		@@ -6,167 +6,104 @@ # Change Log

		## 6.0.0 - 2020-06-29
		## 7.0.0 - 2022-04-20

		- Made algorithms mandatory ([304a1c5968aed7c4c520035426fc09142156669d](https://github.com/auth0/express-jwt/commit/304a1c5968aed7c4c520035426fc09142156669d))
		- Convert the project to typescript and improve types ([2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd](https://github.com/auth0/express-jwt/commit/2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd))

		## 5.3.3 - 2020-04-27
		## 6.1.2 - 2022-04-20

		- Improvements to documentation
		- fix: package.json & package-lock.json to reduce vulnerabilities ([c7881ad378063236d85b1e1b0f4a252b63b8e75b](https://github.com/auth0/express-jwt/commit/c7881ad378063236d85b1e1b0f4a252b63b8e75b))

		## 5.3.2 - 2020-04-27
		## 6.1.1 - 2022-02-21

		- Updated build to run on Node 8, 10 and 12 [178928266c3cf2fed3f9e013722cc8d29d4672ba](https://github.com/auth0/express-jwt/commit/178928266c3cf2fed3f9e013722cc8d29d4672ba)
		- Updated JSON web token dependency [11f3ac49736f37c5b74cd67bde87c50fdca19868](https://github.com/auth0/express-jwt/commit/11f3ac49736f37c5b74cd67bde87c50fdca19868)
		- Fix prototype pollution vulnerability. ([551bf40a74553a13e7314488b32648d474c182f7](https://github.com/auth0/express-jwt/commit/551bf40a74553a13e7314488b32648d474c182f7))

		## 5.3.0 - 2017-04-17
		## 6.1.0 - 2021-08-11

		- Export unauthorized error [d662501f75b60e79f0e02e8df325a7960187af65](https://github.com/auth0/express-jwt/commit/d662501f75b60e79f0e02e8df325a7960187af65)
		- Updated JSON web token library [fcf97715a5a11cbf7b828a3fa953e4c644856706](https://github.com/auth0/express-jwt/commit/fcf97715a5a11cbf7b828a3fa953e4c644856706)
		- Added support for `resultProperty` [c2aa463f69fea5535dc14da86f8ea13436e72d04](https://github.com/auth0/express-jwt/commit/c2aa463f69fea5535dc14da86f8ea13436e72d04)
		- Update readme on 6.0.0 changes ([43b7921c2cb60d781655ac5527a8a47d9fb428fc](https://github.com/auth0/express-jwt/commit/43b7921c2cb60d781655ac5527a8a47d9fb428fc))
		- Updated changelog ([ed743a8fa28d32de3166ab6cf5bae1315669678a](https://github.com/auth0/express-jwt/commit/ed743a8fa28d32de3166ab6cf5bae1315669678a))

		## 5.2.0 - 2016-10-07
		## 6.0.0 - 2020-06-29

		- Added changelog [34dd51dde3fd83182bd076d9a9378626d17152f2](https://github.com/auth0/express-jwt/commit/34dd51dde3fd83182bd076d9a9378626d17152f2)
		- Made algorithms mandatory ([304a1c5968aed7c4c520035426fc09142156669d](https://github.com/auth0/express-jwt/commit/304a1c5968aed7c4c520035426fc09142156669d))

		## 5.1.0 - 2016-10-04
		## 5.3.3 - 2020-04-07

		- A cleaner way to detect a function ([b7235714def5b4b3b91ee2d955a6a82706792825](https://github.com/auth0/express-jwt/commit/b7235714def5b4b3b91ee2d955a6a82706792825))
		- allow other auth schemes if credentialsRequired is false. closes #129 ([fbf15bd3ccb8b71fe2434b0165492e53bf56d6cd](https://github.com/auth0/express-jwt/commit/fbf15bd3ccb8b71fe2434b0165492e53bf56d6cd)), closes [#129](https://github.com/auth0/express-jwt/issues/129)
		- handle error on invalid tokens. Closes #134 ([461710185e8cba665b81b77e14895eee45b4d076](https://github.com/auth0/express-jwt/commit/461710185e8cba665b81b77e14895eee45b4d076)), closes [#134](https://github.com/auth0/express-jwt/issues/134)
		- minor ([a2c54081f631b6c1670dc6b85730b6381a87972e](https://github.com/auth0/express-jwt/commit/a2c54081f631b6c1670dc6b85730b6381a87972e))
		- Add a note about OAuth2 bearer tokens ([c5d841966b70584fa51f766d7cb2b17ae1db6681](https://github.com/auth0/express-jwt/commit/c5d841966b70584fa51f766d7cb2b17ae1db6681))
		- Make clearer sections in the Readme ([8662579f1af7ba1d8b6a35718243bd719600a23f](https://github.com/auth0/express-jwt/commit/8662579f1af7ba1d8b6a35718243bd719600a23f))
		- Update Readme and use a consistent JS style for code examples ([888f0e9d2cb3026a50b2812a0eebe7a5d5011744](https://github.com/auth0/express-jwt/commit/888f0e9d2cb3026a50b2812a0eebe7a5d5011744))
		- Update README.md ([d3e86bffb6f0c629cbb95e9b27432e4860d8bc5a](https://github.com/auth0/express-jwt/commit/d3e86bffb6f0c629cbb95e9b27432e4860d8bc5a))

