Merge pull request #797 from coralproject/jwt-alg

JWT Changes
This commit is contained in:
Kim Gardner
2017-07-25 10:01:00 -04:00
committed by GitHub
2 changed files with 6 additions and 1 deletions
+3
View File
@@ -34,6 +34,9 @@ const CONFIG = {
// JWT_EXPIRY is the time for which a given token is valid for.
JWT_EXPIRY: process.env.TALK_JWT_EXPIRY || '1 day',
// JWT_ALG is the algorithm used for signing jwt tokens.
JWT_ALG: process.env.TALK_JWT_ALG || 'HS256',
//------------------------------------------------------------------------------
// Installation locks
//------------------------------------------------------------------------------
+3 -1
View File
@@ -21,6 +21,7 @@ const {
JWT_ISSUER,
JWT_EXPIRY,
JWT_AUDIENCE,
JWT_ALG,
RECAPTCHA_SECRET,
RECAPTCHA_ENABLED
} = require('../config');
@@ -219,6 +220,7 @@ passport.use(new JwtStrategy({
// Prepare the extractor from the header.
jwtFromRequest: ExtractJwt.fromExtractors([
cookieExtractor,
ExtractJwt.fromUrlQueryParameter('access_token'),
ExtractJwt.fromAuthHeaderWithScheme('Bearer')
]),
@@ -233,7 +235,7 @@ passport.use(new JwtStrategy({
audience: JWT_AUDIENCE,
// Enable only the HS256 algorithm.
algorithms: ['HS256'],
algorithms: [JWT_ALG],
// Pass the request object back to the callback so we can attach the JWT to
// it.