Brightspace Auth Keys

9.0.1 verified Sat Apr 25 auth: no javascript

Library for generating, storing, and retrieving keypairs (RSA/ECDSA) for Brightspace's auth framework. Current stable version is 9.0.1, requires Node >=20.x. Key differentiator: provides abstract store pattern for pluggable backends (Redis, SQL, etc.) and integrates with D2L Auth Token Provisioner. Release cadence is irregular, mostly breaking changes for Node version bumps.

Common errors

error TypeError: Class constructor AbstractPublicKeyStore cannot be invoked without 'new' ↓

cause Calling AbstractPublicKeyStore as a function without new in ES module context

fix

Use class extends AbstractPublicKeyStore { ... } and instantiate with new MyStore()

error Error: signingKeyType must be either 'RSA' or 'EC' ↓

cause Missing or invalid signingKeyType option in KeyGenerator constructor

fix

Set signingKeyType: 'EC' or signingKeyType: 'RSA' in options

error TypeError: store._storePublicKey is not a function ↓

cause Store instance does not implement _storePublicKey method required by AbstractPublicKeyStore

fix

Implement _storePublicKey(key, expiry) method returning a Promise

Warnings

breaking Node.js version requirement changed from >=12 to >=20 in v9 ↓

fix Upgrade Node.js to 20.x or later, or pin to v8.x

breaking Package is ESM-only since v9; no CommonJS default export ↓

fix Use ES module imports (import ... from 'brightspace-auth-keys') or dynamic import

gotcha KeyGenerator requires both signingKeyType and publicKeyStore options; missing one throws immediately ↓

fix Always provide both signingKeyType and publicKeyStore in constructor options

gotcha AbstractPublicKeyStore._lookupPublicKeys must return an array of strings, not objects; non-string items cause runtime errors ↓

fix Ensure _lookupPublicKeys returns an array of opaque strings (e.g., JSON.stringify of JWK)

Install

npm install brightspace-auth-keys

yarn add brightspace-auth-keys

pnpm add brightspace-auth-keys

Imports

KeyGenerator

wrong

const KeyGenerator = require('brightspace-auth-keys').KeyGenerator

correct

import { KeyGenerator } from 'brightspace-auth-keys'

ESM-only since v9; CommonJS require still works in Node 20+

AbstractPublicKeyStore

wrong

const { AbstractPublicKeyStore } = require('brightspace-auth-keys')

correct

import { AbstractPublicKeyStore } from 'brightspace-auth-keys'

ESM-only since v9

default import

wrong

const brightspaceAuthKeys = require('brightspace-auth-keys')

correct

import brightspaceAuthKeys from 'brightspace-auth-keys'

Package has no default export; import * from or named imports required

Quickstart

Shows subclassing AbstractPublicKeyStore, instantiating KeyGenerator with EC settings, and retrieving the current private key.

import { KeyGenerator, AbstractPublicKeyStore } from 'brightspace-auth-keys';

class MyStore extends AbstractPublicKeyStore {
  async _storePublicKey(key, expiry) {
    // store key string with expiry
  }
  async _lookupPublicKeys() {
    // return array of key strings
    return [];
  }
}

const store = new MyStore();
const keyGenerator = new KeyGenerator({
  signingKeyType: 'EC',
  ec: { crv: 'P-256' },
  lifetimes: { keyUse: 3600, token: 300 },
  publicKeyStore: store
});

const privateKey = await keyGenerator.getCurrentPrivateKey();
console.log('Private key obtained:', privateKey);