		## 5.3.2 - 2020-04-07

		- fix dependencies vulnerabilities and test against 8, 10 and 12 from now on ([178928266c3cf2fed3f9e013722cc8d29d4672ba](https://github.com/auth0/express-jwt/commit/178928266c3cf2fed3f9e013722cc8d29d4672ba))
		- fix license field ([f4f4d1d6bf78d498688f1b1936551546715d01e9](https://github.com/auth0/express-jwt/commit/f4f4d1d6bf78d498688f1b1936551546715d01e9))

		## 5.0.0 - 2016-09-05
		## 5.3.0 - 2017-04-17

		- *Expose UnauthorizedError ([a6a36058b949bbffaa5969e6435aaad5201651d8](https://github.com/auth0/express-jwt/commit/a6a36058b949bbffaa5969e6435aaad5201651d8))
		- 5.3.0 ([9ff413a6350ad0117ddef82e9da7eaeb55061e0b](https://github.com/auth0/express-jwt/commit/9ff413a6350ad0117ddef82e9da7eaeb55061e0b))
		- Add documentation for resultProperty ([3acc3730900479f92e1f6e480ac14905106e83d4](https://github.com/auth0/express-jwt/commit/3acc3730900479f92e1f6e480ac14905106e83d4))
		- Add resultProperty option ([c84b69f52b29abbafc36506306dddf1e5d1c4f9b](https://github.com/auth0/express-jwt/commit/c84b69f52b29abbafc36506306dddf1e5d1c4f9b))
		- bump jsonwebtoken version to 7 ([d42f5df0f075de37ffb1f731bb7bdbd9b2c87f4b](https://github.com/auth0/express-jwt/commit/d42f5df0f075de37ffb1f731bb7bdbd9b2c87f4b))
		- Ensure proper error messages end up in stack trace ([657592d9aef4e28490773022ff06bc36432df82b](https://github.com/auth0/express-jwt/commit/657592d9aef4e28490773022ff06bc36432df82b))
		- Fix syntax highlighting ([56d74613f797646732c40e7cafd903af23f35397](https://github.com/auth0/express-jwt/commit/56d74613f797646732c40e7cafd903af23f35397))
		- Test for resultProperty option ([13ae992c7c78f79a254cac2741ab4a7cb9752eaf](https://github.com/auth0/express-jwt/commit/13ae992c7c78f79a254cac2741ab4a7cb9752eaf))
		- UnauthorizedError exports directly from the module ([7a57149a9fcbf86d73e41904768e95ad8ddf5a81](https://github.com/auth0/express-jwt/commit/7a57149a9fcbf86d73e41904768e95ad8ddf5a81))
		- update jsonwebtoken ([b2207c823e34dc1a8ab89cb50aebe77b6e35f668](https://github.com/auth0/express-jwt/commit/b2207c823e34dc1a8ab89cb50aebe77b6e35f668))
		- Update package.json ([f2779d7a01cb53ad51f2bcf43f942b1299bba798](https://github.com/auth0/express-jwt/commit/f2779d7a01cb53ad51f2bcf43f942b1299bba798))

		## 5.2.0 - 2016-10-07

		## 4.0.0 - 2016-05-06
		- add changelog. closes #139 ([34dd51dde3fd83182bd076d9a9378626d17152f2](https://github.com/auth0/express-jwt/commit/34dd51dde3fd83182bd076d9a9378626d17152f2)), closes [#139](https://github.com/auth0/express-jwt/issues/139)

		- Added express-jwt-permissions link ([ef0b848b15ce7ec7148bfbb1a97ee6a9991f7251](https://github.com/auth0/express-jwt/commit/ef0b848b15ce7ec7148bfbb1a97ee6a9991f7251))
		- remove support for deprecated option ([b894ea25b0721305861f57dbec6982eb2a462e97](https://github.com/auth0/express-jwt/commit/b894ea25b0721305861f57dbec6982eb2a462e97))
		- Update middleware to throw when token is invalid when credentials aren't required ([fd58e8961fe6034e7136ea0b31218a299ddf5178](https://github.com/auth0/express-jwt/commit/fd58e8961fe6034e7136ea0b31218a299ddf5178))
		- upgrade jwt library ([01409b3dd99306520a498894293657a88778cdd5](https://github.com/auth0/express-jwt/commit/01409b3dd99306520a498894293657a88778cdd5))
		## 5.1.0 - 2016-10-04

		## 3.4.0 - 2016-05-06
		- A cleaner way to detect a function ([b7235714def5b4b3b91ee2d955a6a82706792825](https://github.com/auth0/express-jwt/commit/b7235714def5b4b3b91ee2d955a6a82706792825))
		- allow other auth schemes if credentialsRequired is false. closes #129 ([fbf15bd3ccb8b71fe2434b0165492e53bf56d6cd](https://github.com/auth0/express-jwt/commit/fbf15bd3ccb8b71fe2434b0165492e53bf56d6cd)), closes [#129](https://github.com/auth0/express-jwt/issues/129)
		- handle error on invalid tokens. Closes #134 ([461710185e8cba665b81b77e14895eee45b4d076](https://github.com/auth0/express-jwt/commit/461710185e8cba665b81b77e14895eee45b4d076)), closes [#134](https://github.com/auth0/express-jwt/issues/134)
		- minor ([a2c54081f631b6c1670dc6b85730b6381a87972e](https://github.com/auth0/express-jwt/commit/a2c54081f631b6c1670dc6b85730b6381a87972e))

		- doc: typo in README.md was fixed ([f6c2c3d95fd15b911f1ac6dcde0b3084df45a2fc](https://github.com/auth0/express-jwt/commit/f6c2c3d95fd15b911f1ac6dcde0b3084df45a2fc))
		- fixing syntax error in README for string value ([ae69114afe5ca84f39adfac8dc7e9b224eab5410](https://github.com/auth0/express-jwt/commit/ae69114afe5ca84f39adfac8dc7e9b224eab5410))
		- More lightweight dependency ([4861bbb9d906f8fbd8c494fe2dbc4fda0d7865c6](https://github.com/auth0/express-jwt/commit/4861bbb9d906f8fbd8c494fe2dbc4fda0d7865c6))
		- Readme fixed and license renamed ([0e9c88d592f6499bf4d4e212a39fdc50e7206832](https://github.com/auth0/express-jwt/commit/0e9c88d592f6499bf4d4e212a39fdc50e7206832))
		## 5.0.0 - 2016-09-05

		- \*Expose UnauthorizedError ([a6a36058b949bbffaa5969e6435aaad5201651d8](https://github.com/auth0/express-jwt/commit/a6a36058b949bbffaa5969e6435aaad5201651d8))
		- 4.0.0 ([a7ab08aaf695da2a14880880ca449bc61e104198](https://github.com/auth0/express-jwt/commit/a7ab08aaf695da2a14880880ca449bc61e104198))
		- Added express-jwt-permissions link ([ef0b848b15ce7ec7148bfbb1a97ee6a9991f7251](https://github.com/auth0/express-jwt/commit/ef0b848b15ce7ec7148bfbb1a97ee6a9991f7251))
		- remove support for deprecated option ([b894ea25b0721305861f57dbec6982eb2a462e97](https://github.com/auth0/express-jwt/commit/b894ea25b0721305861f57dbec6982eb2a462e97))
		- Update middleware to throw when token is invalid when credentials aren't required ([fd58e8961fe6034e7136ea0b31218a299ddf5178](https://github.com/auth0/express-jwt/commit/fd58e8961fe6034e7136ea0b31218a299ddf5178))
		- upgrade jwt library ([01409b3dd99306520a498894293657a88778cdd5](https://github.com/auth0/express-jwt/commit/01409b3dd99306520a498894293657a88778cdd5))

		## 3.3.0 - 2015-11-09
		## 3.4.0 - 2016-05-06

		- 3.3.0 ([6ae3a7f2685e0a0ac8dd0e286c1bafd00fb4b8c2](https://github.com/auth0/express-jwt/commit/6ae3a7f2685e0a0ac8dd0e286c1bafd00fb4b8c2))
		- add support for nested properties in requestProperty. closes #94 ([6b7a7349910c530d3c0f986c267276930883918f](https://github.com/auth0/express-jwt/commit/6b7a7349910c530d3c0f986c267276930883918f)), closes [#94](https://github.com/auth0/express-jwt/issues/94)
		- doc: typo in README.md was fixed ([f6c2c3d95fd15b911f1ac6dcde0b3084df45a2fc](https://github.com/auth0/express-jwt/commit/f6c2c3d95fd15b911f1ac6dcde0b3084df45a2fc))
		- fixing syntax error in README for string value ([ae69114afe5ca84f39adfac8dc7e9b224eab5410](https://github.com/auth0/express-jwt/commit/ae69114afe5ca84f39adfac8dc7e9b224eab5410))
		- More lightweight dependency ([4861bbb9d906f8fbd8c494fe2dbc4fda0d7865c6](https://github.com/auth0/express-jwt/commit/4861bbb9d906f8fbd8c494fe2dbc4fda0d7865c6))
		- Readme fixed and license renamed ([0e9c88d592f6499bf4d4e212a39fdc50e7206832](https://github.com/auth0/express-jwt/commit/0e9c88d592f6499bf4d4e212a39fdc50e7206832))
		- Updated status responses to Express 4.x format ([a481bc8eb2a2e749e9bcff92496c53b5da53c9e0](https://github.com/auth0/express-jwt/commit/a481bc8eb2a2e749e9bcff92496c53b5da53c9e0))

		## 3.3.0 - 2015-11-09

		- add support for nested properties in requestProperty. closes #94 ([6b7a7349910c530d3c0f986c267276930883918f](https://github.com/auth0/express-jwt/commit/6b7a7349910c530d3c0f986c267276930883918f)), closes [#94](https://github.com/auth0/express-jwt/issues/94)

