@jordanforeman/jwt-authentication
v0.1.8
Published
An authentication strategy for @jordanforeman/api-framework
Downloads
3
Readme
@jordanforeman/jwt-authentication
An authentication strategy middleware for accessing APIs via JsonWebTokens using @jordanforeman/api-framework
Installation
$ npm i --save @jordanforeman/{api-framework,rest-exceptions,jwt-authentication} --save-exact
Usage
Use this module when defining a new controller (endpoint) that requires authentication. Like so:
import {auth as jwt} from '@jordanforeman/jwt-authentication';
const myController = {
path: '/my/protected/path',
method: 'GET',
config: {
auth: jwt(secretOrPublicKey, options),
handler: getMyProtectedPath
}
};
If authentication is successful, the current request
will be hydrated with an auth
property containing the contents of the JWT's payload.
If authentication is unsuccessful, the current request
will be rejected with a 403 Forbidden
error with the following error message:
Must be authorized to view this resource
secretOrPublicKey
From the jsonwebtoken
docs:
secretOrPublicKey
is a string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA. [..]secretOrPublicKey
can be a function that should fetch the secret or public key.
options
This authentication strategy is largely a pass through to the jsonwebtoken
module, and as such exposes the same options
that it does in verify
. For more information, see jsonwebtoken.verify
docs.
Additional Reading
For more information about using JsonWebTokens, see jwt.io