Express APIs

express-js npm

express-js is a Javascript SDK for Express.js and Sails.js. Secure your Express APIs using Axioms authentication and authorization.

Prerequisite

  • Node.js 9.0.0+
  • An Axioms client which can obtain access token after user's authentication and authorization and include obtained access token as bearer in Authorization header of all API request sent to Node/Express application server.

Install SDK

Install express-js SDK to your project.

npm i @axioms/express-js

Add Config

Create a .env file in your project root and add following configs

.env
AXIOMS_DOMAIN=<your-axioms-slug>.axioms.io
AXIOMS_AUDIENCE=<your-axioms-resource-identifier>
AXIOMS_CACHE_KEY_TIME=600000

AXIOMS_CACHE_KEY_TIME is optional value in millisecond. Default to 600000 millisecond i.e. 10 minutes. Set to 0 if you don't want catch keys.

Inject config

Create checkToken.js and add following,

src/checkToken.js
const { hasValidAccessToken } = require("@axioms/express-js");
const checkToken = hasValidAccessToken({
axiomsDomain: process.env.AXIOMS_DOMAIN,
axiomsAud: process.env.AXIOMS_AUDIENCE,
cacheKeyTime: process.env.AXIOMS_CACHE_KEY_TIME
});
module.exports = checkToken;

Guard Your API Views

Use authentication and permission classes to guard you API views.

FunctionDescriptionParameters
hasValidAccessTokenChecks if API request includes a valid bearer access token as authorization header. Check performed includes: token signature validation, expiry datetime validation, and token audience validation.
hasRequiredScopesCheck any of the given scopes included in scope claim of the access token.An array of strings as conditional OR representing any of the allowed scope or scopes for the view as parameter. For instance, to check openid or profile pass ['profile', 'openid'] as parameter.
hasRequiredRolesCheck any of the given roles included in roles claim of the access token.An array of strings as conditional OR representing any of the allowed role or roles for the view as parameter. For instance, to check sample:role1 or sample:role2 roles you will pass ['sample:role1', 'sample:role2'] as parameter.
hasRequiredPermissionsCheck any of the given permissions included in permissions claim of the access token.An array of strings as conditional OR representing any of the allowed permission or permissions for the view as parameter. For instance, to check sample:create or sample:update permissions you will pass ['sample:create', 'sample:update'] as parameter.

Examples

  • Check openid or profile scope present in the token
const express = require('express');
const checkToken = require('../checkToken.js');
const { hasRequiredScopes } = require('@axioms/express-js');
const router = express.Router();
router.get('/', checkToken, hasRequiredScopes(['profile', 'openid']), (req, res) => {
res.json({
message: 'All good. You are authenticated!'
});
});
module.exports = router;
  • Check sample:role role present in the token
const express = require('express');
const checkToken = require('../checkToken.js');
const {
hasRequiredRoles
} = require('@axioms/express-js');
const router = express.Router();
router.all('/', checkToken, hasRequiredRoles(['sample:role']), (req, res) => {
var msg;
switch (req.method) {
case 'GET':
msg = "Sample read."
break;
case 'POST':
msg = "Sample created."
break;
case 'PATCH':
msg = "Sample updated."
break;
case 'DELETE':
msg = "Sample deleted."
break;
default:
msg = "Action not support"
break;
}
res.json({
message: msg
});
});
module.exports = router;
  • Check permission present in the token at API method level
const express = require('express');
const checkToken = require('../checkToken.js');
const {
hasRequiredPermissions
} = require('@axioms/express-js');
const router = express.Router();
router.get('/', checkToken, hasRequiredPermissions(['sample:read']), (req, res) => {
res.json({
message: 'Sample read.'
});
});
router.post('/', checkToken, hasRequiredPermissions(['sample:create']), (req, res) => {
res.json({
message: 'Sample created.'
});
});
router.patch('/', checkToken, hasRequiredPermissions(['sample:update']), (req, res) => {
res.json({
message: 'Sample updated.'
});
});
router.delete('/', checkToken, hasRequiredPermissions(['sample:delete']), (req, res) => {
res.json({
message: 'Sample deleted.'
});
});
module.exports = router;

Express Sample

To see a complete working example download Express sample from our Github repository or simply deploy to Heroku by clicking following button. You will need to provide Axioms domain and Axioms audience to complete deployment.

Deploy

Edit sample-vuejs