Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const { OAuth2Client } = require('google-auth-library');
- function decodedTokenToUser({
- // protocole concerns
- iss,
- azp,
- aud,
- at_hash,
- iat,
- exp,
- // actual user info
- sub: id,
- email,
- email_verified,
- name,
- picture,
- given_name,
- family_name,
- locale,
- }){
- return {
- id,
- email,
- email_verified,
- name,
- picture,
- given_name,
- family_name,
- locale,
- }
- }
- function verifier(client_id) {
- const client = new OAuth2Client(client_id);
- async function verifyAndDecode(token) {
- const ticket = await client.verifyIdToken({
- idToken: token,
- audience: client_id,
- });
- return ticket.getPayload();
- }
- return verifyAndDecode
- }
- module.exports = client_id => {
- verify = verifier(client_id)
- return async (request, response, next) => {
- const auth_header = request.get('Authorization')
- const unauthorized = body => response.status(401).send(body)
- if (!auth_header || !auth_header.match(/^Bearer\s/)) {
- return unauthorized('missing authorization header')
- }
- const token = auth_header.replace(/^Bearer\s/, '')
- try {
- const payload = await verify(token)
- request.user = decodedTokenToUser(payload)
- next()
- } catch (err) {
- return unauthorized(err)
- }
- }
- }
- /* USAGE *
- app.use(
- '/authenticated',
- googleJWT(GOOGLE_CLIENT_IDS),
- )
- /* */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement