npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-jwt-auth

v1.1.8

Published

This module lets you authenticate users in your Node applications.

Downloads

23

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

baldarianbaldarian

Keywords

Readme

node-jwt-auth

This module lets you authenticate users in your Node applications.

This lib aims to solve the following points.

  1. Provide a simple way for authenticating users which can be used in any kind of Node framework.
  2. Provide a way for refreshing tokens when access token is expired.
  3. Invalidate refresh token when user's password is changed. This way we can be confident that when password is changed all logged in devices will stay logged in as long as their access token hasn't been expired.

Install

npm install node-jwt-auth

Usage

This module represents a single class which is exported as default.

import 'Auth' from 'node-jwt-auth';

new Auth(config)

We need to use this class to initialize an auth object using which we can authenticate users.

config:

  • accessSecret: string that will be used to sign/verify access tokens
  • refreshSecret: string that will be used to sign/verify refresh tokens
  • mapUserToPayload: function which receives the user as an argument and returns a payload which then will be signed as a token
  • mapUserToHashed: function which receives the user as an argument and returns password to tie it with the refresh token
  • mapPayloadToUser: async function that takes the payload as an argument and returns the actual user

const mapPayloadToUser = async payload => {
  // retrieve id from payload
   const { id } = payload.user;

 // fetch the user by using above id
   const user = await findUserSomehow(id);

  // if user is not found throw an error
  if (!user) {
   throw new Error();
  }
  
  // if everything was successful then return the user
  return user;
};

const auth = new Auth({
  accessSecret: ACCESS_SECRET,
  refreshSecret: REFRESH_SECRET,
  mapUserToPayload: user => ({ user: { id: user.id } }),
  mapUserToHashed: user => user.password,
  mapPayloadToUser
});

auth.generateAccessToken(user)

Takes a user as an argument and returns the access token

auth.generateRefreshToken(user)

Takes a user as an argument and returns the refresh token

auth.verifyAccessToken(accessToken)

Takes access token as an argument and checks whether it has been expired or not. Returns payload if has not been expired yet, otherwise throws an error

auth.refreshAccessToken(refreshToken)

Takes refresh token as an argument and returns new access token. This also checks whether the password has been ever changed since the time when the refresh token is generated. If so, refresh token won't pass the verification process and this function will throw an error.