Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
condor-jwt
This module lets you authenticate GRPC calls using JSON Web Tokens (JWTs) in your Condor GRPC services.
Condor is a GRPC Framework for node.
Installation
npm i --save condor-framework condor-jwt
How to use
The JWT middleware decodes and verifies a JsonWebToken passed in the authorization header. If the token is valid, context.token (by default) will be set with the JSON object decoded to be used by later middleware for authorization and access control.
const Condor = require('condor-framework');
const jwt = require('condor-jwt');
const Greeter = require('./greeter');
const app = new Condor()
.addService('./protos/greeter.proto', 'myapp.Greeter', new Greeter())
.use(jwt({'secretOrPublicKey': 'shhhhh'}))
// middleware below this line is only reached if JWT token is valid
.use((context, next) => {
console.log('valid token found: ', context.token);
next();
})
.start();
Custom Methods
By default, the token will be retrieved from the authorization metadata. Also, you can provide your own method to retrieve the token. The method can be sync or async (return a promise). It must return the token object if found and valid, or null otherwise. The method will be called with the context.
options = {
'getToken': (context) => {
// do your magic here
return token;
},
};
In the same manner, you can provide your isRevoked method to determine if a token is revoked. The method can be sync or async (return a promise). If the token is not revoked, the method must return false or resolve with false.
options = {
'isRevoked': (context, token) => {
// do your magic here
return false;
},
};
Options
| Option | Description |
|---|---|
| getToken | Custom method to get the token |
| isRevoked | Custom method to verify if a token is revoked |
| propertyName | Where to store the token in the context. Default is token |
| passthrough | Continue to next, even if no valid authorization token was found. Default is false |
| secretOrPublicKey | a string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA |
Additionaly, you can send any option of the verify method of the jsonwebtoken module:
- algorithms
- audience
- issuer
- ignoreExpiration
- subject
- clockTolerance
- maxAge
- clockTimestamp
Such options will be used to verify the token.
License and Credits
MIT License. Copyright 2017
Built by the GRPC experts at Devsu.
FAQs
Condor JWT authentication Middleware
We found that condor-jwt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 May 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025