jwt-guard
Provides Express middleware for guarding resources based on JWT roles and claims. Supports chaining with and
/or
.
Works great with Auth0 or other JWT implementations.
app.get'/user/:id',
Installation
npm install jwt-guard
Include the Express middleware as early as possible. It validates and decodes the JWT from the Authorization: Bearer
header using jsonwebtoken.
app.usejwtGuard'secret_key_shhhhh'
Usage
.token
is added to every request object. This can be used to guard access by requiring roles and/or claims.
Guard
Guarding throws an HTTP error on failure.
Using roles
Roles come from the roles:
claim in the JWT.
app.get'/admin-area',
Using claims
Claims come from the payload
of the JWT. Often this is used to hold things like user_id
.
app.post'/user',
Chaining roles and claims
You can require multiple roles and claims by chaining with or
and and
.
app.post'/blog',
app.delete'/blog/:id',
Check
Works like .guard()
but returns true
/false
instead of throwing an error. Supports chaining as well.
app.get'/admin-area',
Getting a claim
Retrieving the value of a claim is easy
app.get'/',