Skip to content

Skn0tt/signer

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
api
 
 
lib
 
 
 
 
 
 
 
 

Docker Pulls Docker Build Status

signer

This package takes away the burden of dealing with JWT authentication. You can sign a payload and get back a JWT token, which you can then be verified by signer again. signer also supports blocking specific tokens.

The big advantage of JWTs is, that they can be verifed using a public key. These keys can be obtained using signers REST-API, so that the other services can use them, as well.

@skn0tt/signer

yarn add @skn0tt/signer
import Signer from "@skn0tt/signer";

const redisClient = redis.createClient("...");
const signer = await Signer.fromRedis(
  redisClient,
  {
    mode: "asymmetric",
    secretLength: 96,
    tokenExpiry: 300,
    rotationInterval: 300,
    onRotate: () => console.log("Yay, I rotated!")
  }
);

const jwtRepo = signer.getJwtRepository();

const token = await jwtRepo.sign({ uid: "johndoe" });
const payload = await jwtRepo.verify(token);
...

Docker Image

signer is available as a Docker image: skn0tt/signer.

To start a working server, use docker-compose.yml file in this repository. Once it's running, you can use it like so:

Creating a token:

$ curl --data '{ "name": "Tom" }' localhost:3000/tokens/
eyJhbGciOiJSUzI1NiIsInR5 ...

Validating a token:

$ curl -v localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...
{"iat":1532599135} # 200

$ curl -v localhost:3000/tokens/invalidToken
invalid signature # 401

Blocking a token:

$ curl -X DELETE localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...

$ curl -v localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...
Token Blocked # 401

Getting the secrets

$ curl localhost:3000/secrets
{ "old": "----BEGIN RSA...", "current": "----BEGIN RSA..." }

$ curl localhost:3000/secrets/current
----BEGIN RSA PUBLIC KEY----...

$ curl localhost:3000/secrets/old
----BEGIN RSA PUBLIC KEY----...

Forcing a rotate

curl -X POST localhost:3000/secrets

The whole API documentation can be found here: OpenAPI Docs

Configuration

These are the available environment variables for configuration:

REDIS_HOSTNAME: redis # required
REDIS_PORT: 6379
ROTATION_INTERVAL: 3600 # in seconds
SECRETS_KEY: SECRETS # key that secrets are stored in
SECRET_LENGTH: 96
ROTATE_ON_STARTUP: false # triggers a single rotation on startup of the service
ASYMMETRIC_SIGNING: true # can be disabled to use symmetric signing

About

Signs and verifies JWTs, both asymmetric and symmetric.

Resources

Stars

Watchers

Forks

Packages

No packages published