expressots icon indicating copy to clipboard operation
expressots copied to clipboard

Published 20 hours ago verified publisher icon expressots

Implement JWT Provider

Open rsaz opened this issue 1 year ago • 3 comments

Description

This task involves creating a JWT (JSON Web Token) Provider within the ExpressoTS framework. The provider will be responsible for generating, verifying, and managing JWTs, which are critical for secure authentication and authorization processes. While jsonwebtoken is suggested, the developer is encouraged to evaluate and propose any superior alternatives.

Goals

  • Secure Token Management: The JWT provider should ensure tokens are generated and managed securely, incorporating best practices to prevent common security vulnerabilities.
  • Ease of Use: It should offer a simple and straightforward interface for other components within the framework to generate and verify tokens.
  • Flexibility: The provider must be configurable to accommodate different use cases and security requirements.

Requirements

Provider Setup:

  • Evaluate the jsonwebtoken library and any other potential libraries for JWT management. Select the most suitable option based on features, security, performance, and community support.
  • Create a new provider class that adheres to the IProvider interface from the ExpressoTS core.

Token Generation:

  • Implement a method for generating JWTs with support for custom claims and expiration settings.
  • Ensure the generation process is compliant with the latest security standards for token-based authentication.

Token Verification:

  • Provide a method for verifying JWTs, including signature validation and claim checks.
  • Handle common JWT verification issues gracefully, providing meaningful error messages.

Configuration:

  • Allow for easy configuration of token secret keys, algorithm selection, and other JWT settings through environment variables or configuration files.

Testing:

  • Develop a comprehensive test suite to verify token generation, expiration, signature validation, and error handling.
  • Include tests for different configuration scenarios to ensure flexibility and robustness.

Documentation:

  • Document the provider’s methods, configurations, and usage within the ExpressoTS framework.
  • Provide sample code and use-case scenarios to guide developers on how to utilize the JWT provider for authentication and authorization.

Integration:

  • Ensure the provider integrates seamlessly with the ExpressoTS authentication and authorization mechanisms.
  • The JWT provider should be easy to plug into existing applications built on the ExpressoTS framework with minimal configuration.

Deliverables

  • [ ] A fully implemented JWT provider compatible with the ExpressoTS framework.
  • [ ] A detailed report comparing jsonwebtoken with any other evaluated libraries, justifying the selection.
  • [ ] A test suite covering all aspects of the JWT provider.
  • [ ] Comprehensive documentation and usage examples.

rsaz avatar Apr 08 '24 04:04 rsaz

Code example

rsaz avatar Apr 08 '24 04:04 rsaz

Hey @rsaz is this issue still up for grasp? I am willing to implement this

devsargam avatar Jul 04 '24 08:07 devsargam

Hey @rsaz is this issue still up for grasp? I am willing to implement this

Hi @devsargam thanks for reaching out. Currently JWT Provider is being developed by @projectjimcs, in fact he is almost finishing the implementation.

However, here is the roadmap of the ExpressoTS and has tons of areas that needs implementation. Please take a look in a area that you would like to study, learn and implement that I can define a precise task for you in the field that you are more inclined to work on. Looking forward in hearing from you.

image

rsaz avatar Jul 04 '24 17:07 rsaz