Giter Club home page Giter Club logo

veloze-jwt's Introduction

npm-badge actions-badge types-badge

@veloze/jwt

Middleware to verify JSON-Web-Tokens (JWT) sent in Bearer Authorization Header.

If public-keys are required to verify JWTs the JWKS URI can be detected by issuer using .well-known/openid-configuration URLs.

Supports multiple issuers with the jwks() method.

Works also with express using jwtAuthExpress().

usage

Installation

npm i @veloze/jwt

In your code:

import { Server } from 'veloze'
import { jwtAuth } from '@veloze/jwt'

const server = new Server()
const issuer = 'https://my.oau.th'
// for HS256, HS384, HS512 token provide secret
const protect = jwtAuth({ issuer, secret: 's€cr3t' })
server.get('/', protect, (req, res) => res.end())
server.listen(443)

// ----
await fetch('https://server', { 
  headers: {
    authorization: 'Bearer <TOKEN>' // H256 Token with issuer https://my.oau.th
  }
})

For OIDC servers with .well-known/openid-configuration

import { jwtAuth, jwks } from '@veloze/jwt'

const issuer = 'https://my.oau.th'
const issuer2 = 'https://oauth.other'

// supports multiple issuers
const secret = jwks([issuer, issuer2])
const protect = jwtAuth({ secret })

API

jwtAuth

import { 
  JWTHeaderParameters,
  JWTPayload,
  JWTVerifyOptions, 
  KeyLike 
} from 'jose'

interface DecodedJWT {
  header: JWTHeaderParameters,
  payload: JWTPayload,
  signature: string
}

type GetKeyLikeFn = (decodedToken: DecodedJWT, req: Request) => Promise<KeyLike>;

interface JwtOptions extends JWTVerifyOptions {
  /**
   * for HS256...HS512 provide secret as Buffer or string
   * for asymmetric JWT provide publicKey as secret
   */
  secret: string|Buffer|KeyLike|GetKeyLikeFn
  /**
   * if verification is successful then payload of decoded token is added to 
   * request using this property e.g. default is `req.auth`
   * @default 'auth'
   */
  requestProperty: string
}

function jwtAuth (options: JwtOptions): 
  Promise<(req: Request, res: Response): void>

function jwtAuthExpress (options: JwtOptions): 
  (req: Request, res: Response, next: Function): void

jwks

type JwksOptions = {
  /**
   * allows to set custom fetch function
   */
  fetcher?: typeof fetch | undefined;
  /**
   * expiry in ms, JWKS uris are cached until this expiry timeout
   */
  expiresIn?: number | undefined;
  /**
   * jwksUri by issuer (for PS, RS, ES alg JWTs)
   * allows to overwrite the default jwks_uri which usually is looked-up from 
   * .well-known/openid-configuration
   */
  jwksByIssuer?: Record<string, string> | undefined;
  /**
   * secret by issuer (for HS JWTs) 
   */
  secretsByIssuer?: Record<string, string | Uint8Array> | undefined;
};

/**
 * issuers: provide a list of different issuers which shall be supported
 */
function jwks(issuers: string[], options: JwksOptions): GetKeyLikeFn;

license

MIT licensed

veloze-jwt's People

Contributors

commenthol avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.