ian/directus-extension-external-jwt

Fork 0

Go to file

Ian Kibet 63a0d5948a

Release / Release (push) Has been cancelled

Details

fix 🐛: type fix and role assertion

2025-06-01 15:58:00 +03:00

.devcontainer

update sdk

2025-02-20 13:47:33 +00:00

.github

ci: update node version to 22

2025-02-20 14:11:05 +00:00

.idea

chore 🎫: cleanup

2025-06-01 15:16:25 +03:00

docker

add actions

2023-08-01 14:42:30 +00:00

extensions/directus-extension-external-jwt

chore 🎫: cleanup

2025-06-01 15:16:25 +03:00

src

fix 🐛: type fix and role assertion

2025-06-01 15:58:00 +03:00

test/hooks/directus-extension-external-jwt

patch: update sdk and packages. tested with directus 10.6.1 (#11 )

2023-08-30 14:25:40 +02:00

.env.example

fix: upgrade directus sdk to version 11 (#20 )

2024-06-05 11:52:05 +02:00

.eslintignore

feat: initial commit

2023-08-02 11:42:48 +00:00

.eslintrc

feat: initial commit

2023-08-02 11:42:48 +00:00

.gitignore

chore 🎫: cleanup

2025-06-01 15:16:25 +03:00

.npmrc

feat: initial commit

2023-08-02 11:42:48 +00:00

.prettierrc

initial

2025-05-27 21:42:25 +03:00

.releaserc.yaml

ci: add releaserc and set node version to 20

2024-06-05 10:28:49 +00:00

compose.yml

initial

2025-05-27 21:42:25 +03:00

Dockerfile

chore: add back dockerfile

2024-06-05 10:01:02 +00:00

index.js

initial

2025-05-27 21:42:25 +03:00

LICENSE

first commit

2023-07-31 02:55:15 +02:00

package.json

chore 🎫: cleanup

2025-06-01 15:16:25 +03:00

README.md

fix: resolve scurity vulnerabilites

2025-02-20 14:05:38 +00:00

redis.conf

fix: add default redis config for testing

2024-03-10 10:56:40 +00:00

tsconfig.json

chore 🎫: cleanup

2025-06-01 15:16:25 +03:00

vitest.config.ts

feat: initial commit

2023-08-02 11:42:48 +00:00

yarn-error.log

chore 🎫: cleanup

2025-06-01 15:16:25 +03:00

yarn.lock

chore 🎫: cleanup

2025-06-01 15:16:25 +03:00

README.md

External JWT Plugin for Directus

This plugin serves as a way to make Directus trust externally signed JWT tokens from an OIDC or OAuth2 provider.

The plugin expects to resolve the following new configuration options.

The provider must issue Access tokens as JWT since this is used for verification right now. (Support for general tokens may be added later.)

If USEDB is enabled the extension will try to search for the user in the database by looking at the sub in the JWT token. The user must exist and all roles for that user will be used.

When using USEDB you should also enable the caching option to reduce the time spent against the API and reduce the number of DB lookups. The cache stores the user object based on the sub in the token.

USEDB also validates that the issuer is the same as assigned to the user.

Configuration

All configuration options listed here are an extension to Directus' default config.

ENV Variable	Supported values	Description
AUTH_PROVIDER_TRUSTED	`true`/`false`	Must be true for the provider to be considered trusted. Warning: Do not trust public providers as they can generate tokens that you cannot control.
AUTH_PROVIDER_JWT_ROLE_KEY	String	The key in the JWT payload that contains the role information.
AUTH_PROVIDER_JWT_ADMIN_KEY	String	The key in the JWT payload that indicates if admin rights should be granted.
AUTH_PROVIDER_JWT_APP_KEY	String	The key in the JWT payload that allows app access if set to true.
AUTH_PROVIDER_JWT_USEDB	Boolean	If enabled, the plugin resolves the user and roles from the Directus database using the token (“sub” for OIDC). Should be used only with an enabled Redis Cache.
AUTH_PROVIDER_JWKS_URL	String	The URL from which to fetch the JSON Web Key Set (JWKS) for token verification.
AUTH_PROVIDER_JWKS_KEYS	JSON	Inline JSON Web Keys for token verification if not using a JWKS URL.
CACHE_JWT_NAMESPACE	String	The namespace used in the cache store for JWT-related entries.
CACHE_JWT_TTL	Number	Time to live (in milliseconds) for the cached user entry. Default is 5000 (5 seconds).
REDIS_JWT_DB	Number	The Redis database number to use for JWT caching. Default is 2.