npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

auth-token-express

v1.0.4

Published

Module for access and refresh token

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

riazosamariazosama

Keywords

Readme

auth-token

Authentication package for handling access tokens and refresh token

Requirements

Installation

Using NPM

npm i auth-token-express

In Node.js:

import {authToken} from 'auth-token-express';
or
const authToken = require('auth-token-express').authToken;

Example

git clone [email protected]:<<username>>/auth-token.git
cd example
npm install
npm run dev

Why auth-token

Auth-token makes authentication relatively an easy process. You don't need to worry about access_token / refresh_token creation. This package depends upon redis to manage and store refresh_tokens. This package is great for:

  • Creatiing accessToken and refreshTokens
  • Verifying JSONWebTokens
  • Refreshing accessTokens using refreshToken

API Reference

initilize:void

This method will initilize the package. The best place to use this method would be in the starting file of your application e.g app.js;

Parameters

| Parameter | Type | Description | |--|--|--| | secretOrPrivateKey | Secret[] | Key used to generate JWT | | options | SignOptions[] | Additional options required to generate JWT

createTokens:Promise<{accessToken: string, refreshToken: string}>

Will create accessToken and refreshToken based on the secret or private key passed in the initilize method. The refreshToken will saved in redis server against the userId

| Parameter | Type | Description | |--|--|--| |userId| string,number| Id of the user for which you want to save refreshToken |payload|string,Buffer,object| All additional information which you want to store within both tokens |data|IData| All additional information which you want to store in redis in addition to your refreshToken against userId

removeAllToken:Promise<boolean>

This will remove all refreshTokens of a specific user. Best use case to use this method will be when you observe some abnormal behavior for an account and want to logout the user from all the devices. | Parameter | Type | Description | |--|--|--| |userId|string,number|UserId against which you want to delete all data stored in redis.

removeTokenForDevice:Promise<boolean>

Will remove a refreshToken for a specifc user against a specific device. Should be used when a user logsout from a singlr device. | Parameter | Type | Description | |--|--|--| |userId|string,number|UserId against which you want to delete data stored in redis. |device|string|user-agent's name against which you want to delete data stored in redis

verify:string | object

Checks if a JWT token is valid or not | Parameter | Type | Description | |--|--|--| |token|string|Token which needs to be verified |type|'access','refresh'|Type of token which needs to be verified. Deafult is 'access'

refreshToken:Promise<{accessToken: string, refreshToken: string}>

This method should be used when you want to refresh you accessToken | Parameter | Type | Description | |--|--|--| |userId|string,number|Id of user used to fetch data from redis |refreshToken|string|Token which will be validated and used to create new tokens |payload|string,Buffer,object|All additional information which you want to store within both tokens |data|IData| All additional information which you want to store in redis in addition to your refreshToken against userId

Interfaces

Secret

|Property|Description| Type(s)| |--|--|--| | Secret | Array of secrets with which you want to create and verify tokens. Value at index 0 will be used as a secret for accessToken and value at index 1 will be used for refreshToken | string,Buffer,{ key: string | Buffer; passphrase: string };

SignOptions

|Property|Description| Type(s)| |--|--|--| |algorithm?||Algorithm |keyid?||string |expiresIn?|expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d"| string,number |notBefore?|expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d"| string,number |audience?|| string,string[] |subject?|| string |issuer?|| string |jwtid?|| string |mutatePayload?||boolean |noTimestamp?||boolean |header?||object |encoding?||string

IData

|Property|Description| Type(s)| |--|--|--| |device|User-Agent from which API was consumed. This is required so that when someone logout from a specific device/browser, we could remove that data (refreshToken) from redis associated with a specific user-agent (Consult to Example to see usage)| string |refreshToken?||string