-
Notifications
You must be signed in to change notification settings - Fork 4
/
embeds-session-tokens.js
108 lines (97 loc) · 4.15 KB
/
embeds-session-tokens.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// This module is important for integrations using [Checkr
// Embeds](https://docs.checkr.com/embeds/) to make background check requests.
// These integrations will use the
// [@checkr/web-sdk](https://www.npmjs.com/package/@checkr/web-sdk) to setup UI
// components, and these components require session tokens to operate.
//
// This code walkthrough describes how to setup an endpoint to request these
// Checkr Embeds session tokens. It will provide a working code example for the
// Embeds [Add Authentication
// docs](https://docs.checkr.com/embeds/#section/Getting-Started/Add-authentication).
import express from 'express'
import fetch from 'node-fetch'
import database from '../db.js'
import {authenticateAndAuthorizeUser} from '../authenticateUser.js'
import bearerToken from 'express-bearer-token'
import {parseJSON} from '../helpers/index.js'
import {decrypt} from '../encryption.js'
const sessionTokensRouter = express.Router().use(bearerToken())
// Embeds Session Token Authentication
// ---------------
// When your Checkr Embeds components initializes, they will call this private
// endpoint to create session token for themselves. <mark>Each request to this
// endpoint must be authenticated and authorized before a session token can be
// created.</mark>
sessionTokensRouter.post('/api/embeds-session-tokens', async (req, res) => {
let userAccountID
try {
userAccountID = authenticateAndAuthorizeUser(req.token)
} catch (error) {
res.status(401).send({
errors: [error],
})
return
}
const db = await database()
// Next, we use the user information in the valid JWT to find their Checkr
// access token.
const account = db.data.accounts.find(a => a.id === userAccountID)
const accessToken = await decrypt(account.checkrAccount.accessToken)
// #### Request an embeds session token
//
// To request a session token from Checkr we assemble the required variables here:
// - ```CHECKR_API_URL``` which is ```https://api.checkr-staging.com``` in the testing environment and ```https://api.checkr.com``` in production
// - ```basicAuthUsername``` This request is an ```HTTP POST``` that uses
// basic authentication. The basic auth username is the user's access
// token and the password is blank.
//
// For more information about this request, please refer to the [Embeds Add
// Authentication
// docs](https://docs.checkr.com/embeds/#new-invitation-auth-2-request).
const basicAuthUsername = Buffer.from(`${accessToken}`).toString('base64')
const response = await fetch(
`${process.env.CHECKR_API_URL}/v1/web_sdk/session_tokens`,
{
headers: {
Authorization: `Basic ${basicAuthUsername}:`,
'Content-Type': 'application/json',
},
method: 'POST',
body: JSON.stringify({
// If you are a partner requesting a session token on behalf of your
// customer, you only need the scopes property in your request body to
// Checkr. If you are a direct customer of checkr, you will need to
// provide another key in this request body object: ```"direct":
// true```. For more information on direct customer requests, refer to
// the Direct Customer Request code section in [Embeds Add Authentication
// docs](https://docs.checkr.com/embeds/#section/Getting-Started/Add-authentication).
scopes: ['order'],
}),
},
)
const jsonBody = await parseJSON(response)
if (!response.ok) {
res.status(response.status).send(jsonBody)
return
}
// A successful ```HTTP POST``` request to
// ```${process.env.CHECKR_API_URL}/v1/web_sdk/session_tokens``` will have
// the following response body:
//
// {
// token: <some-token-value>
// }
//
// Pass this response object along to the UI component, and you're done.
res.send(jsonBody)
// After creating this endpoint, be sure to set its path as the
// ```sessionTokenPath``` property in your Checkr Embeds UI components. For
// example, the ```NewInvitation``` Checkr component would look like:
//
// NewInvitation({
// sessionTokenPath: '/api/embeds-session-tokens',
// ...
// })
//
})
export default sessionTokensRouter