Authentication library for the browser environment using Web Crypto API
Authentication Library for the Web
A collection of utility functions for working with Web Crypto API.
# Install using NPM
$ npm install web-auth-library --save
# Install using Yarn
$ yarn add web-auth-library
Usage Example
Retrieving an access token from Google’s OAuth 2.0 authorization server
import { getAuthToken } from "web-auth-library/google";
const token = await getAuthToken({
credentials: env.GOOGLE_CLOUD_CREDENTIALS,
scope: "https://www.googleapis.com/auth/cloud-platform",
});
// => {
// accessToken: "ya29.c.b0AXv0zTOQVv0...",
// type: "Bearer",
// expires: 1653855236,
// }
return fetch("https://cloudresourcemanager.googleapis.com/v1/projects", {
headers: {
authorization: `Bearer ${token.accessToken}`,
},
});
Where env.GOOGLE_CLOUD_CREDENTIALS is an environment variable / secret
containing a service account key
(JSON) obtained from the Google Cloud Platform.
Retrieving an ID token for the target audience
import { getAuthToken } from "web-auth-library/google";
const token = await getAuthToken({
credentials: env.GOOGLE_CLOUD_CREDENTIALS,
audience: "https://example.com",
});
// => {
// idToken: "eyJhbGciOiJSUzI1NiIsImtpZ...",
// audience: "https://example.com",
// expires: 1654199401,
// }
Decoding an ID token
import { jwt } from "web-auth-library/google";
jwt.decode(idToken);
// {
// header: {
// alg: 'RS256',
// kid: '38f3883468fc659abb4475f36313d22585c2d7ca',
// typ: 'JWT'
// },
// payload: {
// iss: 'https://accounts.google.com',
// sub: '118363561738753879481'
// aud: 'https://example.com',
// azp: 'example@example.iam.gserviceaccount.com',
// email: 'example@example.iam.gserviceaccount.com',
// email_verified: true,
// exp: 1654199401,
// iat: 1654195801,
// },
// data: 'eyJhbGciOiJ...',
// signature: 'MDzBStL...'
// }
Verifying an ID token
import { verifyIdToken } from "web-auth-library/google";
const token = await verifyIdToken(idToken, { audience: "https://example.com" });
// => {
// iss: 'https://accounts.google.com',
// aud: 'https://example.com',
// sub: '118363561738753879481'
// azp: 'example@example.iam.gserviceaccount.com',
// email: 'example@example.iam.gserviceaccount.com',
// email_verified: true,
// exp: 1654199401,
// iat: 1654195801,
// }
Generating a digital signature
import { getCredentials, importKey, sign } from "web-auth-library/google";
const credentials = getCredentials(env.GOOGLE_CLOUD_CREDENTIALS);
const signingKey = await importKey(credentials.private_key, ["sign"]);
const signature = await sign(signingKey, "xxx");
Decoding a JWT token
import { jwt } from "web-auth-library";
jwt.decode("eyJ0eXAiOiJKV1QiLC...");
// => {
// header: { alg: "HS256", typ: "JWT" },
// payload: { iss: "...", aud: "...", iat: ..., exp: ... },
// signature: "xxx"
// }
jwt.decode("eyJ0eXAiOiJKV1QiLC...", { header: false, signature: false });
// => {
// payload: { iss: "...", aud: "...", iat: ..., exp: ... },
// }
Backers ?
Related Projects
- Cloudflare Workers Starter Kit — TypeScript project template for Cloudflare Workers
- React Starter Kit — front-end template for React and Relay using Jamstack architecture
- GraphQL API and Relay Starter Kit — monorepo template, pre-configured with GraphQL API, React, and Relay
How to Contribute
You’re very welcome to create a PR or send me a message on Discord.
License
Copyright © 2022-present Kriasoft. This source code is licensed under the MIT license found in the LICENSE file.
, blog) and contributors.