Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
fwsp-jwt-auth
Advanced tools
Readme
JSON Web Token Authentication.
jwt-auth
is intended for use by servers / services and relies on external RSA digital certificates in order to carry out its operations.
Use the supplied keygen.sh
script if you need to create a public/private key pair.
Some services might use a private certificate to create a JSON Web Token, while another service might just use the public certificate to validate the authenticity of a token.
Load jwt-auth as you would normally and load the private and public certificates. You can replace the loadCerts parameters with null
if you only need to load a private or public certificate.
const jwtAuth = require('fwsp-jwt-auth');
jwtAuth.loadCerts('./server.pem', './server.pub');
Overriding default options:
The jwt-auth init member can be used to override default values. At this time there's only one default value: tokenExpirationInSeconds
which as a default set to 3600 seconds or one hour.
To set a token expiration to only 10 seconds:
jwtAuth.init({
tokenExpirationInSeconds: 10
});
Note: when using refreshToken, the token will be refreshed to the value set in the initialization options.
To create a JWT token:
const payload = {
userID: 34,
admin: true
};
jwtAuth.createToken(payload)
.then((token) => {
// token is now ready for use.
});
To verify a JWT token:
jwtAuth.verifyToken(token)
.then((response) => {
// if valid, the response is decoded JWT payload, see verify token response below.
});
Verify token response
{
"userID": 34,
"admin": true,
"issuer": "urn:auth",
"exp": 1466614755,
"iat": 1466614754
}
To refresh a valid token:
jwtAuth.refreshToken(token)
.then((newToken) => {
// if original token was valid then a newToken is returned.
});
To retrieve a hash of an existing token:
let hash = jwtAuth.getTokenHash(token);
This is useful when implementing a token management scheme.
You can use the supplied keygen.sh
script to create certificates for use with jwt-auth.
$ ./keygen.sh
This project includes mocha/chai tests. Make sure you have mocha installed globally.
$ npm install mocha -g
Then run:
$ npm test
FAQs
JSON Web Token Authentication Helper
The npm package fwsp-jwt-auth receives a total of 482 weekly downloads. As such, fwsp-jwt-auth popularity was classified as not popular.
We found that fwsp-jwt-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.