Basic token validation implementation (#4368)

* Initial commit.
* Implement basic validation claims checks, add configuration defaults,
* Update tokenValidator, add http client, update errors
* Add CryptoProvider
* Add linting
* Update TokenValidationParameters in line with Wilson
* Add JWT token type
* Test set up
* Update token validator checks and OpenIdConfigProvider properties
* Add tests for TokenValidator and OpenIdConfigProvider, update jset.config
* Add node-token-validation to CI workflow
* Update sample and readme.
* Add base readme and update codeowners
* Update labeler

Co-authored-by: Prithvi Kanherkar <[email protected]>
Co-authored-by: Thomas Norling <[email protected]>
Co-authored-by: Jason Nutter <[email protected]>

Author: 4 people

.github/labeler.yml

@@ -16,6 +16,8 @@ msal-browser:
   - lib/msal-browser/**/*
 msal-react:
   - lib/msal-react/**/*
+node-token-validation:
+  - lib/node-token-validation/**/*
 adal.js:
   - maintenance/adal-angular/**/*
 passport-azure-ad:

.github/workflows/build-test-pr.yml

@@ -32,24 +32,27 @@ jobs:
           # browser/node filter will match any path under common as well as their own
           # angular/react filter will match any path under common and browser as well as their own
           filters: |
-            core:
+            msal-core:
               - 'lib/msal-core/**/**.!(md)'
               - '.github/workflows/build-test-pr.yml'
-            common: &common
+            msal-common: &common
               - 'lib/msal-common/**/**.!(md)'
               - '.github/workflows/build-test-pr.yml'
-            browser: &browser
+            msal-browser: &browser
               - *common
               - 'lib/msal-browser/**/**.!(md)'
-            node:
+            msal-node:
               - *common
               - 'lib/msal-node/**/**.!(md)'
-            angular:
+            msal-angular:
               - *browser
               - 'lib/msal-angular/**/**.!(md)'
-            react:
+            msal-react:
               - *browser
               - 'lib/msal-react/**/**.!(md)'
+            node-token-validation:
+              - *common
+              - 'lib/node-token-validation/**/**.!(md)'
 
       - uses: dorny/paths-filter@v2
         id: extensions-filter
@@ -71,7 +74,7 @@ jobs:
           # e.g. ['package1', 'package2'] if both package folders contains changes
           library: ${{ fromJSON(needs.pre-check.outputs.packages) }}
 
-    name: msal-${{ matrix.library }}
+    name: ${{ matrix.library }}
 
     steps:
     - uses: actions/checkout@v2
@@ -95,23 +98,23 @@ jobs:
       run: npm ci
 
     - name: Build packages
-      working-directory: lib/msal-${{ matrix.library }}
+      working-directory: lib/${{ matrix.library }}
       run: npm run build:all
 
     - name: Lint
-      working-directory: lib/msal-${{ matrix.library }}
+      working-directory: lib/${{ matrix.library }}
       run: npm run lint
 
     - name: Unit Tests with coverage
-      working-directory: lib/msal-${{ matrix.library }}
+      working-directory: lib/${{ matrix.library }}
       run: npm run test:coverage
 
     - name: Upload Test Coverage to CodeCov
       if: success()
       uses: codecov/codecov-action@v2
       with:
-        files: lib/msal-${{matrix.library}}/coverage/lcov.info
-        flags: msal-${{ matrix.library }}
+        files: lib/${{matrix.library}}/coverage/lcov.info
+        flags: ${{ matrix.library }}
 
   extensions-build-test:
     needs: pre-check

.github/workflows/build-test-push-to-dev.yml

@@ -27,6 +27,7 @@ jobs:
             - msal-node
             - msal-angular
             - msal-react
+            - node-token-validation
 
     name: ${{ matrix.library }}
 

CODEOWNERS

@@ -33,6 +33,10 @@
 /lib/msal-react/ @tnorling @jasonnutter @jo-arroyo @peterzenz
 /samples/msal-react-samples/ @tnorling @jasonnutter @jo-arroyo @peterzenz
 
+# Node Token Validation
+/lib/node-token-validation @jo-arroyo @pkanher617 @peterzenz
+/samples/node-token-validation @jo-arroyo @pkanher617 @peterzenz
+
 ## ADAL.js
 /maintenance/adal-angular @jasonnutter @sameerag @pkanher617 @peterzenz
 

change/@azure-node-token-validation-7f710590-0a83-448e-9a03-d398955429f8.json

@@ -0,0 +1,7 @@
+{
+  "type": "none",
+  "comment": "Implement basic token validation #4368",
+  "packageName": "@azure/node-token-validation",
+  "email": "[email protected]",
+  "dependentChangeType": "none"
+}

lib/node-token-validation/.babelrc

@@ -0,0 +1,15 @@
+{
+    "presets": [
+        "@babel/preset-typescript",
+        [
+            "@babel/preset-env",
+            {
+                "modules": "commonjs"
+            }
+        ]
+    ],
+    "plugins": [
+        "@babel/proposal-class-properties",
+        "@babel/proposal-object-rest-spread"
+    ]
+}

lib/node-token-validation/.gitignore

@@ -0,0 +1,265 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+
+# Visual Studio 2015 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# DNX
+project.lock.json
+artifacts/
+
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# TODO: Comment the next line if you want to checkin your web deploy settings
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/packages/*
+# except build/, which is used as an MSBuild target.
+!**/packages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/packages/repositories.config
+# NuGet v3's project.json files produces more ignoreable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.pfx
+*.publishsettings
+node_modules/
+orleans.codegen.cs
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+*.mdf
+*.ldf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# Coverage
+coverage/
+
+# JetBrains Rider
+.idea/
+*.sln.iml
+
+# Istanbul Code Coverage
+.nyc_output/
+
+# MSAL specific ignore files
+node_modules/
+typings/
+lib/
+dist/
+ref/

lib/node-token-validation/.huskyrc

@@ -0,0 +1,5 @@
+{
+  "hooks": {
+      "pre-commit": "npm run lint"
+  }
+}