@microservice/auth-token
Advanced tools
Readme
Library for creating and encoding/decoding JWT-base auth tokens.
$ npm install --save @microservice/auth-token
As a factory that uses a builder style pattern to configure things:
var Token = require('@microservice/auth-token').alg('HS512').secret('foo');
var token = Token.create();
This returns a plain old object that you attach the JWT claims to:
token.foo = 'blah';
console.log(token.foo); // 'blah'
console.log(token.alg); // 'HS512'
console.log(JSON.stringify(token)); // {"foo":blah"}
console.log(token.toString()); // the token as a signed string
console.log(token.toAuthorizationHeader()) // "JWT " + toString()
console.log(token.toXsrfToken()); // etc.
One advantage to this is if your tokens fall in to logs somewhere, the secret is nowhere to be seen.
You can specify claims as part of create:
token = Token.create({
another: 'claim'
});
console.log(token.another); // 'claim'
... and decode an existing token:
// this works because token is just an object anyway
token = Token.create(token);
// this decodes the token, or returns null if that failed
token = Token.create(token.toString());
You can specify the secret, and algorithm during create, too:
var Factory = Token.alg('HS512').secret('secret');
// use the preconfigured secret and algorithm
one = Factory.create(incoming);
// use a different secret, but the same algorithm
two = Factory.create('other_secret', other_token);
// use a different algorithm and secret
three = Factory.create('HS256', 'other_secret', other_token);
You can also decode a token, which works like create:
var A = Token.secret('secret');
var B = Token.secret('different_secret');
// create a token using 'secret'
var a = A.create({ foo: 'bar' });
// encode the token
var encoded = a.toString();
// decode the token using 'secret' and copy the claims in to a new token
// that uses 'different_secret' as configured in the factory
var b = B.decode('secret', encoded);
You can configure the token factory with property aliases to give more meaningful names to things that might be terse in the token itself:
Token = Token.secret('foo').properties({ 'tenantId': 'aud' });
token = Factory.create();
token.tenantId = 'blah';
console.log(token.tenantId); // 'blah'
console.log(token.aud); // 'blah'
console.log(JSON.stringify(token)); // {"aud":"blah"}
FAQs
Microservice authentication tokens
The npm package @microservice/auth-token receives a total of 2 weekly downloads. As such, @microservice/auth-token popularity was classified as not popular.
We found that @microservice/auth-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ecma TC39 is meeting this week and has moved key ECMAScript proposals forward, advancing Deferred Import Evaluation, Error.isError(), RegExp Escaping, and Promise.try to the next stages.
Security News
Researchers have demonstrated that teams of LLM agents can exploit zero-day vulnerabilities with a 53% success rate, and the costs of using AI to do so are rapidly becoming more affordable than hiring a human penetration tester.
Security News
In an unprecedented surge, May 2024 saw the publication of over 5,000 CVEs, marking a historic milestone in cybersecurity with an average of 164 CVEs per day, nearly double the 2023 daily average.