Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@tsndr/cloudflare-worker-jwt

Package Overview
Dependencies
Maintainers
0
Versions
65
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@tsndr/cloudflare-worker-jwt

A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker

  • 2.5.4
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
39K
increased by11.19%
Maintainers
0
Weekly downloads
 
Created
Source

Cloudflare Worker JWT

A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.

Contents

  • Install
  • Examples
  • Usage

Install

npm i @tsndr/cloudflare-worker-jwt

Examples

Basic Example

async () => {
    import jwt from '@tsndr/cloudflare-worker-jwt'

    // Creating a token
    const token = await jwt.sign({ name: 'John Doe', email: 'john.doe@gmail.com' }, 'secret')

    // Verifing token
    const isValid = await jwt.verify(token, 'secret')

    // Check for validity
    if (!isValid)
        return

    // Decoding token
    const { payload } = jwt.decode(token)
}

Restrict Timeframe

async () => {
    import jwt from '@tsndr/cloudflare-worker-jwt'

    // Creating a token
    const token = await jwt.sign({
        name: 'John Doe',
        email: 'john.doe@gmail.com',
        nbf: Math.floor(Date.now() / 1000) + (60 * 60),      // Not before: Now + 1h
        exp: Math.floor(Date.now() / 1000) + (2 * (60 * 60)) // Expires: Now + 2h
    }, 'secret')

    // Verifing token
    const isValid = await jwt.verify(token, 'secret') // false

    // Check for validity
    if (!isValid)
        return

    // Decoding token
    const { payload } = jwt.decode(token) // { name: 'John Doe', email: 'john.doe@gmail.com', ... }
}

Usage

Sign

jwt.sign(payload, secret, [options])

Signs a payload and returns the token.

Arguments
ArgumentTypeStatusDefaultDescription
payloadobjectrequired-The payload object. To use nbf (Not Before) and/or exp (Expiration Time) add nbf and/or exp to the payload.
secretstring, JsonWebKey, CryptoKeyrequired-A string which is used to sign the payload.
optionsstring, objectoptionalHS256Either the algorithm string or an object.
options.algorithmstringoptionalHS256See Available Algorithms
options.keyidstringoptionalundefinedThe keyid or kid to be set in the header of the resulting JWT.
return

Returns token as a string.

Verify

jwt.verify(token, secret, [options])

Verifies the integrity of the token and returns a boolean value.

ArgumentTypeStatusDefaultDescription
tokenstringrequired-The token string generated by jwt.sign().
secretstring, JsonWebKey, CryptoKeyrequired-The string which was used to sign the payload.
optionsstring, objectoptionalHS256Either the algorithm string or an object.
options.algorithmstringoptionalHS256See Available Algorithms
options.clockTolerancenumberoptional0Clock tolerance in seconds, to help with slighly out of sync systems.
options.throwErrorbooleanoptionalfalseBy default this we will only throw implementation errors, only set this to true if you want verification errors to be thrown as well.
throws

If options.throwError is true and the token is invalid, an error will be thrown.

return

Returns true if signature, nbf (if set) and exp (if set) are valid, otherwise returns false.

Decode

jwt.decode(token)

Returns the payload without verifying the integrity of the token. Please use jwt.verify() first to keep your application secure!

ArgumentTypeStatusDefaultDescription
tokenstringrequired-The token string generated by jwt.sign().
return

Returns an object containing header and payload:

{
    header: {
        alg: 'HS256',
        typ: 'JWT'
    },
    payload: {
        name: 'John Doe',
        email: 'john.doe@gmail.com'
    }
}

Available Algorithms

  • ES256
  • ES384
  • ES512
  • HS256
  • HS384
  • HS512
  • RS256
  • RS384
  • RS512

Keywords

FAQs

Package last updated on 28 Sep 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Package Exploits WhatsApp Authentication with Remote Kill Switch for File Destruction

Security News

Research

Malicious npm Package Exploits WhatsApp Authentication with Remote Kill Switch for File Destruction

A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.

By Kush Pandya  -  Nov 15, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc