kequjwt

A very simple implementation of headless jwt tokens. Useful for when you just want signed payloads to store and decode. Ensures the token is free of tampering and within a valid date range.

Usage

npm i kequjwt

import jwt from 'kequjwt';

const payload = { hello: 'world' };
const key = 'secret';

const token = jwt.encode(payload, key);
// ~> 'eyJoZWxsbyI6IndvcmxkIn0.bqxXg9VwcbXKoiWtp-osd0WKPX307RjcN7EuXbdq-CE'

jwt.decode(token, key);
// ~> { hello: 'world' }

Decode will throw an error if the token is invalid or unable to be verified. The generated token is headless meaning it contains only the payload and signature segments of the jwt.

JWT header

The header is equivalent to base64url encoded { typ: 'JWT', alg: 'HS256' } and can be accessed using jwt.header if needed for any reason.

const fullToken = `${jwt.header}.${token}`;

JWT invalidation

To set a not before or expiry date use 'nbf' and 'exp' measured in seconds.

const time = Math.floor(Date.now() / 1000);

const payload = {
    hello: 'world',
    nbf: time,
    exp: time + (60 * 60) // 1 hour
};

Suggestions

Please use a secure key. Generate a string that is 32 characters long (256 bits) then switch a few characters around by hand. Don't store keys in your repository if you can help it.

kequjwt

kequjwt

Usage

JWT header

JWT invalidation

Suggestions

Dependencies (0)

Dev Dependencies (5)

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

kequjwt

kequjwt

Usage

JWT header

JWT invalidation

Suggestions

Dependencies (0)

Dev Dependencies (5)

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads