authenticationContext.acquireTokenWithAuthorizationCode(req.query.code, redirectUri, resource, clientId, clientSecret, function(err, response) { if (!err) { // build the claims var claims = { iss: "http://testauth.plasne.com", sub: response.userId, scope: "[admin]" }; // build the JWT var jwt = nJwt.create(claims, jwtKey); jwt.setExpiration(new Date().getTime() + (4 * 60 * 60 * 1000)); // 4 hours // return the JWT res.cookie("accessToken", jwt.compact(), { maxAge: 4 * 60 * 60 * 1000 // 4 hours }); res.redirect("/admin.htm"); } else { console.log("token: an authorization token could not be obtained - " + err); res.sendError("auth"); } });
getGroupMembershipForUser(token).then(function(groups) { // build a list of group names const membership = []; groups.forEach(function(group) { if (group.displayName.startsWith("testauth_")) { membership.push(group.displayName.replace("testauth_", "")); } }); // define rights const rights = []; if (membership.indexOf("admins") > -1) { rights.push("can admin"); rights.push("can edit"); rights.push("can view"); } else if (membership.indexOf("users") > -1) { rights.push("can view"); } // build the claims const claims = { iss: "http://testauth.plasne.com", sub: userId, scope: membership, rights: rights }; // build the JWT const jwt = nJwt.create(claims, jwtKey); jwt.setExpiration(new Date().getTime() + (4 * 60 * 60 * 1000)); // 4 hours deferred.resolve(jwt.compact()); }, function(msg) {
before(function(done){ newAccount = helpers.fakeAccount(); unsignedToken = nJwt.create({hello:'world'},'not a secret').compact(); helpers.createApplication(function(err,app){ if(err){ done(err); }else{ application = app; expiredToken = nJwt.create( {hello:'world'}, application.dataStore.requestExecutor.options.client.apiKey.secret ).setExpiration(new Date().getTime()) .compact(); application.createAccount(newAccount,function(err){ if(err){ done(err); }else{ new stormpath.OAuthPasswordGrantRequestAuthenticator(application) .authenticate({ username: newAccount.email, password: newAccount.password },function(err,accessTokenResponse){ passwordGrantResponse = accessTokenResponse; }); helpers.createApplication(function(err,app2){ if(err){ done(err); }else{ application2 = app2; /* We are setting the token ttl to 10 seconds, beacuse we want to test expired tokens in this test */ application2.getOAuthPolicy(function(err,policy){ if(err){ done(err); }else{ policy.accessTokenTtl = 'PT10S'; policy.save(function(err){ if(err){ done(err); }else{ application2.createAccount(newAccount,done); } }); } }); } }); } }); } }); });
AuthenticationResult.prototype.getJwt = function getJwt() { var self = this; return nJwt.create({ iss: self.application.href, sub: self.forApiKey ? self.forApiKey.id : self.account.href, jti: utils.uuid() },self.application.dataStore.requestExecutor.options.client.apiKey.secret) .setExpiration(new Date().getTime() + (3600*1000)); };
}).spread((authenticated, user) => { if (!authenticated) { return [ false, null ]; } // Authenticated, create the token var token = nJwt.create({ sub: user.id }, request.server.settings.app.security.key); return request.server.app.cache.session.setAsync(token.body.jti, token.body, 0).return([ authenticated, token ]); }).spread((authenticated, token) => {
module.createJWTToken = function(userId) { var payload = { sub: userId, iat: moment().unix(), exp: moment().add(1, 'days').unix(), iss: process.env.BASE_URL, aud: process.env.BASE_URL }; var token = nJwt.create(payload, tokenSecret); return token.compact(); };
