Gathering detailed insights and metrics for twilio-flex-token-validator
Gathering detailed insights and metrics for twilio-flex-token-validator
Installations
npm install twilio-flex-token-validatorReleases
Unable to fetch releases
Developer
twilio
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=10
Typescript Support
Yes
Node Version
16.20.0
NPM Version
8.19.4
Statistics
17 Stars
84 Commits
12 Forks
12 Watching
4 Branches
20 Contributors
Updated on 21 Jul 2023
Languages
TypeScript (91.79%)
JavaScript (6.95%)
Shell (1.26%)
Total Downloads
Cumulative downloads
Total Downloads
2,609,183
Last day
-21.4%
2,213
Compared to previous day
Last week
-16.5%
14,050
Compared to previous week
Last month
-6.1%
72,994
Compared to previous month
Last year
-12.3%
870,778
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Twilio Flex Token Validator
Flex JWE Token Validator provides an easy way to validate a Flex JWE token.
Usage
Install with npm install twilio-flex-token-validator.
You can use this validator either within a Twilio Function, or into any NodeJS application.
Using in Twilio Function
First visit Twilio Function Configuration and add twilio-flex-token-validator as an NPM package. On the same page, enable the checkbox Enable ACCOUNT_SID and AUTH_TOKEN.
In your Twilio Function, wrap your main handler with this validator:
1const TokenValidator = require('twilio-flex-token-validator').functionValidator; 2 3exports.handler = TokenValidator(function(context, event, callback) { 4 // Your normal Twilio Function goes here. 5 // This block will only be called if your token is validated, otherwise it returns a 403. 6});
This validator assumes that the token is provided as the Token key. The successful result of the token validation is added to event.TokenResult.
Make sure the checkbox Check for valid Twilio signature is disabled. This token validator will handle the authentication of the request instead.
Using in any NodeJS application
You can also use this validator inside any existing Node servers:
1const TokenValidator = require('twilio-flex-token-validator').validator; 2 3TokenValidator(token, accountSid, authToken) 4 .then(tokenResult => { 5 // validated 6 }) 7 .catch(err => { 8 // validation failed 9 });
Token Result
The validated token result will contain the following data:
1{ 2 "valid": true, 3 "code": 0, 4 "message": null, 5 "expiration": "2018-09-24T23:22:44.240Z", 6 "realm_user_id": "user@example.com", 7 "identity": "user_40example_2Dcom", 8 "roles":[ 9 "agent" 10 ], 11 "worker_sid": "WKxxx" 12}
Contributing
Check out CONTRIBUTING for more information on how to contribute to this project.
License
Twilio Flex Token Validator is licensed under MIT.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 7/17 approved changesets -- score normalized to 4
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More