-
Notifications
You must be signed in to change notification settings - Fork 121
/
Copy pathserver.js
95 lines (83 loc) · 2.88 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/*
* Copyright (c) 2018, Okta, Inc. and/or its affiliates. All rights reserved.
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
*
* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*
* See the License for the specific language governing permissions and limitations under the License.
*/
const express = require('express');
const OktaJwtVerifier = require('@okta/jwt-verifier');
var cors = require('cors');
const sampleConfig = require('../config.js');
const oktaJwtVerifier = new OktaJwtVerifier({
clientId: sampleConfig.resourceServer.oidc.clientId,
issuer: sampleConfig.resourceServer.oidc.issuer,
assertClaims: sampleConfig.resourceServer.assertClaims,
testing: sampleConfig.resourceServer.oidc.testing
});
/**
* A simple middleware that asserts valid access tokens and sends 401 responses
* if the token is not present or fails validation. If the token is valid its
* contents are attached to req.jwt
*/
function authenticationRequired(req, res, next) {
const authHeader = req.headers.authorization || '';
const match = authHeader.match(/Bearer (.+)/);
if (!match) {
res.status(401);
return next('Unauthorized');
}
const accessToken = match[1];
const audience = sampleConfig.resourceServer.assertClaims.aud;
return oktaJwtVerifier.verifyAccessToken(accessToken, audience)
.then((jwt) => {
req.jwt = jwt;
next();
})
.catch((err) => {
res.status(401).send(err.message);
});
}
const app = express();
/**
* For local testing only! Enables CORS for all domains
*/
app.use(cors());
app.get('/', (req, res) => {
res.json({
message: 'Hello! There\'s not much to see here :) Please grab one of our front-end samples for use with this sample resource server'
});
});
/**
* An example route that requires a valid access token for authentication, it
* will echo the contents of the access token if the middleware successfully
* validated the token.
*/
app.get('/secure', authenticationRequired, (req, res) => {
res.json(req.jwt);
});
/**
* Another example route that requires a valid access token for authentication, and
* print some messages for the user if they are authenticated
*/
app.get('/api/messages', authenticationRequired, (req, res) => {
res.json({
messages: [
{
date: new Date(),
text: 'I am a robot.'
},
{
date: new Date(new Date().getTime() - 1000 * 60 * 60),
text: 'Hello, world!'
}
]
});
});
app.listen(sampleConfig.resourceServer.port, () => {
console.log(`Resource Server Ready on port ${sampleConfig.resourceServer.port}`);
});