Home
/
Packages
/
egain-ps-utils

egain-ps-utils

eGain PS Utils. A utility package for eGain PS

egain-ps-utils

egain-ps-utils is a collection of utility functions designed to simplify common development tasks. This package provides helpers and methods to boost your development workflow, and for the 2.0.0 release, we’re offering a convenient jwt authorizer utility for handling authorization-related tasks.

Release Notes (2.0.0)

  • Requires Node.js 18+ (uses native fetch)
  • Improved compatibility and performance
  • Updated documentation and usage examples
  • Enhanced JWT authorizer utility for Azure AD

Requirements

  • Node.js 18 or higher (uses native fetch)
  • ps-chronicle: Use the latest version (^1.0.3 or higher) for best compatibility with this package.

Features

  • validateToken: A utility function to assist with authorization checks, ensuring that only authorized users can access specific resources or perform particular actions.

    • This validator will check for:
      1. token expiry
      2. issuer
      3. audience
      4. certificate
    • This function will return a boolean value indicating whether the token is valid or not.

  • generateAuthResponse: A utility function to assist with generating authorization responses. This will return a policy document with the effect and the methodArn.

Prerequisites

  • AWS Secrets Manager SDK v3 (if using with AWS Lambda and secrets)

Create a secret in AWS Secrets Manager with the following format:

{
    "audience": "xxxx",
    "issuer": "https://xxxx.com/xxxxxx/xx.x"
}

To get the audience and issuer values, you can use the following steps:

  1. Get the Metadata from your identity provider.
  2. Use these values as the audience and issuer in the secret.

Installation

Using npm:

npm install egain-ps-utils

Using yarn:

yarn add egain-ps-utils

Usage

Example: Using in AWS Lambda Authorizer

const { validateToken, generateAuthResponse } = require('egain-ps-utils');

const authorize = async (event) => {
  try {
    const authorization = event.headers.Authorization || event.headers.authorization; // Extract token from headers
    if (!authorization) {
      throw new Error('Authorization token is missing');
    }

    const secretName = 'xxxxx';

    // Validate the token
    const { isTokenValid } = await validateToken(authorization, secretName );
    if (isTokenValid) {
      return generateAuthResponse('Allow', event.methodArn); // Allow access if the token is valid
    } else {
      return generateAuthResponse('Deny', event.methodArn); // Deny access if the token is invalid
    }
  } catch (error) {
    console.error('Authorization error:', error);
    return generateAuthResponse('Deny', event.methodArn); // Default Deny response in case of an error
  }
};

module.exports = { authorize };

Notes

  • This package requires Node.js 18+ for native fetch support.
  • For best results, use the latest version of ps-chronicle (at least 1.0.3).
  • For Azure AD JWT validation, ensure you provide the correct issuer, audience, and kid in the options object.
  • For AWS Lambda usage, ensure your secrets are set up as described above.