Authentication library for the browser environment using Web Crypto API

Authentication Library for the Web

A collection of utility functions for working with Web Crypto API.

# Install using NPM
$ npm install web-auth-library --save

# Install using Yarn
$ yarn add web-auth-library

Usage Example

Retrieving an access token from Google’s OAuth 2.0 authorization server

import { getAuthToken } from "web-auth-library/google";

const token = await getAuthToken({
  credentials: env.GOOGLE_CLOUD_CREDENTIALS,
  scope: "https://www.googleapis.com/auth/cloud-platform",
});
// => {
//   accessToken: "ya29.c.b0AXv0zTOQVv0...",
//   type: "Bearer",
//   expires: 1653855236,
// }

return fetch("https://cloudresourcemanager.googleapis.com/v1/projects", {
  headers: {
    authorization: `Bearer ${token.accessToken}`,
  },
});

Where env.GOOGLE_CLOUD_CREDENTIALS is an environment variable / secret containing a service account key (JSON) obtained from the Google Cloud Platform.

Retrieving an ID token for the target audience

import { getAuthToken } from "web-auth-library/google";

const token = await getAuthToken({
  credentials: env.GOOGLE_CLOUD_CREDENTIALS,
  audience: "https://example.com",
});
// => {
//   idToken: "eyJhbGciOiJSUzI1NiIsImtpZ...",
//   audience: "https://example.com",
//   expires: 1654199401,
// }

Decoding an ID token

import { jwt } from "web-auth-library/google";

jwt.decode(idToken);
// {
//   header: {
//     alg: 'RS256',
//     kid: '38f3883468fc659abb4475f36313d22585c2d7ca',
//     typ: 'JWT'
//   },
//   payload: {
//     iss: 'https://accounts.google.com',
//     sub: '118363561738753879481'
//     aud: 'https://example.com',
//     azp: 'example@example.iam.gserviceaccount.com',
//     email: 'example@example.iam.gserviceaccount.com',
//     email_verified: true,
//     exp: 1654199401,
//     iat: 1654195801,
//   },
//   data: 'eyJhbGciOiJ...',
//   signature: 'MDzBStL...'
// }

Verifying an ID token

import { verifyIdToken } from "web-auth-library/google";

const token = await verifyIdToken(idToken, { audience: "https://example.com" });
// => {
//   iss: 'https://accounts.google.com',
//   aud: 'https://example.com',
//   sub: '118363561738753879481'
//   azp: 'example@example.iam.gserviceaccount.com',
//   email: 'example@example.iam.gserviceaccount.com',
//   email_verified: true,
//   exp: 1654199401,
//   iat: 1654195801,
// }

Generating a digital signature

import { getCredentials, importKey, sign } from "web-auth-library/google";

const credentials = getCredentials(env.GOOGLE_CLOUD_CREDENTIALS);
const signingKey = await importKey(credentials.private_key, ["sign"]);
const signature = await sign(signingKey, "xxx");

Decoding a JWT token

import { jwt } from "web-auth-library";

jwt.decode("eyJ0eXAiOiJKV1QiLC...");
// => {
//   header: { alg: "HS256", typ: "JWT" },
//   payload: { iss: "...", aud: "...", iat: ..., exp: ... },
//   signature: "xxx"
// }

jwt.decode("eyJ0eXAiOiJKV1QiLC...", { header: false, signature: false });
// => {
//   payload: { iss: "...", aud: "...", iat: ..., exp: ... },
// }

Backers ?

              

Related Projects

How to Contribute

You’re very welcome to create a PR or send me a message on Discord.

License

Copyright © 2022-present Kriasoft. This source code is licensed under the MIT license found in the LICENSE file.


, blog) and contributors.

GitHub

View Github