npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jwt-simple-auth

v1.0.3

Published

JSON Web Token Authentication Helper

Downloads

21

Readme

jwt-simple-auth

npm version npm

JSON Web Token Authentication.

Using jwt-simple-auth

jwt-simple-auth is intended for use by servers / services and relies on external RSA digital certificates in order to carry out its operations. Use the supplied keygen.sh script if you need to create a public/private key pair.

Some services might use a private certificate to create a JSON Web Token, while another service might just use the public certificate to validate the authenticity of a token.

jwt-simple-auth works with two types of tokens: an access token and a refresh token. Access tokens are short lived (one hour by default) and will expire upon that time. You may use a refresh token to obtain a fresh new access token. The refresh token will also expire (one week by default) and at that point you'll need to create a new refresh token. In systems where users sign-in requesting a new refresh token requires entering valid credentials.

Load jwt-simple-auth as you would normally and load the private and public certificates. You can replace the loadCerts parameters with null if you only need to load a private or public certificate.

const jwtAuth = require('jwt-simple-auth');
jwtAuth.loadCerts('./server.pem', './server.pub');

Overriding default options:

The jwt-auth init member can be used to override default values. At this time there's only two default values: accessTokenExpirationInSeconds which as a default set to 3600 seconds or one hour and refreshTokenExpirationInSeconds which defaults to 2419200 or four weeks.

To set an access token expiration to only 10 seconds and a refresh token expiration to 60 seconds:

jwtAuth.init({
  accessTokenExpirationInSeconds: 10,
  refreshTokenExpirationInSeconds: 60
});

To create a JWT token:

const payload = {
  userID: 34,
  admin: true
};
jwtAuth.createToken(payload, 'access')
  .then((token) => {
    // token is now ready for use.
  });

To verify a JWT token:

jwtAuth.verifyToken(token, 'access')
  .then((response) => {
    // if valid, the response is decoded JWT payload, see verify token response below.
  });

Verify token response

{
  "userID": 34,
  "admin": true,
  "iss": "urn:auth",
  "jti": "2fd6th6tqfz101",
  "exp": 1466614755,
  "iat": 1466614754
}

To refresh a valid token:

jwtAuth.refreshToken(token)
  .then((newToken) => {
    // if original token was valid then a newToken is returned.
  });

To retrieve a hash of an existing token:

let hash = jwtAuth.getTokenHash(token);

This is useful when implementing a token management scheme.

Creating private and public certificates

You can use the supplied keygen.sh script to create certificates for use with jwt-auth.

$ ./keygen.sh

Tests

This project includes mocha/chai tests. Make sure you have mocha installed globally.

$ npm install mocha -g

Then run:

$ npm test