@jnode/auth
Advanced tools
@jnode/authSimple authorization package for Node.js.
npm i @jnode/auth
const { AuthService } = require('@jnode/auth');
const crypto = require('crypto');
// Generate a pair of keys for demonstration
const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 2048,
});
// Initialize the service
const auth = new AuthService(publicKey, privateKey);
// Sign a token
const token = auth.signToken({ alg: 'RSA-SHA256' }, { userId: 123, role: 'admin' });
// Example token output:
// ABR7ImFsZyI6IlJTQS1TSEEyNTYifQAdeyJ1c2VySWQiOjEyMywicm9sZSI6ImFkbWluIn1JG1YPNJNfZ2jA29DcqiU_HojNAC34mz0ueYYOZ45nbHg86Q_Q7RULHsQfMp1tn0AdeGC9gStX1QK-fCB7Qgt3kF85qCtlDcYywDrjwmg19H0XnWeD27fXCOmmcM-rLjkVe61WDEb8rktmtlMJAUtivDYJr8RxyI2kQF-ZddlrgukjzRtua2_FmWmohb5MeahhfQ6xmlM1HRbYSMlUBaGjSxx_Q4s3wNrpMNDWiDM0adA1iHH5h00VRo2t5iepytOY3YunEW3_UXKcqr9PZ8KV-ikW2mXXp45Xw39U96dkeD3M9dR3vexL8yBc8kNDeT6a8YpHb63HW8s6LUlV_jzB
// Verify a token
try {
const decoded = auth.verifyToken(token);
console.log('Decoded:', decoded);
/*
Output:
{
header: { alg: 'RSA-SHA256' },
payload: { userId: 123, role: 'admin' }
}
*/
} catch (err) {
console.error('Verification failed:', err.message);
}
@jnode/auth provides a lightweight and binary-safe alternative to JWT, focusing on a straightforward token format encoded in base64url.
The token structure is as follows:
This format ensures that the token is self-contained and tamper-proof while being extremely efficient to parse without complex regex or split operations.
auth.AuthServiceThe main class to handle signing and verification of tokens.
new auth.AuthService(publicKey, privateKey)publicKey <string> | <Buffer> | <KeyObject> The public key used for verification.privateKey <string> | <Buffer> | <KeyObject> The private key used for signing.AuthService.signToken(header, payload, privateKey)header <Object> | <Buffer> Token header data. Default: {}.payload <Object> | <Buffer> Token payload data. Default: {}.privateKey <string> | <Buffer> | <KeyObject>base64url encoded token.Signs the provided header and payload using the RSA-SHA256 algorithm.
AuthService.verifyToken(token, publicKey)token <string> | <Buffer> The token to verify.publicKey <string> | <Buffer> | <KeyObject>{ header, payload }.Parses and verifies the token. Throws an Error if the signature is invalid or TypeError if keys are missing.
service.signToken(header, payload)Instance method that uses the privateKey provided in the constructor to sign a token.
service.verifyToken(token)Instance method that uses the publicKey provided in the constructor to verify a token.
FAQs
Simple authorization package for Node.js.
We found that @jnode/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Campaign of 108 extensions harvests identities, steals sessions, and adds backdoors to browsers, all tied to the same C2 infrastructure.
Security News
OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.