Overview
This module is a part of yocto node modules for NodeJS.
Please see our NPM repository for complete list of available tools (completed day after day).
This module manage web token process on your app or can use like a crypt tools.
We can use it like a middleware to encrypt and decrypt all json request just with a preconfigured key.
You can also check for each json request if request is allow.
!!! IMPORTANT !!! Please read auth0/node-jsonwebtoken for key usage.
This module use pem package for private / web key usage
Witch type of key works ?
Your can use a simple secret key or a cert file, like explain here
For more details see usage examples below.
Algorithms supported
Array of supported algorithms. The following algorithms are currently supported.
Algorithm | Digital Signature or MAC Algorithm |
---|---|
HS256 | HMAC using SHA-256 hash algorithm |
HS384 | HMAC using SHA-384 hash algorithm |
HS512 | HMAC using SHA-512 hash algorithm |
RS256 | RSASSA using SHA-256 hash algorithm |
RS384 | RSASSA using SHA-384 hash algorithm |
RS512 | RSASSA using SHA-512 hash algorithm |
ES256 | ECDSA using P-256 curve and SHA-256 hash algorithm |
ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm |
ES512 | ECDSA using P-521 curve and SHA-512 hash algorithm |
Classic usage
var c = ; // our datavar data = env : 'development' port : 3000 directory : models : './example/models' controllers : './example/controllers' views : './example/views' public : './example/public' icons : './example/public/icons' media : './example/public/media' a: 1 foo : 'bar'; // KEY SETTING partvar key = 'MY_JWT_KEY_OR_CERT_FILE'; // set algo//c.algorithm('HS384'); // set keyif c // signed process var signed = c; console; // decode proess var decoded = c; console; // decode with auto remove of jwt properties (iat, etc ...) var decoded = c; console; // verify signature process var verify = c; else // cannot set key console;
Middleware usage
If you are using AngularJs you can use our middleware yocto-angular-jwt that provide to you a tool that can manage request processed with yocto-jwt
var jwt = ;var express = ;var app = ; // setup your express ... // set keyjwt; // enable auto encrypt json requestapp; // enable auto decrypt json requestapp;
How to auto filter json request access
To use this feature your front app must send with current json request a specific header : x-jwt-access-token
.
This header must contain a valid token generate by the server.
var jwt = ;var express = ;var app = ; // setup your express ... jwt;
You can also use our AngularJs middleware yocto-angular-jwt that provide to you a tool that can manage request processed with yocto-jwt
How to generate an access token
You can also setup a route on your node server to refresh your access token.
In this tools you must call generateAccessToken
method to retrieve a new token.
By default a token is valid 5 minutes.
var jwt = ; var token = jwt;
How allow ip access
By default only localhost are allowed (::1 & 127.0.0.1)
var jwt = ;var express = ;var app = ; // setup your express ... jwt;
How allow route without jwt verification
By default none route is allowed. If the url of the request match an allowedRoute the ip of the caller will not be check
var jwt = ;var express = ;var app = ; // setup your express ...jwt;
Next Step
- Add method to change refresh delay & more