Keratin AuthN is an authentication service that keeps you in control of the experience without forcing you to be an expert in web security.
This gem provides utilities to help integrate with the backend of a NodeJS application. You will also need a client for your frontend, such as keratin/authn-js.
yarn add @keratin/authn-node
import AuthN from "@keratin/authn-node";
const authn = new AuthN({
// The AUTHN_URL of your Keratin AuthN server. This will be used to verify tokens created by AuthN,
// and will also be used for API calls unless `adminURL` is also set (see below).
issuer: "https://authn.myapp.com",
// The domains of your application (no protocol). These domain should be listed in the APP_DOMAINS of
// your Keratin AuthN server.
audiences: ["myapp.com"],
// OPTIONAL: Send private API calls to AuthN using private network routing. This can be necessary
// if your environment has a firewall to limit public endpoints.
adminURL: "https://authn.internal.dns/",
// Credentials for AuthN's private endpoints. These will be used to execute admin actions using the
// `Keratin.authn` client provided by this library.
//
// TIP: make them extra secure in production!
username: "secret",
password: "secret",
// OPTIONAL: Specify how long keys should remain cached in the keychain, in minutes.
keychainTTL: 60, // minutes
});
Use Keratin::AuthN.subject_from(params[:authn])
to fetch an account_id
from the session if and
only if the session is valid.
Unimplemented in this release.
You should store the token in a cookie or header (the keratin/authn-js integration can do this automatically) and continue using it to verify a logged-in session:
// your token may be in a cookie or a header, depending on your client configuration.
const token = req.headers.authorization.replace(/Bearer/, "").trim();
// subjectFrom will return an AuthN account ID that you can use to identify the user.
let accountID;
try {
accountID = await authn.subjectFrom(token);
} catch (e) {
if (e instanceof JsonWebTokenError) console.error(e);
else throw e;
}
// create a user during signup with the accountID
User.create({ name, email, accountID });
// use the accountID to find the current user later
User.find({ accountID });
Bug reports and pull requests are welcome on GitHub at https://github.com/keratin/authn-node. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.