Use to integrate with CWBI (Civil Works Business Intelligence) auth.  This system is designed to work behind the EAMS (Enterprise Access Management Service - Army) SAML (Security Assertion Markup Language) proxy and issue tokens to client applications for use with API requests.  For this to work your application must be deployed behind an EAMS proxy inside one of the CWBI development VPCs (Virtual Private Clouds) in AWS (Amazon Web Services).  Wow, that's a lot of acronyms...


import { createAuthBundle } from '@corpsmap/bundles';

const bundle = createAuthBundle({
  // optional, default 'auth'
  name: <string>, 
  // optional, use to point at another auth server
  url: <string>, 
  // GUID of application to use with cwbi-auth    
  appId: <string>, 
  // The bundle will check to see if the token has expired 
  // every N milliseconds, defaults to 1 minute.
  verifyInterval: <number> 


  payload: {
    token: <string>, // -> JSON web token
    error: null,
    shouldVerifyToken: true
  payload: {
    token: null,
    error: null
  type: AUTH_ERROR,
  payload: {
    token: null,
    error: <object>
  payload: {
    shouldVerifyToken: false

Action Creators

doAuthLogin() sends an XHR request to the login server, using the users CAC to login, if successful, will set the token in the store.

doAuthLogout() logs the user out and sets the token to null in the store.

doAuthVerifyToken() makes sure the token in the store is not expired, if it is, then it will fire doAuthLogout(), normally this is handled under the hood, you shouldn't need to use this action creator manually.


selectAuthUrl returns the url used for authorization, either the url supplied in the config, or the cwbi-auth url with the app id supplied.

selectAuthTokenRaw returns the raw JSON web token.

selectAuthTokenHeader returns the header object from the JSON web token.

selectAuthTokenPayload returns the payload object from the JSON web token.

selectAuthTokenExp returns the expiration timestamp of the JSON web token.

selectAuthTokenIsExpired checks the expiration timestamp against the current time and returns whether or not the token is expired.

selectAuthUsername returns the logged in username from the token if there is one.

selectAuthEdipi returns the EDIPI from the token payload if there is one.

selectAuthRoles returns the roles array from the token.

selectAuthGroups returns the group portion of each role in a new array.

selectAuthGroupRoles returns an object whose keys are the distinct groups from the roles array and the keys are an array of roles associated with each group.

selectAuthIsLoggedIn returns whether the bundle has a token or not.


The bundle will store the user token across refreshes if you have caching set up in your store.  It is really recommended that you use money-clip to cache state, otherwise your login will reset every time the user hits refresh.