ExpressMiddleware

ExpressMiddleware{#ExpressMiddleware}

ServiceAuthorizationMiddleware{#ServiceAuthorizationMiddleware}

ServiceAuthorizationMiddleware

new ServiceAuthorizationMiddleware(options)

Param Type Description

Param	Type	Description
options	`Object`	Required -
options.serviceTokenSignSecret	`string`	Required - Secret to validate token signature against

options

Object

Required -

options.serviceTokenSignSecret

string

Required - Secret to validate token signature against

authorize(authParams)

Extract and authorize token using the provided auth params

Param Type Description

Param	Type	Description
authParams	`FullAuthorizationParameters` \| `AuthorizationMode`	Required - Authorization parameters to pass to

authParams

FullAuthorizationParameters | AuthorizationMode

Required - Authorization parameters to pass to

errorHandler([err], req, res, next)

Error handler for errors thrown by ServiceAuthorizationMiddleware

Will handle telling IMSG to redirect unauthorized requests, but will pass on any other errors to next()

Param Type Description

Param	Type	Description
err	`Object`	Express err
req	`Object`	Required - Express req
res	`Object`	Required - Express res
next	`function`	Required - Express next

err

Object

Express err

req

Object

Required - Express req

res

Object

Required - Express res

function

Required - Express next

The type definition of the full auhtorization object with all parameters.

Passed to the authorize function.

Properties

Name Type Description

Name	Type	Description
onPreAuth	`function`	Function to run before authorize is called
org	`string` \| `function` \| `Boolean`	Required - Organiztion to authorize against
accessRules	`Array.<AccessRule>`	Optional access rules to authorize against
suppressLoginTrigger	`Boolean`	If true, do not redirect failed authorization to login

onPreAuth

function

Function to run before authorize is called

org

string | function | Boolean

Required - Organiztion to authorize against

accessRules

Array.<AccessRule>

Optional access rules to authorize against

suppressLoginTrigger

Boolean

If true, do not redirect failed authorization to login

The type definition of the access rule.

Passed to the authorize function within the object as a list of access rules.

All properties are optional, but at least one must exist

Properties

Name Type Description

Name	Type	Description
unit	`string` \| `function`	Unit that should match token
permission	`string` \| `function`	Permission that should match token
sub	`string` \| `function`	Subject that should match token

unit

string | function

Unit that should match token

permission

string | function

Permission that should match token

sub

string | function

Subject that should match token

Type defintion of the authorization mode.

SERVICE_ADMIN_ENDPOINT - Authorization validates if you are a service admin and have a valid token. Either accessed or thrown out.

OPEN_ENDPOINT - Authorization validates if you have a valid token and lets you through to the open endpoint. Either accessed or thrown out.

Either SERVICE_ADMIN_ENDPOINT or OPEN_ENDPOINT

PreviousErrors NextTokenUtils

Last updated 2 years ago