jwt-policy
JSON Web Token middleware friendly with Express and Sails.js
Validates token
from HTTP request header authorization and sets req.user
, token is expected to be found at Authorization: Bearer <token>
.
This module verifies tokens generated with node-jsonwebtoken
Install
$ npm install jwt-policy --save
Usage
jwtPolicy(options, [callback])
options
:
secret
: is a string containing the secret for decoding token.extractToken
: function to extract token instead of default (HTTP Authorization Header).attachTo
: allows the user to override the default path where the decoded token will be attached to, default isuser
.
Note: You can pass all available options for jwt.verify
such as audience
, issuer
, etc.
Specify callback if you wish to do something with req.user
or check for possible errors, if callback is not supplied then default behavior will take effect.
For default, jwt-policy
extracts token using extractor-token (HTTP Authorization Header) but in case you are passing the token by any other method you can use extractToken
option.
Usage in Sails.js
Default behavior
// Will return 401 HTTP status code if any errors occurred.// policies/jwtAuth.jsmoduleexports = secret: 'my_secret_key' ;
Override default behavior
// policies/jwtAuth.jsmoduleexports = secret: 'my_secret_key' { if !err // user can be found at 'req.user' return ; return resstatus401;};
Override the way the token is extracted using extractToken
option.
// policies/jwtAuth.jsmoduleexports = secret: 'my_secret_key' { return req; };
Usage in Express
Default behavior
const jwtPolicy = ; app;
Override default behavior
const jwtPolicy = ; app; app;
Override the way the token is extracted using extractToken
option.
app;
Attach to
attachTo
option usage example:
const jwtPolicy = ; app; app;
Error handling
Possible thrown errors
TokenExtractorError
message | code |
---|---|
No Authorization header is present | E_AUTHORIZATION_REQUIRED |
Format is :: Authorization: Bearer | E_AUTHORIZATION_INVALID_FORMAT |
Authorization token was not found | E_AUTHORIZATION_TOKEN_NOT_FOUND |
JWTError
message | code |
---|---|
JSON Web Token provided has expired | E_TOKEN_EXPIRED |
Invalid JSON Web Token provided | E_TOKEN_INVALID |
Suppose E_TOKEN_EXPIRED
error was thrown
app;
Test
$ npm test