		## 3.2.0 - 2015-11-09

		- added documentation on setting base64 encoding flag ([e4cddfdc432b02d48bd61b627da7c927df79d6fc](https://github.com/auth0/express-jwt/commit/e4cddfdc432b02d48bd61b627da7c927df79d6fc))
		- added documentation on setting base64 encoding flag ([0ebfd6c125314d83e98df93b9d75b91287e44c49](https://github.com/auth0/express-jwt/commit/0ebfd6c125314d83e98df93b9d75b91287e44c49))
		- added documentation on setting base64 encoding flag ([cb04d571a098e49d5dcc5d9bf15481bc6266b598](https://github.com/auth0/express-jwt/commit/cb04d571a098e49d5dcc5d9bf15481bc6266b598))
		- Clarify credentialsRequired remarks ([80fae765044ea8506cf89e1f6238ce4e12ad8d6e](https://github.com/auth0/express-jwt/commit/80fae765044ea8506cf89e1f6238ce4e12ad8d6e))
		- Tweak of description, code sample, and location ([f3024e2c4ba5ba5896983520ff9410dcc30c92e5](https://github.com/auth0/express-jwt/commit/f3024e2c4ba5ba5896983520ff9410dcc30c92e5))
		- Use npm v2 in CI build ([da3ad2bba2eae5febf1d1fc9eb04ad2c46302fd4](https://github.com/auth0/express-jwt/commit/da3ad2bba2eae5febf1d1fc9eb04ad2c46302fd4))
		- Verify token before checking revoke ([d75cec869dc9a37b6199c7615bbfa77dae97aa05](https://github.com/auth0/express-jwt/commit/d75cec869dc9a37b6199c7615bbfa77dae97aa05))
		- added documentation on setting base64 encoding flag ([e4cddfdc432b02d48bd61b627da7c927df79d6fc](https://github.com/auth0/express-jwt/commit/e4cddfdc432b02d48bd61b627da7c927df79d6fc))
		- added documentation on setting base64 encoding flag ([0ebfd6c125314d83e98df93b9d75b91287e44c49](https://github.com/auth0/express-jwt/commit/0ebfd6c125314d83e98df93b9d75b91287e44c49))
		- added documentation on setting base64 encoding flag ([cb04d571a098e49d5dcc5d9bf15481bc6266b598](https://github.com/auth0/express-jwt/commit/cb04d571a098e49d5dcc5d9bf15481bc6266b598))
		- Clarify credentialsRequired remarks ([80fae765044ea8506cf89e1f6238ce4e12ad8d6e](https://github.com/auth0/express-jwt/commit/80fae765044ea8506cf89e1f6238ce4e12ad8d6e))
		- Tweak of description, code sample, and location ([f3024e2c4ba5ba5896983520ff9410dcc30c92e5](https://github.com/auth0/express-jwt/commit/f3024e2c4ba5ba5896983520ff9410dcc30c92e5))
		- Use npm v2 in CI build ([da3ad2bba2eae5febf1d1fc9eb04ad2c46302fd4](https://github.com/auth0/express-jwt/commit/da3ad2bba2eae5febf1d1fc9eb04ad2c46302fd4))
		- Verify token before checking revoke ([d75cec869dc9a37b6199c7615bbfa77dae97aa05](https://github.com/auth0/express-jwt/commit/d75cec869dc9a37b6199c7615bbfa77dae97aa05))



		## 3.1.0 - 2015-09-09

		- Changes the README describing unless and linking to the express unless github repo. ([6447a034fb7dd44526464e02319802f15f1e5315](https://github.com/auth0/express-jwt/commit/6447a034fb7dd44526464e02319802f15f1e5315))
		- Expand on what is possible with path param for unless() and give link to express-unless so the user knows that is what is being utilized. ([f13cd5f0d55154e551b11e872668879180979640](https://github.com/auth0/express-jwt/commit/f13cd5f0d55154e551b11e872668879180979640))
		- Merge README enhancement from @rustybailey ([71e5ec53b4d631cb6b8e5b7a691ab77636044612](https://github.com/auth0/express-jwt/commit/71e5ec53b4d631cb6b8e5b7a691ab77636044612))
		- Minor typo fix ([df62ee2bca84ca3990751ba3e567c95a6f3af86e](https://github.com/auth0/express-jwt/commit/df62ee2bca84ca3990751ba3e567c95a6f3af86e))
		- Optionally pass token headers to secret callback. ([988931b2fbbfb9f694a4c25c2f867a613f3f8a81](https://github.com/auth0/express-jwt/commit/988931b2fbbfb9f694a4c25c2f867a613f3f8a81))
		- Set express-unless minor version number. ([c262caf73ca64c2175717076538786da4397894c](https://github.com/auth0/express-jwt/commit/c262caf73ca64c2175717076538786da4397894c))
		- Tweak to make .unless comment a blockquote ([f1b099ed6af12e099d4c4f43d42bf4aec0c4df36](https://github.com/auth0/express-jwt/commit/f1b099ed6af12e099d4c4f43d42bf4aec0c4df36))
		- Update package.json ([88a2be2d89e6772d19463a94d8ada56b9832367d](https://github.com/auth0/express-jwt/commit/88a2be2d89e6772d19463a94d8ada56b9832367d))
		- Updated status responses to Express 4.x format ([a481bc8eb2a2e749e9bcff92496c53b5da53c9e0](https://github.com/auth0/express-jwt/commit/a481bc8eb2a2e749e9bcff92496c53b5da53c9e0))
		- typo: revoked is the name of the argument ([3cacbf391e86b70807255dadc8fd5d88153b67e4](https://github.com/auth0/express-jwt/commit/3cacbf391e86b70807255dadc8fd5d88153b67e4))
		- Changes the README describing unless and linking to the express unless github repo. ([6447a034fb7dd44526464e02319802f15f1e5315](https://github.com/auth0/express-jwt/commit/6447a034fb7dd44526464e02319802f15f1e5315))
		- Expand on what is possible with path param for unless() and give link to express-unless so the user knows that is what is being utilized. ([f13cd5f0d55154e551b11e872668879180979640](https://github.com/auth0/express-jwt/commit/f13cd5f0d55154e551b11e872668879180979640))
		- fix typo ([c39e1d1036a05b5bd3d3f7a46a03f825542c1027](https://github.com/auth0/express-jwt/commit/c39e1d1036a05b5bd3d3f7a46a03f825542c1027))
		- Fix typo on README.md ([bdab49c5c4de4a154b3043f4684a60584279d36e](https://github.com/auth0/express-jwt/commit/bdab49c5c4de4a154b3043f4684a60584279d36e))
		- Merge README enhancement from @rustybailey ([71e5ec53b4d631cb6b8e5b7a691ab77636044612](https://github.com/auth0/express-jwt/commit/71e5ec53b4d631cb6b8e5b7a691ab77636044612)), closes [#81](https://github.com/auth0/express-jwt/issues/81)
		- Minor typo fix ([df62ee2bca84ca3990751ba3e567c95a6f3af86e](https://github.com/auth0/express-jwt/commit/df62ee2bca84ca3990751ba3e567c95a6f3af86e))
		- Optionally pass token headers to secret callback. ([988931b2fbbfb9f694a4c25c2f867a613f3f8a81](https://github.com/auth0/express-jwt/commit/988931b2fbbfb9f694a4c25c2f867a613f3f8a81))
		- Set express-unless minor version number. ([c262caf73ca64c2175717076538786da4397894c](https://github.com/auth0/express-jwt/commit/c262caf73ca64c2175717076538786da4397894c))
		- Tweak to make .unless comment a blockquote ([f1b099ed6af12e099d4c4f43d42bf4aec0c4df36](https://github.com/auth0/express-jwt/commit/f1b099ed6af12e099d4c4f43d42bf4aec0c4df36))
		- Update package.json ([88a2be2d89e6772d19463a94d8ada56b9832367d](https://github.com/auth0/express-jwt/commit/88a2be2d89e6772d19463a94d8ada56b9832367d))
		- typo: revoked is the name of the argument ([3cacbf391e86b70807255dadc8fd5d88153b67e4](https://github.com/auth0/express-jwt/commit/3cacbf391e86b70807255dadc8fd5d88153b67e4))



		## 3.0.0 - 2015-04-11

		- fix typo ([c39e1d1036a05b5bd3d3f7a46a03f825542c1027](https://github.com/auth0/express-jwt/commit/c39e1d1036a05b5bd3d3f7a46a03f825542c1027))
		- Fix typo on README.md ([bdab49c5c4de4a154b3043f4684a60584279d36e](https://github.com/auth0/express-jwt/commit/bdab49c5c4de4a154b3043f4684a60584279d36e))



		## 2.1.0 - 2015-03-16

		- update jsonwebtoken to latest version ([7ca6a07a0c85fe4b24484c8f61ed7d15d918474b](https://github.com/auth0/express-jwt/commit/7ca6a07a0c85fe4b24484c8f61ed7d15d918474b))



		## 2.0.1 - 2015-03-11

		- Fixed multitenancy bug where if a secret is a buffer, it is incorrectly treated as a callback. Also provided a test which exercises this logic. ([217474476b82d17bb39228ba7c07b8ea6e10df55](https://github.com/auth0/express-jwt/commit/217474476b82d17bb39228ba7c07b8ea6e10df55))
		- Fixed naming of my new test ([6a6b5df4846bd84550e16a38e0d06d23076bb57a](https://github.com/auth0/express-jwt/commit/6a6b5df4846bd84550e16a38e0d06d23076bb57a))
		- Replaced check for string or buffer with check for not function. Used fast+robust method rather than typeof. ([5a28821c0363b1d9d9ac558b1cc8fb13e1f97cb7](https://github.com/auth0/express-jwt/commit/5a28821c0363b1d9d9ac558b1cc8fb13e1f97cb7))
		- Updated contributors in readme ([22e82fb31b4d72f8f636a17e7e3012248fd46f29](https://github.com/auth0/express-jwt/commit/22e82fb31b4d72f8f636a17e7e3012248fd46f29))



		## 2.0.0 - 2015-03-06

		- update jsonwebtoken to v4 ([f4115a56edb78b37234e38ff823d764573eba414](https://github.com/auth0/express-jwt/commit/f4115a56edb78b37234e38ff823d764573eba414))



		## 1.4.0 - 2015-03-06

		- add test ([1cc3ed57389e3a9531e6c698bfd5ed08d3ff61b6](https://github.com/auth0/express-jwt/commit/1cc3ed57389e3a9531e6c698bfd5ed08d3ff61b6))



