npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jsonwebtoken-redis

v1.0.6

Published

Json Web Token Redis

Downloads

270

Readme

jsonwebtoken-redis

This library completely repeats the entire functionality of the library jsonwebtoken, with four important additions:

  1. The token expiration time can be completely managed by Redis.
  2. You can invalidate the token by removing it from Redis.
  3. You can postpone the expiration a token.
  4. There's no callback. All functions returns Promises.

Installation

npm install jsonwebtoken-redis

Quick start

const Redis = require('redis');
const redis = new Redis();
const JwtRedis =  require('jsonwebtoken-redis');

const jwtRedis = new JwtRedis(redis, {
  prefix: 'session:' // The prefix used in Redis keys (optional). Defaults to "session:".
  expiresKeyIn: '24 hours' // The default Redis expiration time (optional)
  promiseImpl: Promise // Custom promise library (optional). Defaults to native Promise.
});

const secret = 'shhhhhh';
const payload = {
  scope: 'user',
  user: '1',
};

// Sign function call overriding the default Redis expiration time provided above
jwtRedis.sign(payload, secret, {expiresKeyIn: '48 hours'}).bind({}).then((token) => {
  this.token = token;
  // Returns the decoded payload without verifying if the signature is valid
  return jwtRedis.decode(token, secret, {complete: true});
}).then((decoded) => {
  // Returns the decoded payload verifying if the signature is valid
  return jwtRedis.verify(this.token, secret);
}).then((decoded) => {
  // Increases the expiration time by 48 hours
  return jwtRedis.touch(this.token);
}).then(() => {
  // Removes the token from Redis, invalidating it in the next "verify" function calls.
  return jwtRedis.destroy(this.token);
});

Expiration time managed by Redis

There's a new option expiresKeyIn when you call sign. This option is used to set the expiration time of the key/value created in Redis. Using this option the expiration time is completely managed by Redis, in other words, the key/value is created in Redis through the command expire. The token it self doesn't contain any expiration data.

jwtRedis.sign(payload, secret, {expiresKeyIn: '48 hours'}).then((token) => {

});

You can continue to use the option expiresIn or the payload attribute exp, but the option expiresKeyIn will be completely ignore. The key/value will be created in Redis with the expiration based on jwt option or payload attriute mentioned previously.

Attention: Implementing this way, you can't postpone the expiration in Redis because the token it self will expire.

Defining the jti claim

The "jti" (JWT ID) claim provides a unique identifier for the JWT. This is used to create the key for the token in Redis. If you don't provide the "jti", a new one will be generated using uuid version 4 (random).

const jwtRedis = new JwtRedis(client, {prefix: 'session:'})
const payload = {jti: 'test'}; // The key for the token in Redis will be "session:test"
const secret = 'shhhhhh';
jwtRedis.sign(payload, secret, {expiresKeyIn: '1 hour'}).then((token) => {
  return jwtRedis.decode(token, secret);
}).then((decoded) => {
  console.log(decoded.jti) // Will print "test"
});

Touching the token

When you set the jwt expiration time, you can't change it anymore. By using the option expiresKeyIn when you call sign, you have the power to postpone the expiration time.

jwtRedis.sign(payload, secret, {expiresKeyIn: '1 hour'}).then((token) => {
  // Do what you need here
});
// After 30 minutes...
jwtRedis.touch(token).then(() => {
  // Now the token will be valid for more 1 hour. Without this the token would expire in 30 minutes.
});

Destroying the token

You can invalidate the token by calling destroy function. This will remove the key/value associated to the token from Redis. All future calls to verify will throw JwtRedis.TokenExpiredError.

jwtRedis.destroy(token).then(() => {
  // The token was removed from Redis
});

Promises

All functions will return a Promise. You can set the Promise implementation by passing the option promiseImpl when you instantiate a new JwtRedis.

const Promise = require('bluebird')
const jwtRedis = new JwtRedis(redis, {
  promiseImpl: Promise,
});

API

Create a token

jwtRedis.sign(payload, secretOrPrivateKey [, options])

Verify the token

jwtRedis.verify(token, secretOrPublicKey [, options])

Decode the token

jwt.decode(token [, options])

Postpone the token expiration

jwtRedis.touch(token)

Destroy the token

jwtRedis.destroy(token)