Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

fastify-jwt

Package Overview
Dependencies
Maintainers
6
Versions
48
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

fastify-jwt

JWT utils for Fastify

  • 0.2.0
  • Source
  • npm
  • Socket score
Version published
Maintainers
6
Created
Source

fastify-jwt

js-standard-style Build Status

JWT utils for Fastify, internally uses jsonwebtoken.

Install

npm i fastify-jwt --save

Usage

Register as a plugin. This will decorate your fastify instance with the standard jsonwebtoken methods decode, sign, and verify; refer to their documentation to find how to use the utilities. It will also register request.jwtVerify and reply.jwtSign. You must pass a secret when registering the plugin.

const fastify = require('fastify')
fastify.register(require('fastify-jwt'), { 
  secret: 'supersecret' 
})

fastify.post('/signup', (req, reply) => {
  // some code
  const token = fastify.jwt.sign({ payload })
  reply.send({ token })
})

fastify.listen(3000, err => {
  if (err) throw err
})

API Spec

fastify-jwt

fastify-jwt is a fastify plugin. You must pass a secret to the options parameter. The secret can be a primitive type String or a function that returns a String. Function based secret is supported by the request.jwtVerify() and reply.jwtSign() methods and is called with request, reply, and callback parameters.

Example
const fastify = require('fastify')()
const jwt = require('fastify-jwt')
// secret as a string
fastify.register(jwt, { secret: 'supersecret' })
// secret as a function
fastify.register(jwt, { 
  secret: function (request, reply, callback) {
    // do something 
    callback(null, 'supersecret')
  }
})

fastify.jwt.sign(payload [,options] [,callback])

The sign method is an implementation of jsonwebtoken .sign(). Can be used asynchronously by passing a callback function; synchronously without a callback.

fastify.jwt.verify(token, [,options] [,callback])

The verify method is an implementation of jsonwebtoken .verify(). Can be used asynchronously by passing a callback function; synchronously without a callback.

Example
const token = fastify.jwt.sign({ foo: 'bar' })
// synchronously
const decoded = fastify.jwt.verify(token)
// asycnhronously
fastify.jwt.verify(token, (err, decoded) => {
  if (err) fastify.log.error(err)
  fastify.log.info(`Token verified. Foo is ${decoded.foo}`)
})

fastify.jwt.decode(token [,options])

The decode method is an implementation of jsonwebtoken .decode(). Can only be used synchronously.

Example
const token = fastify.jwt.sign({ foo: 'bar' })
const decoded = fastify.jwt.decode(token)
fastify.log.info(`Decoded JWT: ${decoded}`)

fastify.jwt.secret

For your convenience, the secret you specify during .register is made available via fastify.jwt.secret. request.jwtVerify() and reply.jwtSign() will wrap non-function secrets in a callback function. request.jwtVerify() and reply.jwtSign() use an asynchronous waterfall method to retrieve your secret. It's recommended that your use these methods if your secret method is asynchronous.

reply.jwtSign(payload, [options,] callback)

request.jwtVerify([options,] callback)

These methods are very similar to their standard jsonwebtoken counterparts.

Example
const fastify = require('fastify')()

fastify.register(jwt, { 
  secret: function (request, reply, callback) {
    // do something 
    callback(null, 'supersecret')
  }
})

fastify.post('/sign', function (request, reply) {
  reply.jwtSign(request.body.payload, function (err, token) {
    return reply.send(err || { 'token': token })
  })
})

fastify.get('/verify', function (request, reply) {
  request.jwtVerify(function (err, decoded) {
    return reply.send(err || decoded)
  })
})

fastify.listen(3000, function (err) {
  if (err) fastify.log.error(err)
  fastify.log.info(`Server live on port: ${fastify.server.address().port}`)

  // sign payload and get JWT
  request({
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: {
      payload: {
        foo: 'bar'
      }
    },
    uri: `http://localhost:${fastify.server.address().port}/sign`,
    json: true
  }, function (err, response, body) {
    if (err) fastify.log.error(err)
    fastify.log.info(`JWT token is ${body}`)

    // verify JWT
    request({
      method: 'GET',
      headers: {
        'Content-Type': 'application/json',
        authorization: 'Bearer ' + sign.token
      },
      uri: 'http://localhost:' + fastify.server.address().port + '/verify',
      json: true
    }, function (err, response, body) {
      if (err) fastify.log.error(err)
      fastify.log.info(`JWT verified. Foo is ${body.bar}`)
    })
  })
})

Acknowledgements

This project is kindly sponsored by:

  • LetzDoIt

License

Licensed under MIT.

Keywords

FAQs

Package last updated on 18 Jan 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack Detected in Solana's web3.js Library

Security News

Supply Chain Attack Detected in Solana's web3.js Library

A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.

By Sarah Gooding  -  Dec 03, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc