Skip to content

Commit

Permalink
Enable version 2 service client tokens.
Browse files Browse the repository at this point in the history
  • Loading branch information
@wparad
wparad committed Feb 18, 2021
1 parent 7cb91a5 commit f34d0c4
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 5 deletions.
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
},
"dependencies": {
"axios": "^0.21",
"jose": "^3.6.2",
"jsonwebtoken": "^8.5",
"jwk-to-pem": "^2.0.4"
},
Expand Down Expand Up @@ -58,6 +59,6 @@
},
"homepage": "https://authress.io",
"engines": {
"node": ">=10.12"
"node": ">=11.6"
}
}
28 changes: 24 additions & 4 deletions src/serviceClientTokenProvider.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
const jwtManager = require('jsonwebtoken');
const { default: JwtSigner } = require('jose/dist/node/cjs/jwt/sign');
const { createPrivateKey } = require('crypto');

module.exports = function(accessKey) {
return async () => {
Expand All @@ -8,7 +10,18 @@ module.exports = function(accessKey) {

const accessKeyBuffer = Buffer.from(accessKey, 'base64');
const accessKeyString = accessKeyBuffer.toString('base64') === accessKey ? accessKeyBuffer.toString('utf8') : accessKey;
const decodedAccessKey = JSON.parse(accessKeyString.trim());
let decodedAccessKey;
let alg = 'RS256';
try {
decodedAccessKey = JSON.parse(accessKeyString.trim());
} catch (error) {
alg = 'EdDSA';
decodedAccessKey = {
clientId: accessKey.split('.')[0], keyId: accessKey.split('.')[1],
audience: `${accessKey.split('.')[2]}.accounts.authress.io`, privateKey: accessKey.split('.')[3]
};
}

const now = Math.round(Date.now() / 1000);
const jwt = {
aud: decodedAccessKey.audience,
Expand All @@ -19,9 +32,16 @@ module.exports = function(accessKey) {
exp: now + 60 * 60 * 24,
scope: 'openid'
};
const options = { algorithm: 'RS256', keyid: decodedAccessKey.keyId };
const token = await jwtManager.sign(jwt, decodedAccessKey.privateKey, options);
this.cachedKeyData = { token, expires: jwt.exp * 1000 };

if (alg === 'RS256') {
const options = { algorithm: 'RS256', keyid: decodedAccessKey.keyId };
const token = await jwtManager.sign(jwt, decodedAccessKey.privateKey, options);
this.cachedKeyData = { token, expires: jwt.exp * 1000 };
return token;
}

const importedKey = createPrivateKey({ key: Buffer.from(decodedAccessKey.privateKey, 'base64'), format: 'der', type: 'pkcs8' });
const token = await new JwtSigner(jwt).setProtectedHeader({ alg: 'EdDSA', kid: decodedAccessKey.keyId }).sign(importedKey);
return token;
};
};
5 changes: 5 additions & 0 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1109,6 +1109,11 @@ isexe@^2.0.0:
resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
integrity sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=

jose@^3.6.2:
version "3.6.2"
resolved "https://registry.yarnpkg.com/jose/-/jose-3.6.2.tgz#e35ebe187306c14a0633b33b277a1550a3a947ee"
integrity sha512-JzqHr6UqydWv25HwLzRdBJgMetiPkDBE/WJSyJjhNwN3+GmcHu4yoUgRle0NNViCdfAYMf9DuOG8o+mUW/DXdg==

js-tokens@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
Expand Down

0 comments on commit f34d0c4

Please sign in to comment.