user.comparePassword(req.body.password, function(err, isMatch){ // If an error occured with comparing passwords if (err){ return res.status(500).send( utils.errorResponse('ER_SERVER', err) ); } // If the user is not verified if (!user.isVerified){ return res.status(400).send( utils.errorResponse('ER_USER_NOT_VERIFIED') ); } // If the password is incorrect if (!isMatch){ return res.status(400).send( utils.errorResponse('ER_WRONG_PASSWORD') ); } // If the user exists and password is correct, create TMP folder rmdir(utils.getUserTempFolderPath(user._id), function(err){ // If an error occured with deleting the TMP folder if (err){ return res.status(500).send( utils.errorResponse('ER_SERVER', err) ); } mkdir(utils.getUserTempFolderPath(user._id), function(err){ // If an error occured with creating the TMP folder if (err){ return res.status(500).send( utils.errorResponse('ER_SERVER', err) ); } }); }); // Prepare the claims for the user's session var claims = { sub: user._id, iss: config.HOST, permissions: 'Default' }; // Generate the JSON web token and set to expire in 10 hours var token = nJwt.create(claims, config.KEY.SESSION); token.setExpiration(new Date().getTime() + 36000000); var compactToken = token.compact(); // Create a new cookie that stores the compact token new cookies(req, res).set( 'access_token', compactToken, config.COOKIE_FLAGS ); return res.sendStatus(200); });
before(function(done){ newAccount = helpers.fakeAccount(); unsignedToken = nJwt.create({hello:'world'},'not a secret').compact(); helpers.createApplication(function(err,app){ if(err){ done(err); }else{ application = app; expiredToken = nJwt.create( {hello:'world'}, application.dataStore.requestExecutor.options.client.apiKey.secret ).setExpiration(new Date().getTime()) .compact(); application.createAccount(newAccount,function(err){ if(err){ done(err); }else{ helpers.createApplication(function(err,app2){ if(err){ done(err); }else{ application2 = app2; /* We are setting the token ttl to 2 seconds, beacuse we want to test expired tokens in this test */ application2.getOAuthPolicy(function(err,policy){ if(err){ done(err); }else{ policy.accessTokenTtl = 'PT2S'; policy.save(function(err){ if(err){ done(err); }else{ application2.createAccount(newAccount,done); } }); } }); } }); } }); } }); });
AuthenticationResult.prototype.getJwt = function getJwt() { var secret = this.application.dataStore.requestExecutor .options.client.apiKey.secret; var jwt = nJwt.create({ iss: this.application.href, sub: this.forApiKey ? this.forApiKey.id : this.account.href, jti: utils.uuid() }, secret); jwt.setExpiration(new Date().getTime() + (this.ttl * 1000)); return jwt; };
verifyToken(token).then(function(verified) { // native apps cannot do admin consent, so we cannot reach back into the user's AAD, but we can generate a JWT without any special // authorization and assume we do that in our application const claims = { iss: "http://testauth.plasne.com", sub: verified.body.upn }; // build the JWT const jwt = nJwt.create(claims, jwtKey); jwt.setExpiration(new Date().getTime() + (4 * 60 * 60 * 1000)); // 4 hours res.status(200).send({ "accessToken": jwt.compact() }); }, function(msg) {
client.getGroupMembershipForUser(credentials.username, function(err, groups) { if (err) { res.status(500).send(JSON.stringify(err)); } if (groups) { // build a list of group names var membership = []; groups.forEach(function(group) { if (group.cn.startsWith("testauth_")) { membership.push(group.cn.replace("testauth_", "")); } }); // define rights var rights = []; if (membership.indexOf("admins") > -1) { rights.push("can admin"); rights.push("can edit"); rights.push("can view"); } else if (membership.indexOf("users") > -1) { rights.push("can view"); } // build the claims var claims = { iss: "http://testauth.plasne.com", sub: credentials.username, scope: membership, rights: rights }; // build the JWT var jwt = nJwt.create(claims, jwtKey); jwt.setExpiration(new Date().getTime() + (4 * 60 * 60 * 1000)); // 4 hours res.cookie("accessToken", jwt.compact(), { maxAge: 4 * 60 * 60 * 1000 }); // return to the client res.status(200).end(); } });
