Gathering detailed insights and metrics for fastify-aws-jwt-verify
Gathering detailed insights and metrics for fastify-aws-jwt-verify
Fastify plugin wrapper around aws-jwt-verify for JWT authorization with AWS Cognito
Installations
npm install fastify-aws-jwt-verifyDeveloper
graybrace
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
20.17.0
NPM Version
10.8.2
Statistics
4 Stars
18 Commits
1 Watching
1 Branches
1 Contributors
Updated on 22 Sept 2024
Bundle Size
12.33 kB
Minified
4.11 kB
Minified + Gzipped
Languages
TypeScript (96.5%)
JavaScript (3.5%)
Total Downloads
Cumulative downloads
Total Downloads
24,986
Last day
0%
200
Compared to previous day
Last week
-19.8%
589
Compared to previous week
Last month
-2.5%
2,826
Compared to previous month
Last year
0%
24,986
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
fastify-aws-jwt-verify
Fastify plugin wrapper around aws-jwt-verify for JWT authentication/authorization with AWS Cognito
The options provided to the plugin registration are passed directly to CognitoJwtVerifier.create with helpers for ease of reuse.
Install
npm i fastify-aws-jwt-verify
Usage
Register as a plugin, providing the following options:
tokenProvider
Either use a built-in method for extracting the JWT token from a request or provide your own
Built-in method(s)
Bearer: Follow the Bearer Authorization scheme, where the token is provided via theAuthorizationheader with valueBearer <TOKEN>
Custom token provider
Accept the FastifyRequest object and return the extracted string token, e.g.
1await fastify.register(FastifyAwsJwtVerify, { 2 tokenProvider: req => { 3 if ('X-Auth-Token' in req.headers) { 4 return req.headers['X-Auth-Token'] 5 } else { 6 throw new Unauthorized("Missing 'X-Auth-Token' header") 7 } 8 }, 9 userPoolId: 'user-pool-id' 10})
User pool options
Plugin configuration supports scenarios for both a single user pool or multiple potential user pools.
Single user pool
For a single user pool, set verifier fields in the top-level plugin configuration object, e.g.
1await fastify.register(FastifyAwsJwtVerify, { 2 clientId: 'app-client-id', 3 tokenProvider: 'Bearer', 4 tokenUse: 'access', 5 userPoolId: 'user-pool-id' 6})
For complete set of options, see the aws-jwt-verify package documentation
Multiple user pools
For multiple user pools, set verifier fields in the pools field of the plugin configuration, e.g.
1await fastify.register(FastifyAwsJwtVerify, { 2 pools: [ 3 { 4 clientId: 'app-client-id-1', 5 tokenUse: 'access', 6 userPoolId: 'user-pool-1' 7 }, 8 { 9 clientId: 'app-client-id-2', 10 tokenUse: 'access', 11 userPoolId: 'user-pool-2' 12 } 13 ], 14 tokenProvider: 'Bearer' 15})
For complete set of options, see the aws-jwt-verify package documentation
Request handlers
Registering the plugin on its own does not require authentication/authorization on any route. Three decorators are provided to simplify attaching handlers.
auth.require(options?: FastifyAwsJwtVerifyOptions)
If no options provided, requires authorization based on the options provided at plugin registration time. This is the simplest usage.
1fastify.addHook('onRequest', fastify.auth.require())
If any option is provided, it overrides the corresponding option in the base plugin configuration options. (Note: Providing the pools field here overrides the entire pools field in the base options.)
1fastify.addHook('onRequest', fastify.auth.require({ 2 groups: [ 'Administrators', 'Moderators' ] 3}))
auth.client(...clientIds: string[])
Specify allowed client IDs in place of the base configuration options, e.g.
1fastify.addHook('onRequest', fastify.auth.client( 'app-client-1', 'app-client-2' ))
This is semantically equivalent to
1fastify.addHook('onRequest', fastify.auth.require({ 2 clientId: [ 'app-client-1', 'app-client-2' ] 3}))
auth.groups(...groups: string[])
Specify allowed groups in place of the base configuration options, e.g.
1fastify.addHook('onRequest', fastify.auth.groups( 'Administrators', 'Moderators' ))
This is semantically equivalent to
1fastify.addHook('onRequest', fastify.auth.require({ 2 groups: [ 'Administrators', 'Moderators' ] 3}))
User payload
Upon successful JWT verification, the request is decorated with the decoded user payload in the user field.
1fastify.post('/item', { 2 onRequest: fastify.auth.groups('Administrators') 3}, req => { 4 fastify.log.info(`User: ${req.user}`) 5 // Add item 6})
Example
1const fastify = Fastify() 2 3await fastify.register(fp(fastifyAwsJwtVerifyPlugin), { 4 clientId: 'app-client-1', 5 tokenProvider: 'Bearer', 6 tokenUse: 'access', 7 userPoolId: 'user-pool-1' 8}) 9 10// No authorization required 11await fastify.get('/', req => { /** Handle request **/ }) 12 13// Require authorization based on registration options 14await fastify.get('/account', { 15 onRequest: fastify.auth.require() 16}, req => { /** Handle request **/ }) 17 18// Administrators group membership required 19await fastify.post('/item', { 20 onRequest: fastify.auth.groups('Administrators') 21}, req => { /** Handle request **/ })
License
Licensed under Apache 2.0
No vulnerabilities found.
No security vulnerabilities found.