refactor

Author: felixheck

package-lock.json

@@ -41,15 +41,15 @@
     "ava": "^0.20.0",
     "coveralls": "^2.13.1",
     "hapi": "^16.4.3",
+    "jsonwebtoken": "^7.4.1",
     "nock": "^9.0.14",
     "nyc": "^11.0.3",
     "standard": "^10.0.2"
   },
   "dependencies": {
-    "axios": "^0.16.2",
     "boom": "^5.2.0",
     "joi": "^10.6.0",
-    "jsonwebtoken": "^7.4.1",
+    "keycloak-auth-utils": "^3.2.1",
     "lodash": "^4.17.4"
   },
   "peerDependencies": {

package.json

@@ -1,17 +1,18 @@
-const axios = require('axios')
-const jwt = require('jsonwebtoken')
+const { GrantManager } = require('keycloak-auth-utils')
+const Token = require('keycloak-auth-utils/lib/token')
 const cache = require('./cache')
 const token = require('./token')
 const { error, fakeReply, verify } = require('./utils')
 const pkg = require('../package.json')
 
 /**
- * @type Object
+ * @type {Object|GrantManager}
  * @private
  *
- * The plugin related options
+ * The plugin related options and GrantManager instance.
  */
 let options
+let manager
 
 /**
  * @function
@@ -25,16 +26,7 @@ let options
  * @returns {Promise} The error-handled promise
  */
 function validateOffline (token) {
-  const {
-    publicKey,
-    verifyOpts = { algorithms: ['RS256', 'RS384', 'RS512'] }
-  } = options
-
-  return new Promise((resolve, reject) => {
-    jwt.verify(token, publicKey, verifyOpts, (err, decoded) => {
-      err ? reject(err) : resolve(decoded)
-    })
-  })
+  return manager.validateToken(new Token(token, options.clientId))
 }
 
 /**
@@ -49,12 +41,8 @@ function validateOffline (token) {
  * @returns {Promise} The error-handled promise
  */
 function validateOnline (token) {
-  return axios.post(`${options.realmUrl}/protocol/openid-connect/token/introspect`, {
-    token,
-    client_secret: options.secret,
-    client_id: options.clientId
-  }).then(({ data }) => {
-    if (!data.active) {
+  return manager.validateAccessToken(token).then((res) => {
+    if (res === false) {
       throw Error(error.msg.invalid)
     }
 
@@ -149,6 +137,8 @@ function strategy (server) {
  */
 function plugin (server, opts, next) {
   options = verify(opts)
+  manager = new GrantManager(options)
+
   cache.init(server, options.cache)
 
   server.auth.scheme('keycloak-jwt', strategy)

src/index.js

@@ -15,17 +15,13 @@ const scheme = joi.object({
     joi.string().regex(/^-----BEGIN(?: RSA)? PUBLIC KEY-----[\s\S]*-----END(?: RSA)? PUBLIC KEY-----\s?$/ig, 'PEM'),
     joi.object().type(Buffer)
   ),
-  verifyOpts: joi.object({
-    ignoreExpiration: joi.any().forbidden(),
-    ignoreNotBefore: joi.any().forbidden()
-  }).unknown(true),
+  minTimeBetweenJwksRequests: joi.number().integer().positive().allow(0).default(0),
   cache: joi.alternatives().try(joi.object({
     segment: joi.string().default('keycloakJwt')
   }), joi.boolean()).default(false),
   userInfo: joi.array().items(joi.string().min(1))
 })
-.xor('secret', 'publicKey')
-.without('secret', 'verifyOpts')
+.nand('secret', 'publicKey')
 .required()
 
 /**