Documentation
Tutorials
Changelog Contribution Guide Environment Setup Localization and Translation in the Open Innovation lab Technical guide for API developers CI Workflow Deployment Guide Reviewing pull requests Secret Access/Management

Module

Basic Authentication

This module contains the basic authentication middleware.

View Source API/src/middlewares/auth.js, line 1

Requires

  • module:../utils/errors
  • module:jsonwebtoken
  • module:../models/token.models
  • module:../utils/token
  • module:../utils/config

Methods

# inner basicAuth(token_type) → {function}

This middleware checks if the incoming request has a valid authorization header with a JWT token, and verifies the token to ensure that it's valid. It also checks if the token has been blacklisted or revoked, and ensures that the user's account is active before allowing the request to proceed to the next middleware.The middleware function returns a Promise that resolves if the authorization header and token are valid and the user's account is active, or rejects with an UnauthenticatedError if any of these conditions are not met.



If a token_type parameter is specified, the middleware function will use the JWT secret for the specified token type to verify the token. If the token_type parameter is not specified, the function will use the default access token secret defined in the configuration file.



If the incoming request is a GET request to the /authtoken endpoint, the middleware will return a new access token for the user, without performing any authorization checks.

Parameters:
Name Type Default Description
token_type string null

(optional) - specifies the type of token to be used

View Source API/src/middlewares/auth.js, line 80

If the request does not have a valid authorization header.

UnauthenticatedError

If the token is invalid.

UnauthenticatedError

If the token has been blacklisted.

UnauthenticatedError

If the user's account is not active.

UnauthenticatedError

Express middleware function

function
Examples
// Use basicAuth middleware to authenticate incoming requests
app.get('/api/protected', basicAuth(), (req, res) => {
  // do something with req.user and req.token
  res.send('Hello World');
});
// Use basicAuth middleware to authenticate incoming requests for a specific token type
app.get('/api/protected', basicAuth('verifycation'), (req, res) => {
  // here the token type is specified as verification
  // do something with req.user and req.token
  res.send('Hello World');
});