promise.each([create, list], function(result) { }).then(function(result) { var entry = result[1]; // build the claims var claims = { iss: "http://testauth.plasne.com", sub: entry.RowKey._, scope: entry.container._ }; // build the JWT var jwt = nJwt.create(claims, jwtKey); jwt.setExpiration(new Date().getTime() + (24 * 60 * 60 * 1000)); // 24 hours // return the JWT res.cookie("accessToken", jwt.compact(), { maxAge: 24 * 60 * 60 * 1000 // 24 hours }); res.status(200).end(); }, function(error) {
encode: function() { this.changedFromEncode = true; if(this.validateValues() == false) { this.jwt.token = ''; this.jsonError = true; this.jsonErrorMessage = "Some Values are invalid."; } try { var token = nJwt.create(JSON.parse(this.jwt.payload),this.jwt.key); this.jwt.token = token.compact(); this.jsonError = false; this.jsonErrorMessage = ""; this.generateCode(); this.verifyKey(); } catch(err) { this.jwt.token = ''; this.jsonError = true; this.jsonErrorMessage = err.toString(); } },
this._getServiceProvider(function (err, serviceProvider) { if (err) { return callback(err); } var claims = { jti: uuid(), iss: self.application.href, iat: new Date().getTime() / 1000 }; if (options.cb_uri) { claims.cb_uri = options.cb_uri; } if (options.ash) { claims.ash = options.ash; } if (options.onk) { claims.onk = options.onk; } if (options.state) { claims.state = options.state; } var accessToken = njwt.create(claims, apiKey.secret); accessToken.header.kid = apiKey.id; var parameters = { accessToken: accessToken.compact() }; var ssoInitiationEndpoint = serviceProvider.ssoInitiationEndpoint.href; var initializationUrl = self._buildInitializationUrl(ssoInitiationEndpoint, parameters); callback(null, initializationUrl); });
var jwtTool = require('njwt'), fs = require('fs'); var claimsJSON = fs.readFileSync(__dirname + '/../config/claims.json', 'utf8'); var secretJSON = fs.readFileSync(__dirname + '/../config/secret.json', 'utf8'); var secret = JSON.parse(secretJSON).secretKey; var claims = JSON.parse(claimsJSON); var jwt = jwtTool.create(claims, secret); console.log(claimsJSON); console.log("key: " + secret); console.log("jwt:"); console.log(jwt); console.log(); console.log(jwt.compact());
// #TODO find a better way to define this Date.prototype.toMysqlFormat = function () { return this.getUTCFullYear() + "-" + twoDigits(1 + this.getUTCMonth()) + "-" + twoDigits(this.getUTCDate()) + " " + twoDigits(this.getUTCHours()) + ":" + twoDigits(this.getUTCMinutes()) + ":" + twoDigits(this.getUTCSeconds()); }; exports.Utils = { generateAuthToken(id, secret) { let claims = { sub: id, iss: 'api.beersdepot.com', permissions: 'user' }; let jwt = nJwt.create(claims, secret); // Set 1 week expiration period jwt.setExpiration(new Date().getTime() + (config.tokenExpiration.value)); return jwt.compact(); }, verifyAuthToken(token, secret, proceed) { nJwt.verify(token, secret, (err, token) => { proceed(err, token); }); } }
generateJwt: function() { var jwt = nJwt.create(JSON.parse("{\"sub\": \"1234567890\", \"name\":\"John Doe\", \"admin\":true}"), this.jwt.key); this.jwt.token = jwt.compact(); this.decode(); },
var uuid = require('node-uuid') var nJwt = require('njwt') var secretKey = uuid.v4() var claims = { sub: (new Date()).getDate(), iss: 'http://localhost:3000', permissions: ['users-index', 'user-create'] } var jwt = nJwt.create(claims, secretKey) console.log(JSON.stringify(jwt)) console.log(jwt.compact(), secretKey)