Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #53 from icapps/feature/AE-1987-sso-authentication
feature/AE-1987-sso-authentication
- Loading branch information
Showing
9 changed files
with
4,082 additions
and
2,470 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,6 @@ | |
language: node_js | ||
|
||
node_js: | ||
- "8" | ||
- "10" | ||
- "12" | ||
|
||
|
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
import { Issuer } from 'openid-client'; | ||
import jwksClient = require('jwks-rsa'); | ||
import { Algorithm } from 'jsonwebtoken'; | ||
|
||
import { verifyJwt, decodeJwt } from './jwt-authentication'; | ||
|
||
/** | ||
* Authenticate whether the provided SSO token is valid | ||
* @param {String} token | ||
* @returns {Object} | ||
*/ | ||
export async function authenticateSso(token: string): Promise<{}> { | ||
if (token === '') throw new Error('SSO token is empty.'); | ||
|
||
const { header, payload } = decodeJwt(token, { complete: true }) as CompleteJWTToken; | ||
const { metadata } = await Issuer.discover(payload.iss); | ||
|
||
const secret = await getKey(metadata.jwks_uri, header.kid); | ||
|
||
const options = { | ||
issuer: payload.iss, | ||
algorithm: header.alg, | ||
aud: payload.aud, | ||
expiresIn: payload.exp, | ||
}; | ||
|
||
return verifyJwt(token, secret, options); | ||
} | ||
|
||
/** | ||
* Get key from a JSON Web Key Set endpoint | ||
* @param {String} jwksUri | ||
* @param {String} token | ||
* @returns {String} | ||
*/ | ||
export async function getKey(jwksUri: string, token: string): Promise<string> { | ||
const client = jwksClient({ | ||
jwksUri, | ||
}); | ||
|
||
return new Promise((resolve, reject) => { | ||
client.getSigningKey(token, (error, key: any) => { | ||
if (error) return reject(error); | ||
|
||
const signingKey = key.rsaPublicKey || key.publicKey; | ||
return resolve(signingKey); | ||
}); | ||
}); | ||
} | ||
|
||
interface CompleteJWTToken { | ||
header: { | ||
typ: string, | ||
kid: string, | ||
alg: Algorithm, | ||
}; | ||
payload: { | ||
sub: string, | ||
iss: string, | ||
tokenName: string, | ||
nonce: string, | ||
aud: string, | ||
azp: string, | ||
auth_time: number, | ||
realm: string, | ||
exp: number, | ||
tokenType: string, | ||
iat: number, | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
import { Algorithm } from 'jsonwebtoken'; | ||
import jwksClient = require('jwks-rsa'); | ||
|
||
import { createJwt, getKey } from '../src'; | ||
|
||
const validJwtConfiguration = { | ||
algorithm: 'HS256' as Algorithm, | ||
expiresIn: '10m', | ||
audience: 'TREEHOUSE-AUTH', | ||
issuer: 'https://test.com/id/oauth2', | ||
secretOrKey: '5kZxE|gZu1ODB183s772)/3:l_#5hU3Gn5O|2ux3&lhN@LQ6g+"i$zqB_C<6', | ||
}; | ||
|
||
// Mock jwks-rsa module | ||
jest.genMockFromModule('jwks-rsa'); | ||
jest.mock('jwks-rsa'); | ||
|
||
const mockJwksClient = { | ||
getSigningKey: jest.fn((_token, callbackFn) => callbackFn(null, null)), | ||
getKeys: jest.fn(), | ||
getSigningKeys: jest.fn(), | ||
}; | ||
|
||
(jwksClient as unknown as jest.Mock).mockImplementation(() => mockJwksClient); | ||
|
||
let token: any = null; | ||
|
||
describe('#SSO authentication', () => { | ||
beforeAll(async () => { | ||
token = await createJwt({ sub: 'FakeUser' }, validJwtConfiguration); | ||
}); | ||
|
||
describe('getKey', () => { | ||
it('Should return the siging key of the token', async () => { | ||
mockJwksClient.getSigningKey.mockImplementation((_token, callBackFn) => callBackFn(null, { rsaPublicKey: 'secret' })); | ||
const secret = await getKey(validJwtConfiguration.issuer, token); | ||
expect(secret).toEqual('secret'); | ||
}); | ||
|
||
it('Should throw an error', async () => { | ||
mockJwksClient.getSigningKey.mockImplementation((_token, callBackFn) => callBackFn(new Error('Something went wrong'))); | ||
try { | ||
await getKey(validJwtConfiguration.issuer, token); | ||
} catch (error) { | ||
expect(error).toBeInstanceOf(Error); | ||
expect(error.message).toEqual('Something went wrong'); | ||
} | ||
}); | ||
}); | ||
|
||
describe('authenticateSso', () => { | ||
// TODO | ||
}); | ||
}); |