Skip to content

Commit cd63c28

Browse files
amalvamalv
committed
feat: add support for verifying access token using jwksUri
1 parent 54b223b commit cd63c28

File tree

1 file changed

+35
-12
lines changed

1 file changed

+35
-12
lines changed

src/server.ts

Lines changed: 35 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import { resolvers } from "./graphql/resolvers";
77
import { typeDefs } from "./graphql/types";
88
import winston from "winston";
99
import jwt from "jsonwebtoken";
10+
import jwksClient from "jwks-rsa";
1011

1112
interface GraphQLContext {
1213
userId?: string;
@@ -31,18 +32,40 @@ if (process.env.NODE_ENV !== "production") {
3132
);
3233
}
3334

34-
const decodeToken = (token: string): string | undefined => {
35-
if (token?.startsWith("Bearer ")) {
36-
const jwtToken = token.slice(7, token.length).trimStart();
37-
try {
38-
const decoded = jwt.decode(jwtToken);
39-
if (typeof decoded !== "string" && decoded?.sub) {
40-
return decoded.sub;
41-
}
42-
} catch (err) {
43-
logger.error("Invalid token");
35+
function getKey(header, callback) {
36+
const client = jwksClient({
37+
jwksUri: `https://dev-udel1dobwtbe8ips.us.auth0.com/.well-known/jwks.json`,
38+
});
39+
client.getSigningKey(header.kid, function (err, key) {
40+
const signingKey = key.getPublicKey();
41+
42+
callback(null, signingKey);
43+
});
44+
}
45+
46+
const decodeToken = (token: string): Promise<string | undefined> => {
47+
return new Promise((resolve, reject) => {
48+
if (token?.startsWith("Bearer ")) {
49+
const jwtToken = token.slice(7, token.length).trimStart();
50+
jwt.verify(
51+
jwtToken,
52+
getKey,
53+
{ algorithms: ["RS256"] },
54+
function (err, decoded) {
55+
if (err) {
56+
logger.error("Invalid token");
57+
reject(new Error("Invalid token"));
58+
} else if (typeof decoded !== "string" && decoded?.sub) {
59+
resolve(decoded.sub);
60+
} else {
61+
resolve(undefined);
62+
}
63+
}
64+
);
65+
} else {
66+
resolve(undefined);
4467
}
45-
}
68+
});
4669
};
4770

4871
let server: ApolloServer | undefined;
@@ -63,7 +86,7 @@ const graphqlHandler = startServerAndCreateLambdaHandler(
6386
{
6487
context: async ({ event, context }) => {
6588
const token = event.headers.authorization || "";
66-
const userId = decodeToken(token);
89+
const userId = await decodeToken(token);
6790

6891
return {
6992
userId,

0 commit comments

Comments
 (0)