feat(0.4.1): add custom login support

playlyfe · May 15, 2015 · 69c83f8 · 69c83f8
1 parent 9faee83
commit 69c83f8
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -93,6 +93,17 @@ exchangeCode(code)
 ```
 atleast once. After this you can make any requests as the user has to be authenticated first.
 
+## 3. Custom Login Flow using JWT(JSON Web Token)
+```js
+var token = Playlyfe.createJWT({
+    client_id: 'your client_id', 
+    client_secret: 'your client_secret', 
+    player_id: 'johny', // The player id associated with your user
+    scopes: ['player.runtime.read', 'player.runtime.write'], // The scopes the player has access to
+    expires: 3600; // 1 hour
+})
+```
+This is used to create jwt token which can be created when your user is authenticated. This token can then be sent to the frontend and or stored in your session. With this token the user can directly send requests to the Playlyfe API as the player.
 
 # Documentation
 You can initiate a client by giving the client_id and client_secret params
@@ -183,7 +194,7 @@ This is thrown whenever an error occurs in each call. The Error contains the `na
 
 License
 =======
-Playlyfe NodeJS SDK v0.4.0  
+Playlyfe NodeJS SDK v0.4.1  
 http://dev.playlyfe.com/  
 Copyright(c) 2013-2014, Playlyfe IT Solutions Pvt. Ltd, [email protected]  
 

diff --git a/lib/playlyfe.js b/lib/playlyfe.js
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "playlyfe",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "Playlyfe SDK for NodeJS",
   "keywords": [
     "playlyfe",
@@ -45,7 +45,8 @@
   "dependencies": {
     "request-promise": "0.4.2",
     "lodash": "2.4.1",
-    "bluebird": "2.9.25"
+    "bluebird": "2.9.25",
+    "jsonwebtoken": "5.0.0"
   },
   "devDependencies": {
     "coffee-script": "1.9.2",

diff --git a/src/playlyfe.coffee b/src/playlyfe.coffee
@@ -1,6 +1,7 @@
 request = require 'request-promise'
 Promise = require 'bluebird'
 _ = require 'lodash'
+jwt = require 'jsonwebtoken'
 
 class PlaylyfeException extends Error
 
@@ -21,6 +22,15 @@ class PlaylyfeException extends Error
 
 class Playlyfe
 
+  @createJWT: (options) ->
+    {client_id, client_secret, player_id, scopes, expires} = options
+    scopes ?= []
+    expires ?= 3600
+    payload = { player_id: player_id, scopes: scopes }
+    token = jwt.sign(payload, client_secret, { algorithm: 'HS256', expiresInSeconds: expires })
+    token = "#{client_id}:#{token}"
+    token
+
   constructor: (@options) ->
     if _.isUndefined @options then throw new Error('You must pass in options')
     if _.isUndefined @options.type then throw new Error('You must pass in type which can be code or client')
@@ -73,7 +83,7 @@ class Playlyfe
       else
         Promise.resolve(res_body)
     .catch (err) =>
-      if /application\/json/.test(err.response.headers['content-type'])
+      if err.response? and /application\/json/.test(err.response.headers['content-type'])
         res_body = JSON.parse(err.response.body.toString())
         if res_body.error is 'invalid_access_token'
           @getAccessToken()

diff --git a/test/test.coffee b/test/test.coffee
@@ -1,6 +1,7 @@
 {Playlyfe, PlaylyfeException} = require '../src/playlyfe'
 assert = require 'assert'
 Promise = require 'bluebird'
+jwt = require 'jsonwebtoken'
 
 player = { player_id: 'student1' }
 access_token = null
@@ -97,6 +98,35 @@ describe 'The SDK Options and Flow', ->
     )
     next()
 
+  it 'should create a jwt token', (next) ->
+    token = Playlyfe.createJWT({ client_id: client_id, client_secret: client_secret, player_id: 'student1'})
+    try
+      decoded = jwt.verify(token, client_secret)
+    catch err
+      assert.equal(err.name, 'JsonWebTokenError')
+      assert.equal(err.message, 'invalid token')
+      try
+        [cid, token] = token.split(':')
+        decoded = jwt.verify(token, 'wrong_secret')
+      catch err
+        assert.equal(err.name, 'JsonWebTokenError')
+        assert.equal(err.message, 'invalid signature')
+        decoded = jwt.verify(token, client_secret)
+        assert.equal(decoded.player_id, 'student1')
+        next()
+
+  it 'should check for expired jwt', (next) ->
+    token = Playlyfe.createJWT({ client_id: client_id, client_secret: client_secret, player_id: 'student1', expires: 2 })
+    [cid, token] = token.split(':')
+    setTimeout( ->
+      try
+        decoded = jwt.verify(token, client_secret)
+      catch err
+        assert.equal(err.name, 'TokenExpiredError')
+        assert.equal(err.message, 'jwt expired')
+        next()
+    , 5000)
+
   it.skip 'should exchange code', (next) ->
 
   it.skip 'should refresh an access token in authorization code flow', (next) ->