Validate a JWT, its scope
and NBF (token with future created dates) to authorize access to an endpoint.
Internally uses the below libraries for performing the validation
"express-jwt": "^5.3.1",
"express-jwt-authz": "^2.3.1",
"jsonwebtoken": "^8.5.1",
"jwks-rsa": "^1.5.1",
$ npm install node-express-jwt-lib
express@^4.0.0
is a peer dependency. Make sure it is installed in your project.
const tokenCheckScopeCheckNbfCheck = require('node-express-jwt-lib');
app.post('/timesheets/upload',
tokenCheckScopeCheckNbfCheck,
function(req, res) { ... });
The JWT must have a scope
claim and it must either be a string of space-separated permissions or an array of strings. For example:
// String:
"write:users read:users"
// Array:
["write:users", "read:users"]
-
failWithError
: Default set totrue
, will forward errors tonext
instead of ending the response directly. For changing the value add propertyFAIL_WITH_ERROR
in .env file and change the value. -
checkAllScopes
: Default set totrue
, all the expected scopes will be checked against the user's scopes. For changing the value add propertyCHECK_ALL_SCOPES
in .env file and change the value. -
customScopeKey
: The property name to check for the scope. By default, permissions are checked againstuser.scope
, but you can change it to beuser.myCustomScopeKey
with this option. Defaults toscope
.