Skip to content

🎁 JSON Web Token implementation for Node.js.

License

Notifications You must be signed in to change notification settings

onelastjedi/node-jwt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
Oct 31, 2023
Oct 14, 2023
Apr 7, 2023
Oct 31, 2023
Oct 15, 2023
Oct 31, 2023
Oct 31, 2023
Oct 31, 2023

Repository files navigation

bundle size version downloads

node-jwt

JavaScript library to sign and verify JSON Web Tokens in it's simplest form. Has no dependencies.

Installation

If you use npm, npm install @onelastjedi/node-jwt. You can also download the latest release on GitHub.

Use

import jwt from '@onelastjedi/node-jwt'

const secret = process.env.__SECRET__

const data = {
  exp: 60 * 60 * 24 * 7, // 7 days
  user: { id: 1, name: 'Mary' }
}

jwt.sign(data, secret) // eyJhbGc.....
jwt.verify(token, secret)
/*
  {
    alg: 'HS256',
    typ: 'JWT',
    user: { id: 1, name: 'Mary' },
    iat: ...,
    exp: ...,
    }
*/

API

jwt.sign(body, secret, [alg])

Generated JWT will include an iat (issued at) claim by default. For expiration claim (exp) simply add it to payload. Default signature is HS256.

const exp = 60 * 60 * 24 * 365 // 365 days
const token = jwt.sign({ foo: 'bar', exp: exp }, secret, 'HS384')

jwt.verify(token, secret)

The result of this transformation will be a decrypted body. Possible thrown errors during verification.

const data = jwt.verify(token, secret)

Errors

TokenError: token is expired or signature is invalid.

Algorithms supported

Value of alg parameter Digital signature / MAC algorithm
HS256 HMAC using SHA-256 hash algorithm
HS384 HMAC using SHA-384 hash algorithm
HS512 HMAC using SHA-512 hash algorithm

License

AGPL