		## 1.3.1 - 2015-03-06

		- fix issue decoding JWT when the payload is a string ([d335c70b7055c014f23463396907c14e232d0e72](https://github.com/auth0/express-jwt/commit/d335c70b7055c014f23463396907c14e232d0e72))
		- refactor tests ([c0f9033393e039791af68e0b7b6fec26d6b56fa5](https://github.com/auth0/express-jwt/commit/c0f9033393e039791af68e0b7b6fec26d6b56fa5))



		## 1.3.0 - 2015-03-03

		- Added support for revoked JWTs ([6bba96731e0b47b30af8120ec4f68acae7ad4be8](https://github.com/auth0/express-jwt/commit/6bba96731e0b47b30af8120ec4f68acae7ad4be8))
		- Updated README.md with revoked tokens check ([226317ace92d679dfe41e8436a4e1ce43fefbf37](https://github.com/auth0/express-jwt/commit/226317ace92d679dfe41e8436a4e1ce43fefbf37))



		## 1.2.0 - 2015-03-03

		- Added multitenant support ([672dd72b5e2132a5947220a24539fbbb58ee105a](https://github.com/auth0/express-jwt/commit/672dd72b5e2132a5947220a24539fbbb58ee105a))



		## 1.1.0 - 2015-03-02

		- added failure test, which checks for invalid signatures ([c465af6828566017df45bbe353628c65ce3a4407](https://github.com/auth0/express-jwt/commit/c465af6828566017df45bbe353628c65ce3a4407))
		- Create LICENSE.txt ([be2b1ac8f6c2dcf7bed26a2ade876d10abd6d564](https://github.com/auth0/express-jwt/commit/be2b1ac8f6c2dcf7bed26a2ade876d10abd6d564))
		- support requestProperty (instead of userProperty) closes #41 ([c5377304dfcf1fd77cd9db61f2f8ffaa11bb338b](https://github.com/auth0/express-jwt/commit/c5377304dfcf1fd77cd9db61f2f8ffaa11bb338b)), closes [#41](https://github.com/auth0/express-jwt/issues/41)
		- Update index.js ([f20fcb66f013d7b4d4b8ada1e7252295db293451](https://github.com/auth0/express-jwt/commit/f20fcb66f013d7b4d4b8ada1e7252295db293451))
		- Update index.js ([3b3ffabe48be5c82d065c30579971bd1a1ffddf8](https://github.com/auth0/express-jwt/commit/3b3ffabe48be5c82d065c30579971bd1a1ffddf8))
		- update npm on travis script ([69cb5f71d8b268441b7ce17d4f50f3f8d4049d70](https://github.com/auth0/express-jwt/commit/69cb5f71d8b268441b7ce17d4f50f3f8d4049d70))
		- Update README.md ([6ae118e35091440c233015ef44899f972b9917ee](https://github.com/auth0/express-jwt/commit/6ae118e35091440c233015ef44899f972b9917ee))
		- Update README.md ([48b326c3b44ed92ac79f665471889bc3ef3876a5](https://github.com/auth0/express-jwt/commit/48b326c3b44ed92ac79f665471889bc3ef3876a5))



		## 1.0.0 - 2015-01-15




		## 0.6.2 - 2015-01-05

		- 0.6.2 ([1d00b78e7cf9572bc3843dff7ecb02eb5c9339c3](https://github.com/auth0/express-jwt/commit/1d00b78e7cf9572bc3843dff7ecb02eb5c9339c3))
		- Should not throw exception with invalid token if credentials are not required ([c68a16c01043436ce9b5851e39e000efd9ab5778](https://github.com/auth0/express-jwt/commit/c68a16c01043436ce9b5851e39e000efd9ab5778))
		- Updated test to verify that req.user is undefined if token is invalid ([014e2bdcad3f1ac42c070c2ea267f5f4206c099a](https://github.com/auth0/express-jwt/commit/014e2bdcad3f1ac42c070c2ea267f5f4206c099a))

package.json

		{
		"name": "express-jwt",
		"version": "6.1.1",
		"version": "7.0.0",
		"description": "JWT authentication middleware.",
		@@ -30,12 +30,20 @@ "keywords": [
		"license": "MIT",
		"main": "./lib",
		"main": "./dist",
		"dependencies": {
		"async": "^1.5.0",
		"express-unless": "^1.0.0",
		"jsonwebtoken": "^8.1.0",
		"lodash": "^4.17.21"
		"jsonwebtoken": "^8.1.0"
		},
		"devDependencies": {
		"conventional-changelog": "~1.1.0",
		"mocha": "^7.1.1"
		"@types/express-unless": "^0.5.3",
		"@types/jsonwebtoken": "^8.5.8",
		"@types/mocha": "^9.1.0",
		"@typescript-eslint/eslint-plugin": "^5.15.0",
		"@typescript-eslint/parser": "^5.15.0",
		"conventional-changelog": "^3.1.25",
		"eslint": "^8.11.0",
		"express": "^4.17.3",
		"mocha": "^9.2.2",
		"prettier": "^2.6.0",
		"ts-node": "^10.7.0",
		"typescript": "^4.6.2"
		},
		@@ -46,4 +54,7 @@ "engines": {
		"scripts": {
		"test": "node_modules/.bin/mocha --reporter spec"
		"build": "rm -rf dist ; tsc",
		"prepare": "npm run build",
		"test": "mocha --reporter spec --require ts-node/register test/**",
		"lint": "eslint --fix --ext .ts ./src"
		}
		}

