@drmhse/authos-node 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +38 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -192,6 +192,44 @@ app.get('/org/:slug/data',
|
|
|
192
192
|
);
|
|
193
193
|
```
|
|
194
194
|
|
|
195
|
+
## Understanding JWT Context
|
|
196
|
+
|
|
197
|
+
The middleware functions check claims embedded in the JWT by the client SDK during login:
|
|
198
|
+
|
|
199
|
+
| SDK Initialization | JWT Claims | Middleware to Use |
|
|
200
|
+
|-------------------|-----------|------------------|
|
|
201
|
+
| Platform-level (`baseURL` only) | `is_platform_owner: true` | `requirePlatformOwner()` |
|
|
202
|
+
| Multi-tenant (`baseURL` + `org` + `service`) | `org: 'slug'` | `requireOrganization()` |
|
|
203
|
+
| With permissions | `permissions: ['users:write', ...]` | `requirePermission()` |
|
|
204
|
+
|
|
205
|
+
### How It Works
|
|
206
|
+
|
|
207
|
+
1. **Client-side**: User logs in via `@drmhse/sso-sdk` or `@drmhse/authos-react`
|
|
208
|
+
2. **JWT issued**: AuthOS embeds context (`org`, `service`, `is_platform_owner`) in claims
|
|
209
|
+
3. **Server-side**: This package verifies the JWT and middleware checks the claims
|
|
210
|
+
|
|
211
|
+
```ts
|
|
212
|
+
// Example: Route for organization admins only
|
|
213
|
+
app.get('/org/:slug/settings',
|
|
214
|
+
requireAuth(), // 1. Verify JWT signature
|
|
215
|
+
requireOrganization((req) => req.params.slug), // 2. Check org claim matches URL
|
|
216
|
+
(req, res) => {
|
|
217
|
+
// User is authenticated AND belongs to this org
|
|
218
|
+
res.json({ org: req.auth?.claims.org });
|
|
219
|
+
}
|
|
220
|
+
);
|
|
221
|
+
|
|
222
|
+
// Example: Route for platform owners only
|
|
223
|
+
app.get('/platform/analytics',
|
|
224
|
+
requireAuth(), // 1. Verify JWT signature
|
|
225
|
+
requirePlatformOwner(), // 2. Check is_platform_owner: true
|
|
226
|
+
(req, res) => {
|
|
227
|
+
// User is a platform owner
|
|
228
|
+
res.json({ data: '...' });
|
|
229
|
+
}
|
|
230
|
+
);
|
|
231
|
+
```
|
|
232
|
+
|
|
195
233
|
## Webhook Verification
|
|
196
234
|
|
|
197
235
|
Verify webhooks from AuthOS:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@drmhse/authos-node",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.4",
|
|
4
4
|
"description": "Node.js server adapter for AuthOS authentication - Express middleware and token verification",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.mjs",
|
|
@@ -58,7 +58,7 @@
|
|
|
58
58
|
}
|
|
59
59
|
},
|
|
60
60
|
"dependencies": {
|
|
61
|
-
"@drmhse/sso-sdk": "^0.3.
|
|
61
|
+
"@drmhse/sso-sdk": "^0.3.10"
|
|
62
62
|
},
|
|
63
63
|
"devDependencies": {
|
|
64
64
|
"@types/express": "^5.0.0",
|