express-jwt-token

A lean and configurable implementation of jwt auth for Express.js

MIT License

Downloads
57
Stars
4
Committers
1
View Code on GitHub Visit Website View on X
Ecosystems: JSON, Node.js

JWT token auth for express.js

This package provides JSON Web Token Authentication support for Express. It conveniently sets req.user for authenticated requests. The authorization header is in the from of:

Authorization JWT < jwt token >

New to using JSON Web Tokens? Take a look at these resources:

Installation

npm install express-jwt-token

Usage

var express = require('express')
  , auth = require('express-jwt-token')
  , app = express()
  , router = express.Router()


// Require jwt authorization on all routes
router.all('*', auth.jwtAuthProtected)

// Require jwt authorization on only api routes
router.all('/api/*', auth.jwtAuthProtected)

// Require jwt auth on a specific route
router.get('/auth-protected', auth.jwtAuthProtected, function(req, res){
  res.send({'msg': 'Im jwt auth protected!'})
})

app.use('/', router)
app.listen(3000)

Now your route(s) are protected and require an authorization header in the form of:

Authorization JWT < jwt token >

Configuration

Configure your JWT Secret. This must be changed for production. Default value is 'secret'.

process.env.JWT_SECRET_KEY = 'Your Secret'

Configure the authorization header prefix. this is optional. Default is 'JWT'.

process.env.jwtAuthHeaderPrefix

Provided Middleware

ensureAuthorizationHeader

An Express.js middleware that ensures that a request has supplied an authorization header.

  • @param {object} req
  • @param {object} res
  • @param {function} next

validateJWTAuth

An Express.js middleware validates a JWT token.

  • @param {object} req
  • @param {object} res
  • @param {function} next

ensureAuthorized

An Express.js middleware that ensures that a request has supplied an authorization header.

  • @param {object} req
  • @param {object} res
  • @param {function} next

jwtAuthProtected

The grouped middleware needed to enforce jwt Auth. Mounts the same as a single middleware.

Errors

When authorization fails express-jwt-token will return an UnauthorizedError with some helpful details about what went wrong.

This implementation was based on the excellent django-rest-framework-jwt library.

Package Rankings
Top 12.34% on Npmjs.org
Badges
Extracted from project README
Build Status npm version
Related Projects
node-express-boilerplate

A boilerplate for building production-ready RESTful APIs using Node.js, Express, and Mongoose

25 Oct 2019 6,864
secure-jws-session

Secure json web signature sessions with Redis

15 Aug 2017 4
express-middleware

A miscellaneous collection of Express middlewares to parse string properties into numbers or bool...

12 Jun 2020 1