signer

Signs and verifies JWTs, both asymmetric and symmetric.

Stars
0
View Code on GitHub View on X
Ecosystems: TypeScript

signer

This package takes away the burden of dealing with JWT authentication. You can sign a payload and get back a JWT token, which you can then be verified by signer again. signer also supports blocking specific tokens.

The big advantage of JWTs is, that they can be verifed using a public key. These keys can be obtained using signers REST-API, so that the other services can use them, as well.

@skn0tt/signer

yarn add @skn0tt/signer

import Signer from "@skn0tt/signer";

const redisClient = redis.createClient("...");
const signer = await Signer.fromRedis(
  redisClient,
  {
    mode: "asymmetric",
    secretLength: 96,
    tokenExpiry: 300,
    rotationInterval: 300,
    onRotate: () => console.log("Yay, I rotated!")
  }
);

const jwtRepo = signer.getJwtRepository();

const token = await jwtRepo.sign({ uid: "johndoe" });
const payload = await jwtRepo.verify(token);
...

Docker Image

signer is available as a Docker image: skn0tt/signer.

To start a working server, use docker-compose.yml file in this repository. Once it's running, you can use it like so:

Creating a token:

$ curl --data '{ "name": "Tom" }' localhost:3000/tokens/
eyJhbGciOiJSUzI1NiIsInR5 ...

Validating a token:

$ curl -v localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...
{"iat":1532599135} # 200

$ curl -v localhost:3000/tokens/invalidToken
invalid signature # 401

Blocking a token:

$ curl -X DELETE localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...

$ curl -v localhost:3000/tokens/eyJhbGciOiJSUzI1NiIsInR5...
Token Blocked # 401

Getting the secrets

$ curl localhost:3000/secrets
{ "old": "----BEGIN RSA...", "current": "----BEGIN RSA..." }

$ curl localhost:3000/secrets/current
----BEGIN RSA PUBLIC KEY----...

$ curl localhost:3000/secrets/old
----BEGIN RSA PUBLIC KEY----...

Forcing a rotate

curl -X POST localhost:3000/secrets

The whole API documentation can be found here: OpenAPI Docs

Configuration

These are the available environment variables for configuration:

REDIS_HOSTNAME: redis # required
REDIS_PORT: 6379
ROTATION_INTERVAL: 3600 # in seconds
SECRETS_KEY: SECRETS # key that secrets are stored in
SECRET_LENGTH: 96
ROTATE_ON_STARTUP: false # triggers a single rotation on startup of the service
ASYMMETRIC_SIGNING: true # can be disabled to use symmetric signing
Badges
Extracted from project README
Docker Pulls Docker Build Status
Related Projects
documenso

The Open Source DocuSign Alternative.

12 Mar 2023 6,053
jwt

JWT utilities module based on the jsonwebtoken package 🔓

24 Jun 2018 562
newrelic-bench-test

08 Mar 2023 0
signed

Tiny node.js/express library for signing urls and validating them based on secret key.

20 Jul 2013 32
apple-signin-auth

 Apple signin for nodeJS.

24 Feb 2020 139
jwt-service

A simple wrapper around `jsonwebtoken`

23 Sep 2018 3
twilio-mock

Twilio Mock API Server

05 Feb 2022 5
cloudflare-worker-jwt

A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.

04 Feb 2021 661
fastapi-react

🚀 Cookiecutter Template for FastAPI + React Projects. Using PostgreSQL, SQLAlchemy, and Docker

21 Mar 2020 2,201