@edgefirst-dev/jwt
Advanced tools
A high-level library for working with JSON Web Tokens (JWT), making it easier to create, sign, verify, decode, and manage JWTs in your application.
Install the library along with an implementation of the @mjackson/file-storage
bun add @edgefirst-dev/jwt @mjackson/file-storage
Easily create a JWT instance and access claims dynamically.
import { JWT } from "@edgefirst-dev/jwt";
let jwt = new JWT(payload);
jwt.issuer; // Read the issuer (iss) claim
jwt.uid; // Read the uid claim
To sign a JWT, you need a signing key.
import { JWT, JWK } from "@edgefirst-dev/jwt";
import { MemoryFileStorage } from "@mjackson/file-storage/memory";
let storage = new MemoryFileStorage();
let jwt = new JWT(payload);
let token = await jwt.sign(JWK.Algoritm.ES256, await JWK.signingKeys(storage));
Verify a JWT against signing keys, checking its audience and issuer
import { JWT, JWK } from "@edgefirst-dev/jwt";
let jwt = await JWT.verify(token, await JWK.signingKeys(storage), {
audience: "api.example.com",
issuer: "idp.example.com",
});
Decode a JWT without verifying its signature.
import { JWT } from "@edgefirst-dev/jwt";
let jwt = JWT.decode(token);
Customize the JWT class to add custom claims or override existing ones.
import { JWT } from "@edgefirst-dev/jwt";
class CustomJWT extends JWT {
override get issuer() {
return this.parser.string("iss");
}
get userId() {
return this.parser.string("uid");
}
}
let customJWT = CustomJWT.decode(token);
Modify the claims of an existing JWT instance.
import { JWT } from "@edgefirst-dev/jwt";
let jwt = new JWT();
jwt.issuer = "new-issuer";
jwt.uid = "new-uid";
You can verify a JWT using a locally managed JSON Web Key Set (JWKS).
// We need to generate and import the key pairs
let keyPair = await JWK.importKeyPair(
await JWK.generateKeyPair(JWK.Algoritm.ES256)
);
let jwks = await JWK.importLocal(
{ keys: [keyPair.jwk] },
{ alg: JWK.Algoritm.ES256 }
);
let token = await new JWT(payload).sign(JWK.Algoritm.ES256, [keyPair]);
let jwt = await JWT.verify(token, jwks);
Or you can fetch and use a remote JWKS to verify a JWT.
let jwks = await JWK.importRemote(
new URL("https://example.com/.well-known/jwks.json"),
{ alg: JWK.Algoritm.ES256 }
);
let jwt = await JWT.verify(token, jwks);
To expose your JWKS in a well-known endpoint.
let keys = await JWK.signingKeys(storage);
let response = Response.json(JWK.toJSON(keys));
FAQs
A library to simplify using JWT in your application.
The npm package @edgefirst-dev/jwt receives a total of 315 weekly downloads. As such, @edgefirst-dev/jwt popularity was classified as not popular.
We found that @edgefirst-dev/jwt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.