README
Kobo360 Auth Library
This library provides utilities to support the authentication of API requests within the services
Usage
Add the dependency of this library in your project's package.json
in the dependencies
section;
{
"dependencies": {
"@kobotech/core-auth": "1.0.0"
}
}
Run npm install
to install the defined dependencies;
How to use in your library
const express = require("express");
const coreAuth = require("@kobotech/core-auth");
const app = express();
app.get(
"/user",
coreAuth.authenticate(jwtSecret, { view: [coreAuth.roles.ADMIN] }, ["/user"]),
coreAuth.hasPermission("view", coreAuth.roles.ADMIN)
);
In the setup above, a /user
endpoint is defined along with the authenticate
middleware and the hasPermission
middleware.
The authenticate
middleware takes three arguments; jwtSecret
, accessControlList
end exclusionList
jwtSecret
- this is the secret that is used in the creation and verification ofJWT
tokensaccessControlList
- an object of allowed actions defined in the format;
{
"<action>": ["<role>", "<role>"]
}
e.g.
{
"admin": [
coreAuth.roles.SUPER_ADMIN,
coreAuth.roles.ADMIN,
coreAuth.roles.COMMS,
coreAuth.roles.OPS,
coreAuth.roles.FINANCE,
coreAuth.roles.ECEO
],
"all": [
coreAuth.roles.SUPER_ADMIN,
coreAuth.roles.ADMIN,
coreAuth.roles.COMMS,
coreAuth.roles.OPS,
coreAuth.roles.CUSTOMER,
coreAuth.roles.DRIVER,
coreAuth.roles.PARTNER,
coreAuth.roles.RECIPIENT,
coreAuth.roles.FINANCE,
coreAuth.roles.FIELD_OFFICER,
coreAuth.roles.ECEO,
coreAuth.roles.KOBO_AGENT,
coreAuth.roles.BANK
]
}
exclusionList
- an array of endpoints that will be excluded from authentication.
Also in the configuration above, the hasPermission
middleware, which can also be invoked via the hasResource
is configured to determine whether the authenticate user has the required permission to access the resource.
As defined, the hasPermission
middleware takes two arguments; permission
and userType
.
permission
- this corresponds to the object key in the definedaccessControlList
object defined in theauthenticate
middleware.userType
- this is an optional parameter that when defined, is used to enforce that the logged in user must be of the given userType/role before they can access the resource. However, even when not defined, the userType of the user is used to determine whether they have access to the resource based on theaccessControlList
defined in theauthenticate
middleware.