Validate a JWT, its scope and NBF (token with future created dates) to authorize access to an endpoint. Internally uses the below libraries for performing the validation

"express-jwt": "^5.3.1",
"express-jwt-authz": "^2.3.1",
"jsonwebtoken": "^8.5.1",
"jwks-rsa": "^1.5.1",

$ npm install node-express-jwt-lib

express@^4.0.0 is a peer dependency. Make sure it is installed in your project.

const tokenCheckScopeCheckNbfCheck = require('node-express-jwt-lib');

app.post('/timesheets/upload',
        tokenCheckScopeCheckNbfCheck,
        function(req, res) { ... });

The JWT must have a scope claim and it must either be a string of space-separated permissions or an array of strings. For example:

// String:
"write:users read:users"

// Array:
["write:users", "read:users"]

• failWithError: Default set to true, will forward errors to next instead of ending the response directly. For changing the value add property FAIL_WITH_ERROR in .env file and change the value.
• checkAllScopes: Default set to true, all the expected scopes will be checked against the user's scopes. For changing the value add property CHECK_ALL_SCOPES in .env file and change the value.
• customScopeKey: The property name to check for the scope. By default, permissions are checked against user.scope, but you can change it to be user.myCustomScopeKey with this option. Defaults to scope.