diff --git a/README.md b/README.md index 9a7d90d..2820499 100644 --- a/README.md +++ b/README.md @@ -40,22 +40,14 @@ const handler = req => ## Options -`authentic` accepts a JSON object of options that will be passed to the underlying libraries responsibile for validation. +`authentic` accepts a JSON object with the following options: -Besides the `issWhitelist` prop, any other options passed will be forwarded to `jwt.verify()` for validation and parsing. [See the list of available options here.](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) +* `jwks` Object: options to forward to [`node-jwks-rsa`](https://github.com/auth0/node-jwks-rsa) with the following defaults: -Options passed in under the prop `jwks` will be passed to `node-jwks-rsa`. -We have set defaults for 2 values from `jwks`. - -``` -{ - jwks: { - cache: true, // default from authentic - rateLimit: true, // default from authentic - }, - issWhitelist: JSON.parse(process.env.ISS_WHITELIST) -} -``` - -Available options to set for `node-jwks-rsa` can be found here. [See the list of available options here.](https://github.com/auth0/node-jwks-rsa) +| option | default | +| ----------- | ------- | +| `cache` | `true` | +| `rateLimit` | `true` | +* `verify` Object: options to forward to `jwt.verify` from [`jsonwebtoken`](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) +* `issWhitelist` Array: list of trusted OIDC issuers diff --git a/index.js b/index.js index 490c10a..ee0df54 100644 --- a/index.js +++ b/index.js @@ -4,7 +4,7 @@ const jwks = require('jwks-rsa') const jwt = require('jsonwebtoken') const { - applyTo: thrush, compose, composeP, curryN, omit, merge, + applyTo: thrush, compose, composeP, curryN, merge, mergeDeepRight, partialRight, prop, replace } = require('ramda') @@ -39,10 +39,12 @@ const unauthorized = err => const jwksOptsDefaults = { jwks: { cache: true, rateLimit: true } } const factory = options => { - const clients = {} - const opts = mergeDeepRight(jwksOptsDefaults, options) - const verifyOpts = omit([ 'issWhitelist', 'jwks' ], opts) - const jwksOpts = prop('jwks', opts) + const clients = {} + const opts = mergeDeepRight(jwksOptsDefaults, options) + const { + verify: verifyOpts = {}, + jwks: jwksOpts = {} + } = opts const cacheClient = iss => client => clients[iss] = client diff --git a/test/index.js b/test/index.js index e2ad6d1..4ca5d18 100644 --- a/test/index.js +++ b/test/index.js @@ -13,7 +13,7 @@ const lowerBearerToken = 'bearer ' + token const { issuer } = oidc const authentic = require('..')({ - ignoreExpiration: true, + verify: { ignoreExpiration: true }, issWhitelist: [ issuer ], })