224

README.md

		@@ -18,13 +18,17 @@ # express-jwt
		```javascript
		var jwt = require('express-jwt');
		var { expressjwt: jwt } = require("express-jwt");
		// or ES6
		// import { expressjwt, ExpressJwtRequest } from "express-jwt";

		app.get('/protected',
		jwt({ secret: 'shhhhhhared-secret', algorithms: ['HS256'] }),
		function(req, res) {
		if (!req.user.admin) return res.sendStatus(401);
		app.get(
		"/protected",
		jwt({ secret: "shhhhhhared-secret", algorithms: ["HS256"] }),
		function (req, res) {
		if (!req.auth.admin) return res.sendStatus(401);
		res.sendStatus(200);
		});
		}
		);
		```

		The decoded JWT payload is available on the request via the `user` property. This can be configured using the `requestProperty` option ([see below](#retrieving-the-decoded-payload)).
		The decoded JWT payload is available on the request via the `auth` property.

		@@ -34,2 +38,3 @@ > The default behavior of the module is to extract the JWT from the `Authorization` header as an [OAuth2 Bearer token](https://oauth.net/2/bearer-tokens/).
		### Required Parameters

		The `algorithms` parameter is required to prevent potential downgrade attacks when providing third party libraries as secrets.
		@@ -41,6 +46,6 @@
		jwt({
		secret: 'shhhhhhared-secret',
		algorithms: ['HS256']
		secret: "shhhhhhared-secret",
		algorithms: ["HS256"],
		//algorithms: ['RS256']
		})
		});
		```
		@@ -54,7 +59,7 @@
		jwt({
		secret: 'shhhhhhared-secret',
		audience: 'http://myapi/protected',
		issuer: 'http://issuer',
		algorithms: ['HS256']
		})
		secret: "shhhhhhared-secret",
		audience: "http://myapi/protected",
		issuer: "http://issuer",
		algorithms: ["HS256"],
		});
		```
		@@ -67,4 +72,6 @@
		```javascript
		jwt({ secret: Buffer.from('shhhhhhared-secret', 'base64'),
		algorithms: ['RS256'] })
		jwt({
		secret: Buffer.from("shhhhhhared-secret", "base64"),
		algorithms: ["RS256"],
		});
		```
		@@ -75,3 +82,8 @@
		```javascript
		app.use(jwt({ secret: 'shhhhhhared-secret', algorithms: ['HS256']}).unless({path: ['/token']}));
		app.use(
		jwt({
		secret: "shhhhhhared-secret",
		algorithms: ["HS256"],
		}).unless({ path: ["/token"] })
		);
		```
		@@ -86,23 +98,6 @@
		```javascript
		var publicKey = fs.readFileSync('/path/to/public.pub');
		jwt({ secret: publicKey, algorithms: ['RS256'] });
		var publicKey = fs.readFileSync("/path/to/public.pub");
		jwt({ secret: publicKey, algorithms: ["RS256"] });
		```

		### Retrieving the Decoded Payload

		By default, the decoded token is attached to `req.user` but can be configured with the `requestProperty` option.


		```javascript
		jwt({ secret: publicKey, algorithms: ['RS256'], requestProperty: 'auth' });
		```

		The token can also be attached to the `result` object with the `resultProperty` option. This option will override any `requestProperty`.

		```javascript
		jwt({ secret: publicKey, algorithms: ['RS256'], resultProperty: 'locals.user' });
		```

		Both `resultProperty` and `requestProperty` utilize [lodash.set](https://lodash.com/docs/4.17.15#set) and will accept nested property paths.

		### Customizing Token Location
		@@ -116,15 +111,20 @@
		```javascript
		app.use(jwt({
		secret: 'hello world !',
		algorithms: ['HS256'],
		credentialsRequired: false,
		getToken: function fromHeaderOrQuerystring (req) {
		if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
		return req.headers.authorization.split(' ')[1];
		} else if (req.query && req.query.token) {
		return req.query.token;
		}
		return null;
		}
		}));
		app.use(
		jwt({
		secret: "hello world !",
		algorithms: ["HS256"],
		credentialsRequired: false,
		getToken: function fromHeaderOrQuerystring(req) {
		if (
		req.headers.authorization &&
		req.headers.authorization.split(" ")[0] === "Bearer"
		) {
		return req.headers.authorization.split(" ")[1];
		} else if (req.query && req.query.token) {
		return req.query.token;
		}
		return null;
		},
		})
		);
		```
		@@ -135,67 +135,67 @@
		If you are developing an application in which the secret used to sign tokens is not static, you can provide a callback function as the `secret` parameter. The function has the signature: `function(req, payload, done)`:
		* `req` (`Object`) - The express `request` object.
		* `payload` (`Object`) - An object with the JWT claims.
		* `done` (`Function`) - A function with signature `function(err, secret)` to be invoked when the secret is retrieved.
		* `err` (`Any`) - The error that occurred.
		* `secret` (`String`) - The secret to use to verify the JWT.

