A powerful, customizable, and secure JWT authentication module for Node.js.
✅ Easy to Use – Simple API for signing, verifying, and handling JWT tokens.
🔐 Middleware Protection – Prebuilt Express middlewares for authentication and role-based access.
⚙️ Customizable – Flexible token handling with blacklisting, rotation, and configuration options.
📌 Secure – Supports token revocation, expiration, and advanced security best practices.
📚 Well-Documented – Comprehensive documentation for smooth integration.
npm install jwt-smith
❗❗🌐 For a comprehensive guide and detailed information, please visit the official documentation website. JWT Smith Documentation
@Note ❗ Debug logs have been added in the middleware functions to make the development process easier. It is highly recommended to disable debug logs in the production environment.
import { JwtManager } from 'jwt-smith';
const jwtManager = new JwtManager({
publicKey: process.env.PUBLIC_KEY || 'your-public-key',
refreshTokenKey: process.env.REFRESH_TOKEN_KEY || 'your-refresh-key',
signOptions: {
algorithm: 'RS256',
expiresIn: '1h',
},
verifyOptions: {
algorithms: ['RS256'],
},
middlewareConfigs: {},
});
const token = await sign({
payload: { id: 1, role: 'user' },
secret: 'my-secret-key',
});
const decoded = await verify({
token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
secret: 'my-public-key',
});
console.log(decoded); // { id: "123", role: "admin", iat: ..., exp: ... }
import express from 'express';
import { validateJwtHeaderMiddleware } from 'jwt-smith';
const app = express();
app.use(validateJwtHeaderMiddleware);
app.get('/protected', (req, res) => {
res.json({ message: 'Access granted!', user: req.user });
});
import { validateJwtCookieMiddleware } from 'jwt-smith';
app.use(validateJwtCookieMiddleware);
app.get('/secure', (req, res) => {
res.json({ message: 'Secure route accessed!', user: req.user });
});
Middleware | Description |
---|---|
validateJwtHeaderMiddleware |
Validates JWT from the Authorization header |
validateJwtCookieMiddleware |
Validates JWT from cookies and refreshes tokens if needed |
roleBasedAuthenticationMiddleware |
Restricts access based on user roles |
JWT Smith provides customizable options for security and flexibility.
const jwtManager = new JwtManager({
publicKey: process.env.PUBLIC_KEY || 'your-public-key',
refreshTokenKey: process.env.REFRESH_TOKEN_KEY || 'your-refresh-key',
signOptions: {
algorithm: 'RS256',
expiresIn: '1h',
},
verifyOptions: {
algorithms: ['RS256'],
},
middlewareConfigs: {},
});
💡 Documentation: Read the Docs
🐛 Report Issues: GitHub Issues
🌟 Feature Requests: Discussions
This project is licensed under the MIT License - see the LICENSE file for details.
We welcome contributions! Check out our CONTRIBUTING.md to get started.
🚀 Get Started with JWT Smith Today! 🚀
npm install jwt-smith