Created
May 2, 2018 20:12
-
-
Save CaptainChemist/31ba15057104a07f4901e799094d56b6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
context: async ({ event }) => { | |
const user = await authenticate(event.headers.Authorization); | |
return { db, user }; | |
}, | |
// This is what the authenticate.js file looks like | |
import jwksClient from 'jwks-rsa'; | |
import jwt from 'jsonwebtoken'; | |
import _ from 'lodash'; | |
const jwks = jwksClient({ | |
cache: true, | |
rateLimit: true, | |
jwksRequestsPerMinute: 10, // Default value | |
jwksUri: process.env.JWKS_URI | |
}); | |
export const verifyToken = idToken => | |
new Promise((resolve, reject) => { | |
try { | |
if (idToken === undefined) { | |
reject('No Token.'); | |
} | |
const { header, payload } = jwt.decode(idToken, { complete: true }); | |
if (!header || !header.kid || !payload) { | |
reject(new Error('Invalid token.')); | |
} | |
jwks.getSigningKey(header.kid, (fetchError, key) => { | |
if (fetchError) { | |
reject(new Error(`Error getting signing key: ${fetchError.message}`)); | |
} | |
return jwt.verify( | |
idToken, | |
key.publicKey, | |
{ algorithms: ['RS256'] }, | |
(verificationError, decoded) => { | |
if (verificationError) { | |
reject(`Verification error: ${verificationError.message}.`); | |
} | |
resolve(decoded); | |
} | |
); | |
}); | |
} catch (e) { | |
reject(new Error('Bad Token.')); | |
} | |
}).catch(error => { | |
switch (error) { | |
case 'No Token.': | |
return {}; | |
default: | |
throw new Error(error); | |
} | |
}); | |
export const formatAuth0User = auth0User => { | |
if (_.isEmpty(auth0User)) { | |
return {}; | |
} | |
return { | |
role: auth0User['https://www.example.com/userType'], | |
id: auth0User.sub, | |
}; | |
}; | |
export const authenticate = async idToken => { | |
try { | |
const auth0User = await verifyToken(idToken); | |
return formatAuth0User(auth0User); | |
} catch (e) { | |
throw e; | |
} | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment