily verify the JWTs emitted by Krypton and set the decoded user data inside req.user using with jwks-rsa : 

app.use(jwt({
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 150,
    jwksUri: 'http://localhost:' + PORT + '/.well-known/jwks.json'
  }),
  algorithms: ['RS256']
}));

This example suppose that your client has included inside the HTTP authorization header the JWT as a bearer token.