@ovotech/identity-auth
Authentication library for indentity@OVO based server-to-server auth and client-to-server auth. Supports fastify
Last updated 2 days ago by
homemoves .
Apache-2.0 ·
Repository ·
Bugs ·
Original npm ·
Tarball ·
package.json
$ cnpm install @ovotech/identity-auth
SYNC missed versions from
official npm registry.
Identity Auth
Reusable auth library for OVO node services using the identity platform for authentication.
Supports service to service authentication and client to server authentication.
Exposes an authClient that can be used in your middleware, additionaly provides a fastify middleware handler.
Server to server auth
Example usage to secure an endpoint
import { identityAuth } from '@ovotech/identity-auth/lib/server-to-server';
import fastify from 'fastify';
import { IncomingMessage, Server, ServerResponse } from 'http';
const { middleware } = identityAuth({
identityBaseUrl: 'https://auth.id-uat.ovotech.org.uk',
roleKey: 'homemoves-moves-service', // your service name here
});
const app: fastify.FastifyInstance<
Server,
IncomingMessage,
ServerResponse
> = fastify({});
app.get(
'/secured',
{
preValidation: middleware.fastify({ requiredRoles: ['move-in'] }), // your required roles here
schema: {
headers: {
type: 'object',
properties: {
authorization: {
type: 'string',
},
},
},
},
},
() => Promise.resolve('authenticated')
);
Auth client
Interface:
type AuthClient = {
authenticateToken: (jwtToken: string) => Promise<Either<AuthError, Authed>>;
};
Usage
import { identityAuth } from '@ovotech/identity-auth/lib/server-to-server';
const authclient = identityAuth(config).client({ requiredRoles: ['move-in'] });
authclient.authenticateToken('eyJhbGciOiJSUzI1NiI...');
Client to server auth
Interface:
type AuthClient = {
authenticateToken: ({ requiredPermissions: Array<string> }, jwtToken: string) => Promise<Either<AuthError, Authed>>;
};
Usage
import { identityAuth } from '@ovotech/identity-auth/lib/client-to-server';
const authclient = identityAuth({
identityBaseUrl: 'https://auth.id-uat.ovotech.org.uk',
}).client;
const requiredPermissions = ['orion-exp::account::account-id-123'];
authclient.authenticateToken({ requiredPermissions }, 'eyJhbGciOiJSUzI1NiI...');
Client to server and server to server auth combined
Auth is supported for both client-to-server and server-to-server together.
Both mechanisims are supported together, so that clients and servers can be permitted access to the same resource.
Interface:
type AuthClient = {
authenticateToken: (accessRequirements: AccessRequirements, jwtToken: string) => Promise<Either<AuthError, Authed>>;
};
type Authed = { channel: 'server' | 'client' };
type AccessRequirements = {
forClient?: ClientAccessRequirements;
forServer?: ServerAccessRequirements;
};
type ClientAccessRequirements = {
requiredPermissions: Array<string>;
};
type ServerAccessRequirements = {
roleRequirements: Array<RoleRequirement>;
};
type RoleRequirement = {
roleKey: string;
requiredRoles: Array<string>;
};
Usage
import { identityAuth } from '@ovotech/identity-auth/lib';
const authclient = identityAuth({
identityBaseUrl: 'https://auth.id-uat.ovotech.org.uk',
}).client;
const requiredPermissions = ['orion-exp::account::account-id-123'];
const roleRequirements = [{
roleKey: 'homemoves-moves-service',
requiredRoles: ['move-in']
}];
const accessRequirements: AccessRequirements = {
forClient: { requiredPermissions },
forServer: { roleRequirements }
};
authclient.authenticateToken(accessRequirements, 'eyJhbGciOiJSUzI1NiI...');
Integration tests
These currently use a homemoves service and the UAT identity service. To check your own service authentication:
replace `roleKey: 'homemoves-moves-service'` and `requiredRoles: ['move-in']` with your own
and export your UAT client secret
export IDENTITY_CLIENT_SECRET=<your-secret-here>
run
npm run test:integration
Notes
Note that currently this is the first iteration and is likely to change to become more usable by other teams.
PRs welcome :)
Current Tags
- 2.2.0 ... latest (2 days ago)
12 Versions
Maintainers (107)
ablagodyr 
agaovo 
ailwyn 
amelia.ovo 
andrewjtn 
apjm 
asalvadore 
benaud12 
boost-smile 
chris.smith 
clarencedglee 
connelldave 
david.chellapah.ovo 
elbird 
emilyrigby 
ericaovo 
fei-liao 
filose 
freddybushboy 
gmbovo 
grug 
harrisonbaxter 
hersheyovo 
hike-zzz 
ikerin 
inlustra 
jbeckett 
jelaxshan 
joelthornhill 
joepurnell-ovo 
joewhittles 
joey.ciechanowicz 
jonevans4 
juliabutterly 
jvmovo 
keirlawson 
kelveden 
kenneth-gray 
kieran.allen 
kupxc 
lcatallo 
marcesquerra 
marcusgriff 
marcuskielly 
mbayoumy 
mhipszki 
mikemchugh 
mkohlmyr 
molbalazs 
mrkiplin 
mwidurek 
nicolasov 
nishanthsinghgurung 
oli-boyle 
olmesm 
orex-team 
orion-migration-team 
ovo-devices 
ovo-engagement 
ovo.cms.devs 
ovocms 
ovotech-boost 
ovotech-identity 
ovotech-live 
ovotech-paym 
ovotech-payments 
ovotech-qs 
ovotech-sg 
ovotech-sme-team 
pdpi_ovo 
pedoublety 
petro.pavlenko 
philip-ovo 
potsec 
props 
puzzledbytheweb 
radek_tomasek 
robert-g-j 
rom1hr 
rosario-ovo 
rumblesan 
sampennington64 
sarahbeharry 
sarahlikeshiny 
saumyasarpal 
sblausten 
shaddeen 
shnist 
sketchingdev 
smart-heat-prod 
smart-heat-uat 
sophiepoole 
sophiesillmanovo 
tarlingovo 
taurelius-ovo 
tech.international 
teodora.danciu 
tokict 
tom.sherman 
tomshawovo 
tomverran-ovo 
tozzy 
trensik 
ursularodgers 
vslepkan 
yesdaveovo
Downloads
Today
0
This Week
24
This Month
45
Last Day
1
Last Week
3
Last Month
8
Dependencies (6)
- @types/got ^9.6.10
- fp-ts ^2.5.3
- got ^10.7.0
- jsonwebtoken ^8.5.1
- jwks-rsa ^1.12.2
- ramda ^0.27.0
Dev Dependencies (12)
- @types/jest ^25.2.1
- @types/jsonwebtoken ^8.3.8
- @types/ramda ^0.27.3
- @typescript-eslint/eslint-plugin ^2.26.0
- @typescript-eslint/parser ^2.28.0
- eslint ^6.8.0
- fastify ^2.13.0
- jest ^25.2.7
- jest-junit ^10.0.0
- ts-jest ^25.3.1
- ts-node-dev ^1.0.0-pre.44
- typescript ^3.8.3
Dependents (0)
None