New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →

Book a Demo Sign in

@umatch/adonis5-jwt

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@umatch/adonis5-jwt

[![npm-image]][npm-url] [![license-image]][license-url] [![typescript-image]][typescript-url]

latest

Source

npm

Version: 1.1.9

Version published: 4 years ago

Maintainers: 1

Created: 4 years ago

Source

adonis5-jwt

Add JWT authentication to Adonisjs v5. Thanks to https://github.com/alex-oliveira for the starting implementation!

Installation

Make sure to install and configure @adonisjs/auth and @adonisjs/lucid beforehand, by running the following commands:

npm install @adonisjs/auth @adonisjs/lucid 
//Or, with yarn: yarn add @adonisjs/auth @adonisjs/lucid

node ace configure @adonisjs/auth
node ace configure @adonisjs/lucid

Install adonis5-jwt via npm or yarn:

npm install adonis5-jwt
//Or, with yarn: yarn add adonis5-jwt

Configure package

After the package has been installed, you have to configure it by running a command:

node ace configure adonis5-jwt

This will ask a few questions and modify adonisjs files accordingly.

During this configure, you will have to choose whether you want to store JWT in database or not. The two solutions have advantages and disadvantages. Bear in mind that the default is NOT to store JWT in db.

Command	JWT in db	JWT not in db
recommended solution	:x:	:white_check_mark:
refresh token stored in DB	:white_check_mark:	:white_check_mark:
full control on JWT expiration/revocation	:white_check_mark:	:x:
faster login that doesn't use DB	:x:	:white_check_mark:
logout doesn't need refresh token	:white_check_mark:	:x:

Usage

JWT authentication implements the same methods that other guards in @adonisjs/auth implements, so you can call .authenticate(), .generate() etc.

Just make sure to prepend .use("jwt"):

//authenticate() example
Route.get('/dashboard', async ({ auth }:HttpContextContract) => {
    await auth.use("jwt").authenticate();
    const userModel = auth.use("jwt").user!;
    const userPayloadFromJwt = auth.use("jwt").payload!;
});

//generate() example:
Route.get('/login', async ({ auth }:HttpContextContract) => {
    const user = await User.find(1);
    const jwt = await auth.use("jwt").generate(user);
    //or using .login():
    //const jwt = await auth.use("jwt").login(user);
});

//refresh token usage example:
Route.post('/refresh', async ({ auth, request }:HttpContextContract) => {
    const refreshToken = request.input("refresh_token");
    const jwt = await auth.use("jwt").loginViaRefreshToken(refreshToken);
});

Route.post('/logout', async ({ auth, response }:HttpContextContract) => {
  await auth.use('jwt').revoke()
  return {
    revoked: true
  }
})

By default, .generate() or .login() uses a payload like the following:

//user is a Lucid model
{
    userId: user.id,
    user: {
        name: user.name,
        email: user.email,
    },
}

If you want to generate a JWT with a different payload, simply specify payload when calling .generate() or .login():

await auth.use("jwt").login(user, {
    payload: {
        email: user.email,
    },
});

With the refresh token, you can obtain a new JWT using loginViaRefreshToken():

const refreshToken = request.input("refresh_token");
await auth.use("jwt").loginViaRefreshToken(refreshToken, {
    payload: {
        email: user.email,
    },
});

Keywords

FAQs

What is @umatch/adonis5-jwt?

Is @umatch/adonis5-jwt well maintained?

Package last updated on 07 Oct 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install