express-jwt
Advanced tools
Comparing version 7.1.0 to 7.2.0
{ | ||
"name": "express-jwt", | ||
"version": "7.1.0", | ||
"version": "7.2.0", | ||
"description": "JWT authentication middleware.", | ||
@@ -33,3 +33,3 @@ "keywords": [ | ||
"express-unless": "^1.0.0", | ||
"jsonwebtoken": "^8.1.0" | ||
"jsonwebtoken": "^8.5.1" | ||
}, | ||
@@ -36,0 +36,0 @@ "devDependencies": { |
# express-jwt | ||
[![Build](https://travis-ci.org/auth0/express-jwt.png)](http://travis-ci.org/auth0/express-jwt) | ||
This module provides Express middleware for validating JWTs ([JSON Web Tokens](https://jwt.io)) through the [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken/) module. The decoded JWT payload is available on the request object. | ||
@@ -74,5 +72,11 @@ | ||
Optionally you can make some paths unprotected as follows: | ||
To only protect specific paths (e.g. beginning with `/api`), use [express router](https://expressjs.com/en/4x/api.html#app.use) call `use`, like so: | ||
```javascript | ||
app.use("/api", jwt({ secret: "shhhhhhared-secret", algorithms: ["HS256"] })); | ||
``` | ||
Or, the other way around, if you want to make some paths unprotected, cal `unless` like so. | ||
```javascript | ||
app.use( | ||
@@ -206,2 +210,4 @@ jwt({ | ||
res.status(401).send("invalid token..."); | ||
} else { | ||
next(err); | ||
} | ||
@@ -262,3 +268,3 @@ }); | ||
[Auth0](auth0.com) | ||
[Auth0](https://auth0.com) | ||
@@ -265,0 +271,0 @@ ## License |
44929
271
Updatedjsonwebtoken@^8.5.1