Wondering what’s next for npm?Check out our public roadmap! »

    connect-google-jwt

    1.0.2 • Public • Published

    Use Google's JWTs to authenticate calls to your backend API.

    Google implements the standard OpenID Connect, after the authorization flow with response_type=id_token you will get a JWT in the client side of your application. You can use this JWT to authenticate calls to your api.

    This middleware validate three things expiration, audience and signature.

    The signature is validated with the certs from https://www.googleapis.com/oauth2/v1/certs as stated in Google Docs Validating an ID Token. These certs are downloaded when your application starts and every 24hs.

    If you want to validate JWT's from other sources (not google) use express-jwt.

    Install

    $ npm i connect-google-jwt
    

    Usage

    In an express.js application:

    var googleJWT = require('connect-google-jwt');
     
    app.configure(function () {
      //middlewares
      this.use('/api', googleJWT({
        client_id: 'your client id'
      }))
    });
     
    app.get('/api/messages', function (req, res) {
      req.user // you have the decoded JWT here
    });

    Issue Reporting

    If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

    Author

    Auth0

    License

    This project is licensed under the MIT license. See the LICENSE file for more info.

    Keywords

    none

    Install

    npm i connect-google-jwt

    DownloadsWeekly Downloads

    2

    Version

    1.0.2

    License

    BSD

    Last publish

    Collaborators

    • avatar