Skip to content
/ signer Public

Signs and verifies JWTs, both asymmetric and symmetric.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Skn0tt/signer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

109 Commits
api
api
 
 
lib
lib
 
 
.dockerignore
.dockerignore
 
 
Dockerfile
Dockerfile
 
 
OpenAPI.yml
OpenAPI.yml
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Docker Pulls Docker Build Status

signer

This package takes away the burden of dealing with JWT authentication. You can sign a payload and get back a JWT token, which you can then be verified by signer again. signer also supports blocking specific tokens.

The big advantage of JWTs is, that they can be verifed using a public key. These keys can be obtained using signers REST-API, so that the other services can use them, as well.

@skn0tt/signer

yarn add @skn0tt/signer

import Signer from "@skn0tt/signer";

const redisClient = redis.createClient("...");
const signer = await Signer.fromRedis(
  redisClient,
  {
    mode: "asymmetric",
    secretLength: 96,
    tokenExpiry: 300,
    rotationInterval: 300,
    onRotate: () => console.log("Yay, I rotated!")
  }
);

const jwtRepo = signer.getJwtRepository();

const token = await jwtRepo.sign({ uid: "johndoe" });
const payload = await jwtRepo.verify(token);
...

Docker Image

signer is available as a Docker image: skn0tt/signer.

To start a working server, use docker-compose.yml file in this repository. Once it's running, you can use it like so:

Creating a token:

$ curl --data '{ "name": "Tom" }' localhost:3000/tokens/
eyJhbGciOiJSUzI1NiIsInR5 ...

Validating a token:

$ curl -v localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...
{"iat":1532599135} # 200

$ curl -v localhost:3000/tokens/invalidToken
invalid signature # 401

Blocking a token:

$ curl -X DELETE localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...

$ curl -v localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...
Token Blocked # 401

Getting the secrets

$ curl localhost:3000/secrets
{ "old": "----BEGIN RSA...", "current": "----BEGIN RSA..." }

$ curl localhost:3000/secrets/current
----BEGIN RSA PUBLIC KEY----...

$ curl localhost:3000/secrets/old
----BEGIN RSA PUBLIC KEY----...

Forcing a rotate

curl -X POST localhost:3000/secrets

The whole API documentation can be found here: OpenAPI Docs

Configuration

These are the available environment variables for configuration:

REDIS_HOSTNAME: redis # required
REDIS_PORT: 6379
ROTATION_INTERVAL: 3600 # in seconds
SECRETS_KEY: SECRETS # key that secrets are stored in
SECRET_LENGTH: 96
ROTATE_ON_STARTUP: false # triggers a single rotation on startup of the service
ASYMMETRIC_SIGNING: true # can be disabled to use symmetric signing

About

Signs and verifies JWTs, both asymmetric and symmetric.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.3.0 Latest
Jul 26, 2018
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages