Skip to content

Instantly share code, notes, and snippets.

@CaptainChemist

CaptainChemist/authentication-serverless

Created May 2, 2018 20:12
Show Gist options
  • Save CaptainChemist/31ba15057104a07f4901e799094d56b6 to your computer and use it in GitHub Desktop.
Save CaptainChemist/31ba15057104a07f4901e799094d56b6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
authentication-serverless
context: async ({ event }) => {
const user = await authenticate(event.headers.Authorization);
return { db, user };
},
// This is what the authenticate.js file looks like
import jwksClient from 'jwks-rsa';
import jwt from 'jsonwebtoken';
import _ from 'lodash';
const jwks = jwksClient({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 10, // Default value
jwksUri: process.env.JWKS_URI
});
export const verifyToken = idToken =>
new Promise((resolve, reject) => {
try {
if (idToken === undefined) {
reject('No Token.');
}
const { header, payload } = jwt.decode(idToken, { complete: true });
if (!header || !header.kid || !payload) {
reject(new Error('Invalid token.'));
}
jwks.getSigningKey(header.kid, (fetchError, key) => {
if (fetchError) {
reject(new Error(`Error getting signing key: ${fetchError.message}`));
}
return jwt.verify(
idToken,
key.publicKey,
{ algorithms: ['RS256'] },
(verificationError, decoded) => {
if (verificationError) {
reject(`Verification error: ${verificationError.message}.`);
}
resolve(decoded);
}
);
});
} catch (e) {
reject(new Error('Bad Token.'));
}
}).catch(error => {
switch (error) {
case 'No Token.':
return {};
default:
throw new Error(error);
}
});
export const formatAuth0User = auth0User => {
if (_.isEmpty(auth0User)) {
return {};
}
return {
role: auth0User['https://www.example.com/userType'],
id: auth0User.sub,
};
};
export const authenticate = async idToken => {
try {
const auth0User = await verifyToken(idToken);
return formatAuth0User(auth0User);
} catch (e) {
throw e;
}
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment