From 3f304823ca1328f01c2436d7112798f0bac4508f Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Tue, 25 Jul 2017 15:55:40 +1000 Subject: [PATCH] Added new config for jwt alg + added query parsing of access token --- config.js | 3 +++ services/passport.js | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/config.js b/config.js index e3dd4578c..703be06be 100644 --- a/config.js +++ b/config.js @@ -34,6 +34,9 @@ const CONFIG = { // JWT_EXPIRY is the time for which a given token is valid for. JWT_EXPIRY: process.env.TALK_JWT_EXPIRY || '1 day', + // JWT_ALG is the algorithm used for signing jwt tokens. + JWT_ALG: process.env.TALK_JWT_ALG || 'HS256', + //------------------------------------------------------------------------------ // Installation locks //------------------------------------------------------------------------------ diff --git a/services/passport.js b/services/passport.js index 8396cc581..7a178039a 100644 --- a/services/passport.js +++ b/services/passport.js @@ -21,6 +21,7 @@ const { JWT_ISSUER, JWT_EXPIRY, JWT_AUDIENCE, + JWT_ALG, RECAPTCHA_SECRET, RECAPTCHA_ENABLED } = require('../config'); @@ -219,6 +220,7 @@ passport.use(new JwtStrategy({ // Prepare the extractor from the header. jwtFromRequest: ExtractJwt.fromExtractors([ cookieExtractor, + ExtractJwt.fromUrlQueryParameter('access_token'), ExtractJwt.fromAuthHeaderWithScheme('Bearer') ]), @@ -233,7 +235,7 @@ passport.use(new JwtStrategy({ audience: JWT_AUDIENCE, // Enable only the HS256 algorithm. - algorithms: ['HS256'], + algorithms: [JWT_ALG], // Pass the request object back to the callback so we can attach the JWT to // it.