@nuskin/ns-active-directory-cognito

Validates a logged in user token and returns the user id

Usage no npm install needed!

<script type="module">
  import nuskinNsActiveDirectoryCognito from 'https://cdn.skypack.dev/@nuskin/ns-active-directory-cognito';
</script>

README

ns-active-directory-cognito

This library validates the auth token returned on a single-sign-on and can get the userId that was used to log in.

Installing

All that is needed for adding this to your project is including the library in your package.json like so:

npm add @nuskin/ns-active-directory-cognito

How to use in your project.

Once you have imported the library into your project, you can use it like you see here:

let nsActiveDirectoryCognito = require('@nuskin/ns-active-directory-cognito')

let adCognitoConfig = {
    apiVersion: 1,
    application: 'current-application',
    baseUrl: 'https://base.url.com',
    cognito_access_token: 'abcd1234',
    cognito_id_token: '4321dcba'
}

let nsAdAuth = new nsActiveDirectoryCognito.NsActiveDirectoryCognito(adCognitoConfig);

nsAdAuth.validateAuth().then((response){
    // Do something with the response
})

Please note: all functions are asynchronous, so make sure you handle the expected response appropriately.

As you likely noticed, the library expects an object in the constructor with the following data points:

let adCognitoConfig = {
    apiVersion: 1, // Not required if you don't want to set the version.
    application: 'current-application', // This will be provided to you in the active directory redirect response. The key is the GET param name.
    baseUrl: 'https://base.url.com', // Change this based on preferred environment. This is the cloud API for nuskin, environment specific.
    cognito_access_token: 'abcd1234', // This will be provided to you in the active directory redirect response. The key is the GET param name.
    cognito_id_token: '4321dcba' // This will be provided to you in the active directory redirect response. The key is the GET param name.
}

You pass that into the object when initializing like so:

let nsAdAuth = new nsActiveDirectoryCognito.NsActiveDirectoryCognito(adCognitoConfig);

Now you have a token validation and user id retrieval object to work with. These are the available functions:

  • validateAuth -- Returns a valid true/false or unauthorized. Valid true/false comes in the form of:

    { status: 200, data: { authorized: true/false, expiration: unix timestamp } }

  • getUserId -- Returns the user id, as well as a valid true/false or unauthorized Valid user comes in the form of:

    { status: 200, data: { authorized: true/false, userId: 'example@example.com', expiration: unix timestamp } }

In both cases, if the request is unauthorized for whatever reason, you will get one of two responses:

Status 401 - Unauthorized due to missing data

Status 403 - Token is expired or not granted access