Jwt helper middlewares for express.
npm install --save @permettezmoideconstruire/express-jwt
const {
extractToken,
verifyToken
} = require('@permettezmoideconstruire/express-jwt')
extractToken is a middleware factory.
Per RFC6750 the returned middleware will attempt to extract a bearer token from a request from these locations:
- The key
access_tokenin the request body. - The key
access_tokenin the request params. - The value from the header
Authorization: Bearer <token>.
If a token is found, it will be stored on req.token. If one has been provided in more than one location, this will immediately call next with a MultipleTokenError (per RFC6750).
For APIs not RFC6750 compliant, see options :
const express = require('express')
const { extractToken } = require('@permettezmoideconstruire/express-jwt')
const app = express()
app.use(extractToken())
app.use(function(req, res) {
console.log(req.token)
res.send()
})
app.use(process.env.PORT)
-
returnfunction : Returns the middleware -
options.fromObject{key: function(req) => string}- An associative array (object) of extractors. An extractor is a function that takes a single
reqparameter and returns a string - default:
{ query: queryBaseExtractor('access_token'), body: bodyBaseExtractor('access_token'), header: headerBasePrefixedExtractor({ key: 'authorization', prefix: 'Bearer ' }) }
- An associative array (object) of extractors. An extractor is a function that takes a single
-
options.tostring- A string which is the key to place token inside
req(for example{ to: 'token' }will setreq.token) - default:
'token'
- A string which is the key to place token inside
-
options.multiTolerantbool- A boolean which switches the behavior from a "throw when token found in multiple place" strategy to a "take first found token" strategy.
- The concept of "first" follows the order of the keys inside
options.from - default:
false
verifyToken is a middleware factory.
The returned middleware verifies the token inside req.token and decodes it to req.token (transforms it actualy)
If you want to keep encoded token inside req, or simply change input or output key, see options.
const express = require('express')
const { extractToken, verifyToken } = require('@permettezmoideconstruire/express-jwt')
const app = express()
app.use(
extractToken(),
verifyToken(process.env.JWT_SECRET_KEY)
)
app.use(function(req, res) {
console.log(req.token)
res.send()
})
app.use(process.env.PORT)
-
returnfunction : Returns the middleware -
secretOrPrivateKeymixed- The key that encoded the token, and should be used to decode it
- See auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback
-
options.fromfunction(req) => string- A function that is an extractor. An extractor is a function that takes a single
reqparameter and returns a string - default:
reqBaseExtractor('token')
- A function that is an extractor. An extractor is a function that takes a single
-
options.tostring- A string which is the key to place token inside
req(for example{ to: 'token' }will setreq.token) - default:
'token'
- A string which is the key to place token inside
-
options.jwtobject- An object that represents jwt options for
verifymethod (this is passed down) - See auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback
- An object that represents jwt options for
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent