Sign upLogin

Amri91/authomatic

View on GitHub
Star
jsdoc2md/readme.hbs

Summary

Maintainability
Test Coverage
# authomatic
[![Build Status](https://travis-ci.org/wearereasonablepeople/authomatic.svg?branch=master)](https://travis-ci.org/wearereasonablepeople/authomatic)
[![Maintainability](https://api.codeclimate.com/v1/badges/314b595549aca68c5c6c/maintainability)](https://codeclimate.com/github/wearereasonablepeople/authomatic/maintainability)
[![Coverage Status](https://coveralls.io/repos/github/wearereasonablepeople/authomatic/badge.svg?branch=master)](https://coveralls.io/github/wearereasonablepeople/authomatic?branch=master)
[![dependencies Status](https://david-dm.org/wearereasonablepeople/authomatic/status.svg)](https://david-dm.org/wearereasonablepeople/authomatic)
[![devDependencies Status](https://david-dm.org/awearereasonablepeople/authomatic/dev-status.svg)](https://david-dm.org/wearereasonablepeople/authomatic?type=dev)
[![Greenkeeper badge](https://badges.greenkeeper.io/wearereasonablepeople/authomatic.svg)](https://greenkeeper.io/)

## Description
An authentication library that uses JWT for access and refresh tokens with sensible defaults.

## Install
```
npm install authomatic
```

## Available stores
[Redis](https://github.com/wearereasonablepeople/authomatic-redis)

Please create an issue if you need another store.

## Examples
[Koa Example](/examples/koa.js)

## Quickstart
```javascript
const Store = require('authomatic-redis');
const Authomatic = require('authomatic');
const store = Store();
const authomatic = new Authomatic({store});

// Use authomatic functions
```

## Test
```
npm test
```

## Notes about migrating from version 0.0.1 to 1
1. Access and refresh tokens from those old versions will not work with the new ones. If you just upgraded, users will be required to relog.
If that is undesirable, and you want a seamless transition use two instances of Authomatic, but do not sign new tokens (or refresh) with the old instance.
1. The refresh method now accepts a 4th argument, verify options.
1. The invalidate refresh token method now requires a secret.
1. aud in sign options and audience in verify options are now strictly an array.
1. RefreshTokenExpiredOrNotFound became RefreshTokenNotFound, the expiration error is throw by the 'jsonwebtoken' library.
1. InvalidAccessToken became InvalidToken, it is for both refresh and access tokens.
1. TokensMismatch error is thrown if refresh and access token do not match.

The example has been updated to reflect all the new changes.

# Documentation

{{>main}}

# Creating a store
If you want to create a new store you need to expose the following functions:

1. add

```js
/**
* Register token and refresh token to the user
* @param {String} userId
* @param {String} refreshTokenJTI
* @param {String} accessTokenJTI
* @param {Number} ttl time to live in ms
* @returns {Promise<Boolean>} returns true when created.
*/
function add(userId, refreshTokenJTI, accessTokenJTI, ttl){...}
```

2. remove
```js
/**
* Remove a single refresh token from the user
* @param userId
* @param refreshTokenJTI
* @returns {Promise<Boolean>} true if found and deleted, otherwise false.
*/
function remove(userId, refreshTokenJTI) {...}
```

3. removeAll
```js
/**
* Removes all tokens for a particular user
* @param userId
* @returns {Promise<Boolean>} true if any were found and delete, false otherwise
*/
function removeAll(userId) {...}
```
You may need to expose a reference to the store if the user may need to handle connections during testing for example.