npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jwt-nodejs

v1.0.3

Published

![Logo](https://curity.io/images/resources/architect/api-security/jwt.jpg)

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ayoub_moustahfidayoub_moustahfid

Keywords

json web tokenjwtexpress-jwtnode

Readme

JSON Web Token in JavaScript

Logo

I challenged myself during last weeks to implement an authentication on a freshly created API. After digging around, I found that one of the best solution would be JSON Web Tokens. As understanding a concept passes by experimenting it, here is a post describing how to forge such a token in JavaScript.

Installation

npm install jwt-nodejs

Usage/Examples

 generateToken(payload, secretOrPrivateKey)

payload could be an object literal, buffer or string representing valid JSON.

-Please note that exp or any other claim is only set if the payload is an object literal. Buffer or string payloads are not checked for JSON validity.
   
-If payload is not a buffer or a string, it will be coerced into a string using JSON.stringify.

secretOrPrivateKey is a string, buffer, or object containing either the secret for HMAC algorithms or the PEM encoded private key for RSA and ECDSA. In case of a private key with passphrase an object { key, passphrase } can be used (based on crypto documentation), in this case be sure you pass the algorithm option.

const {generateToken} = require('jwt-nodejs')

const token = generateToken({ foo: 'bar' }, process.env.JWT_SECRET);

What is JSON Web Token (JWT)?

JSON Web Token (JWT) is an easy way to secure an API. When a user authenticates first on a server, using for instance a standard login form, the server creates a token. This token includes some personal data, such as username or email address. Then, this token is signed server-side (to prevent token integrity), and sent back to the user. Within each next request, user sends the token to establish emitter identity.

JSON Web Token is composed of three main parts:

  • Header: normalized structure specifying how token is signed (generally using HMAC SHA-256 algorithm)
  • Free set of claims embedding whatever you want: username, email, roles, expiration date, etc.
  • Signature ensuring data integrity

JSON Web Token in JavaScript

JSON Web Tokens may be resumed by the following equations:

 unsignedToken = base64url(header) + "." + base64url(data)
 JWT = unsignedToken + "." + base64url(HMAC256(unsignedToken, secret))