Denali Jwt
Middleware that validates JsonWebTokens and sets this.jwt
.
This module lets you authenticate HTTP requests using JWT tokens in your Denali applications. JWTs are typically used to protect API endpoints, and are often issued using OpenID Connect.
Install
$ denali install denali-jwt
Developing
- Clone the repo down
yarn install
denali server
- Hit localhost:3000
Tests
$ denali test
Usage
The JWT authentication middleware authenticates callers using a JWT.
If the token is valid, this.jwt
will be set with the JSON object decoded
to be used by later middleware for authorization and access control.
For example,
// config/environment.js { let config = 'denali-jwt': issuer: 'https://mydomain.com/' audience: 'some-audiance' secret: processenvJWT_SECRET algorithms: 'RS256' ; return config;
// app/actions/application.js ;; ApplicationAction extends Action static before = 'verifyJwt'; verifyJwt = ;
You can specify audience and/or issuer as well:
'denali-jwt' = secret: 'shhhhhhared-secret' audience: 'http://myapi/protected' issuer: 'http://issuer';
If the JWT has an expiration (
exp
), it will be checked.
If you are using a base64 URL-encoded secret, pass a Buffer
with base64
encoding as the secret instead of a string:
'denali-jwt' = secret: 'shhhhhhared-secret' 'base64';
This module also support tokens signed with public/private key pairs. Instead of a secret, you can specify a Buffer with the public key
let publicKey = fs;'denali-jwt' = secret: publicKey;
By default, the decoded token is attached to this.jwt
but can be configured with the requestProperty
option.
'denali-jwt' = secret: publicKey requestProperty: 'auth';
requestProperty
utilizes lodash.set and will accept nested property paths.
A custom function for extracting the token from a request can be specified with
the getToken
option. This is useful if you need to pass the token through a
query parameter or a cookie. You can throw an error in this function and it will
be handled by denali-jwt
.
'denali-jwt' = secret: 'hello world !' { if reqheadersauthorization && reqheadersauthorization0 === 'Bearer' return reqheadersauthorization1; else if reqquery && reqquerytoken return reqquerytoken; return null; };
Related Modules
- jsonwebtoken — JSON Web Token sign and verification
Contributors
Check them out here
License
This project is licensed under the MIT license. See the LICENSE file for more info.