auth-token
Library for creating and encoding/decoding JWT-base auth tokens.
Install
$ npm install --save @microservice/auth-token
Usage
As a factory that uses a builder style pattern to configure things:
var Token = require('@microservice/auth-token').alg('HS512').secret('foo');
var token = Token.create();
This returns a plain old object that you attach the JWT claims to:
token.foo = 'blah';
console.log(token.foo);
console.log(token.alg);
console.log(JSON.stringify(token));
console.log(token.toString());
console.log(token.toAuthorizationHeader())
console.log(token.toXsrfToken());
One advantage to this is if your tokens fall in to logs somewhere, the secret is nowhere to be seen.
You can specify claims as part of create
:
token = Token.create({
another: 'claim'
});
console.log(token.another);
... and decode an existing token:
token = Token.create(token);
token = Token.create(token.toString());
You can specify the secret, and algorithm during create
, too:
var Factory = Token.alg('HS512').secret('secret');
one = Factory.create(incoming);
two = Factory.create('other_secret', other_token);
three = Factory.create('HS256', 'other_secret', other_token);
You can also decode
a token, which works like create
:
var A = Token.secret('secret');
var B = Token.secret('different_secret');
var a = A.create({ foo: 'bar' });
var encoded = a.toString();
var b = B.decode('secret', encoded);
Properties
You can configure the token factory with property aliases to give more meaningful names to things that might be terse in the token itself:
Token = Token.secret('foo').properties({ 'tenantId': 'aud' });
token = Factory.create();
token.tenantId = 'blah';
console.log(token.tenantId);
console.log(token.aud);
console.log(JSON.stringify(token));