		- `req` (`Object`) - The express `request` object.
		- `payload` (`Object`) - An object with the JWT claims.
		- `done` (`Function`) - A function with signature `function(err, secret)` to be invoked when the secret is retrieved.
		- `err` (`Any`) - The error that occurred.
		- `secret` (`String`) - The secret to use to verify the JWT.

		For example, if the secret varies based on the [JWT issuer](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#issDef):

		```javascript
		var jwt = require('express-jwt');
		var data = require('./data');
		var utilities = require('./utilities');
		var jwt = require("express-jwt");
		var data = require("./data");
		var utilities = require("./utilities");

		var secretCallback = function(req, payload, done){
		var issuer = payload.iss;

		data.getTenantByIdentifier(issuer, function(err, tenant){
		if (err) { return done(err); }
		if (!tenant) { return done(new Error('missing_secret')); }

		var secret = utilities.decrypt(tenant.secret);
		done(null, secret);
		});
		var getSecret = async function (req, token) {
		const issuer = token.payload.iss;
		const tenant = await data.getTenantByIdentifier(issuer);
		if (!tenant) {
		throw new Error("missing_secret");
		}
		return utilities.decrypt(tenant.secret);
		};

		app.get('/protected',
		jwt({ secret: secretCallback, algorithms: ['HS256'] }),
		function(req, res) {
		if (!req.user.admin) return res.sendStatus(401);
		app.get(
		"/protected",
		jwt({ secret: getSecret, algorithms: ["HS256"] }),
		function (req, res) {
		if (!req.auth.admin) return res.sendStatus(401);
		res.sendStatus(200);
		});
		}
		);
		```

		### Revoked tokens

		It is possible that some tokens will need to be revoked so they cannot be used any longer. You can provide a function as the `isRevoked` option. The signature of the function is `function(req, payload, done)`:
		* `req` (`Object`) - The express `request` object.
		* `payload` (`Object`) - An object with the JWT claims.
		* `done` (`Function`) - A function with signature `function(err, revoked)` to be invoked once the check to see if the token is revoked or not is complete.
		* `err` (`Any`) - The error that occurred.
		* `revoked` (`Boolean`) - `true` if the JWT is revoked, `false` otherwise.

		- `req` (`Object`) - The express `request` object.
		- `payload` (`Object`) - An object with the JWT claims.
		- `done` (`Function`) - A function with signature `function(err, revoked)` to be invoked once the check to see if the token is revoked or not is complete.
		- `err` (`Any`) - The error that occurred.
		- `revoked` (`Boolean`) - `true` if the JWT is revoked, `false` otherwise.

		For example, if the `(iss, jti)` claim pair is used to identify a JWT:

		```javascript
		var jwt = require('express-jwt');
		var data = require('./data');
		var utilities = require('./utilities');
		const jwt = require("express-jwt");
		const data = require("./data");

		var isRevokedCallback = function(req, payload, done){
		var issuer = payload.iss;
		var tokenId = payload.jti;

		data.getRevokedToken(issuer, tokenId, function(err, token){
		if (err) { return done(err); }
		return done(null, !!token);
		});
		const isRevokedCallback = async (req, token) => {
		const issuer = token.payload.iss;
		const tokenId = token.payload.jti;
		const token = await data.getRevokedToken(issuer, tokenId);
		return token !== "undefined";
		};

		app.get('/protected',
		app.get(
		"/protected",
		jwt({
		secret: 'shhhhhhared-secret',
		algorithms: ['HS256'],
		isRevoked: isRevokedCallback
		secret: "shhhhhhared-secret",
		algorithms: ["HS256"],
		isRevoked: isRevokedCallback,
		}),
		function(req, res) {
		if (!req.user.admin) return res.sendStatus(401);
		function (req, res) {
		if (!req.auth.admin) return res.sendStatus(401);
		res.sendStatus(200);
		@@ -212,4 +212,4 @@ }
		app.use(function (err, req, res, next) {
		if (err.name === 'UnauthorizedError') {
		res.status(401).send('invalid token...');
		if (err.name === "UnauthorizedError") {
		res.status(401).send("invalid token...");
		}
		@@ -222,9 +222,28 @@ });
		```javascript
		app.use(jwt({
		secret: 'hello world !',
		algorithms: ['HS256'],
		credentialsRequired: false
		}));
		app.use(
		jwt({
		secret: "hello world !",
		algorithms: ["HS256"],
		credentialsRequired: false,
		})
		);
		```

		## Typescript

		An `ExpressJwtRequest` type is provided which extends `express.Request` with the `auth` property.

		```typescript
		import { expressjwt, ExpressJwtRequest } from "express-jwt";

		app.get(
		"/protected",
		expressjwt({ secret: "shhhhhhared-secret", algorithms: ["HS256"] }),
		function (req: ExpressJwtRequest, res: express.Response) {
		if (!req.auth.admin) return res.sendStatus(401);
		res.sendStatus(200);
		}
		);
		```

		## Related Modules
		@@ -243,2 +262,3 @@
		## Contributors

		Check them out [here](https://github.com/auth0/express-jwt/graphs/contributors)
		@@ -245,0 +265,0 @@

lib/errors/UnauthorizedError.js

lib/index.js

test/jwt.test.js

test/multitenancy.test.js

test/revocation.test.js

test/string_token.test.js

express-jwt - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes