fwsp-jwt-auth
Advanced tools
JSON Web Token Authentication.
jwt-auth is intended for use by servers / services and relies on external RSA digital certificates in order to carry out its operations.
Use the supplied keygen.sh script if you need to create a public/private key pair.
Some services might use a private certificate to create a JSON Web Token, while another service might just use the public certificate to validate the authenticity of a token.
Load jwt-auth as you would normally and load the private and public certificates. You can replace the loadCerts parameters with null if you only need to load a private or public certificate.
const jwtAuth = require('fwsp-jwt-auth');
jwtAuth.loadCerts('./server.pem', './server.pub');
Overriding default options:
The jwt-auth init member can be used to override default values. At this time there's only one default value: tokenExpirationInSeconds which as a default set to 3600 seconds or one hour.
To set a token expiration to only 10 seconds:
jwtAuth.init({
tokenExpirationInSeconds: 10
});
Note: when using refreshToken, the token will be refreshed to the value set in the initialization options.
To create a JWT token:
const payload = {
userID: 34,
admin: true
};
jwtAuth.createToken(payload)
.then((token) => {
// token is now ready for use.
});
To verify a JWT token:
jwtAuth.verifyToken(token)
.then((response) => {
// if valid, the response is decoded JWT payload, see verify token response below.
});
Verify token response
{
"userID": 34,
"admin": true,
"issuer": "urn:auth",
"exp": 1466614755,
"iat": 1466614754
}
To refresh a valid token:
jwtAuth.refreshToken(token)
.then((newToken) => {
// if original token was valid then a newToken is returned.
});
To retrieve a hash of an existing token:
let hash = jwtAuth.getTokenHash(token);
This is useful when implementing a token management scheme.
You can use the supplied keygen.sh script to create certificates for use with jwt-auth.
$ ./keygen.sh
This project includes mocha/chai tests. Make sure you have mocha installed globally.
$ npm install mocha -g
Then run:
$ npm test
FAQs
JSON Web Token Authentication Helper
We found that fwsp-jwt-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.