Nervous Parrot Muttering

    jwt-simple-auth

    1.0.3 • Public • Published

    jwt-simple-auth

    npm version NPM downloads npm

    JSON Web Token Authentication.

    Using jwt-simple-auth

    jwt-simple-auth is intended for use by servers / services and relies on external RSA digital certificates in order to carry out its operations. Use the supplied keygen.sh script if you need to create a public/private key pair.

    Some services might use a private certificate to create a JSON Web Token, while another service might just use the public certificate to validate the authenticity of a token.

    jwt-simple-auth works with two types of tokens: an access token and a refresh token. Access tokens are short lived (one hour by default) and will expire upon that time. You may use a refresh token to obtain a fresh new access token. The refresh token will also expire (one week by default) and at that point you'll need to create a new refresh token. In systems where users sign-in requesting a new refresh token requires entering valid credentials.

    Load jwt-simple-auth as you would normally and load the private and public certificates. You can replace the loadCerts parameters with null if you only need to load a private or public certificate.

    const jwtAuth = require('jwt-simple-auth');
    jwtAuth.loadCerts('./server.pem', './server.pub');

    Overriding default options:

    The jwt-auth init member can be used to override default values. At this time there's only two default values: accessTokenExpirationInSeconds which as a default set to 3600 seconds or one hour and refreshTokenExpirationInSeconds which defaults to 2419200 or four weeks.

    To set an access token expiration to only 10 seconds and a refresh token expiration to 60 seconds:

    jwtAuth.init({
      accessTokenExpirationInSeconds: 10,
      refreshTokenExpirationInSeconds: 60
    });

    To create a JWT token:

    const payload = {
      userID: 34,
      admin: true
    };
    jwtAuth.createToken(payload, 'access')
      .then((token) => {
        // token is now ready for use.
      });

    To verify a JWT token:

    jwtAuth.verifyToken(token, 'access')
      .then((response) => {
        // if valid, the response is decoded JWT payload, see verify token response below.
      });

    Verify token response

    {
      "userID": 34,
      "admin": true,
      "iss": "urn:auth",
      "jti": "2fd6th6tqfz101",
      "exp": 1466614755,
      "iat": 1466614754
    }

    To refresh a valid token:

    jwtAuth.refreshToken(token)
      .then((newToken) => {
        // if original token was valid then a newToken is returned.
      });

    To retrieve a hash of an existing token:

    let hash = jwtAuth.getTokenHash(token);

    This is useful when implementing a token management scheme.

    Creating private and public certificates

    You can use the supplied keygen.sh script to create certificates for use with jwt-auth.

    $ ./keygen.sh

    Tests

    This project includes mocha/chai tests. Make sure you have mocha installed globally.

    $ npm install mocha -g

    Then run:

    $ npm test

    Keywords

    none

    Install

    npm i jwt-simple-auth

    DownloadsWeekly Downloads

    1

    Version

    1.0.3

    License

    MIT

    Unpacked Size

    19.8 kB

    Total Files

    13

    Last publish

    Collaborators

    • cjus