chore(authentication-jwt): readme updated

readme.md to use refresh token and extra configurations
loopbackio · May 28, 2020 · 17542ee · 17542ee
1 parent d65d227
commit 17542ee
Showing 1 changed file with 52 additions and 3 deletions.
diff --git a/extensions/authentication-jwt/README.md b/extensions/authentication-jwt/README.md
@@ -80,7 +80,7 @@ export class MySequence implements SequenceHandler {
 </details>
 
 - mount jwt component in application
-
+- bind datasource to user service and refresh token
 <details>
 <summary><strong>Check The Code</strong></summary>
 <p>
@@ -109,9 +109,11 @@ export class TestApplication extends BootMixin(
     this.component(AuthenticationComponent);
     // Mount jwt component
     this.component(JWTAuthenticationComponent);
-    // Bind datasource
+    // Bind datasource for user 
     this.dataSource(DbDataSource, UserServiceBindings.DATASOURCE_NAME);
-
+    // Bind datasource for refresh token
+    this.dataSource(DbDataSource, RefreshTokenBindings.DATASOURCE_NAME);
+
     this.component(RestExplorerComponent);
     this.projectRoot = __dirname;
     // Customize @loopback/boot Booter Conventions here
@@ -163,6 +165,38 @@ The code snippet for whoAmI function:
     return this.user[securityId];
   }
 ```
+### End points with refresh token
+To add refresh token mechanism in your app. you have to call the following interrceptor.
+1. ('refresh-token-generate') : to generate the refresh token and access token when user logins to your app with provided credentials.
+
+  ```ts
+   @intercept('refresh-token-generate')
+  async refreshLogin(
+    @requestBody(CredentialsRequestBody) credentials: Credentials,
+  ): Promise<TokenObject> {
+    // ensure the user exists, and the password is correct
+    const user = await this.userService.verifyCredentials(credentials);
+    // convert a User object into a UserProfile object (reduced set of properties)
+    const userProfile: UserProfile = this.userService.convertToUserProfile(
+      user,
+    );
+    // create a JSON Web Token based on the user profile
+    const token = {
+      accessToken: await this.jwtService.generateToken(userProfile),
+    };
+    return token;
+  }
+  ```
+2. ('refresh-token-grant'): to genearate the access token by the refresh token obtained from the the last login end-point. 
+```ts
+  @intercept('refresh-token-grant')
+  async refresh(
+    @requestBody(RefreshGrantRequestBody) refreshGrant: RefreshGrant,
+  ): Promise<{token: string}> {
+    const token = '';
+    return {token};
+  }
+```
 
 The complete file is in
 [user.controller.ts](https://github.com/strongloop/loopback-next/tree/master/extensions/authentication-jwt/src/__tests__/fixtures/controllers/user.controller.ts)
@@ -293,6 +327,21 @@ provide your own `User` model and repository.
      }
    }
    ```
+### Extra configurations
+1. To change the token secret in your  application.ts
+```
+  // for jwt access token
+  this.bind(TokenServiceBindings.TOKEN_SECRET).to("<yourSecret>");
+  // for refresh token
+  this.bind(RefreshTokenInterceptorBindings.TOKEN_SECRET).to("<yourSecret>");
+``` 
+2. To change token expiration. to learn more about expiration time here at [Ziet/ms](https://github.com/zeit/ms)
+```
+  // for jwt access token expiration
+    this.bind(TokenServiceBindings.TOKEN_EXPIRES_IN).to("<Expiration Time in sec>");
+  // for refresh token expiration
+    this.bind(RefreshTokenInterceptorBindings.TOKEN_EXPIRES_IN).to("<Expiration Time in sec>");
+```
 
 ## Future Work