npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jwt-function

v2.0.3

Published

Simple way to sign, verify & decode JWT

Downloads

109

Readme

jwt-function

Simple way to sign, verify & decode JWT

Algorithms

| HMAC-SHA | | ----- | | HS256 | | HS384 | | HS512 |

Examples

const jwtfn = require('jwt-function')

// Sign a token
const token = jwtfn.sign({ user: 'Bob' }, 'secret')

// Verify a token
jwtfn.verify(token, 'secret')

// Decode a token
jwtfn.decode(token)

API

sign(body, key, options)

Sync sign a JsonWebToken based on a payload and options object.

  • body An object that represent the payload of the JWT, but it should not contains the specific JWT properties, it must be used from object options (required).
  • key A secret or private key as string or Buffer to sign the JWT. It depend on the selected algorithm (required).
  • options A sign options object. It used to define specifics properties to the JWT (default = object).
    • alg The name/tag of the used algorithm to sign the JWT. It's must be an implemented algorithm (default: 'HS256') (required).
    • typ The JWT type, must type string (default: 'JWT') (required).
    • iat The issued at date, must be timestamp or true (default: true).
    • exp The expiration date, must be timestamp (default: null).
    • nbf The date from which the JWT is valid, must be timestamp (default: null).
    • iss The issuer, must be type string (default: null).
    • aud The audience, must be type string (default: null).
    • sub The subject, must be type string (default: null).
    • jti The JsonWebToken ID, must be type string (default: null).
    • header The object with properties to add to the JWT header (default: null).
Examples
// Limit the token validity to 1 day.
const expiration = new Date().getTime() + (24 * 60 * 60)
jwtfn.sign({ ... }, 'secret', { exp: expiration })

// Add header properties.
const addedProps = { add1: 'add1', add2: 'add2' }
jwtfn.sign({ ... }, 'secret', { header: addedProps })

The function return a jwt: string.

verify(token, key, options)

Sync verify a JsonWebToken.

  • token A JsonWebToken as string format to verify (required).
  • key A secret or private key as string or Buffer to sign the JWT. It depend on the selected algorithm (required).
  • options A verify options object, it primary used to define token verification.
    • alg A string or an array of string to match with token algorithm (default: 'HS256') (required).
    • typ A string to or an array of strings to compare with typ header argument (default: null).
    • iat A timestamp to check if the token has been signed after this timestamp (default: null).
    • exp A boolean to define the check state of the expiration date, in case it's true the field is required to be valid, an error will be thrown if the field does not exist on the token. If the field is equal to null then the verification will be checked only if the field exists on the token. Else the token is equal false, the verification will not be done.(default: null).
    • nbf A boolean to define the check state of the date from which the JWT is valid, in case it's true the field is required to be valid, an error will be thrown if the field does not exist on the token. If the field is equal to null then the verification will be checked only if the field exists on the token. Else the token is equal false, the verification will not be done.(default: null).
    • iss A issuer verification, it can be string or regex, or an array of them (default: null).
    • aud A audience verification, it can be string or regex, or an array of them (default: null).
    • sub A subject verification, it can be string or regex, or an array of them (default: null).
    • header An object used as list of checks to do in header part, it can provide string or regex, or an array of them (default: null).
    • payload An object used as list of checks to do in payload part, it can provide string or regex, or an array of them (default: null).
    • decode A boolean option to change the function return to get the decoded JWT (default: null).

The function return a true|object.

Examples
// Check the token is not expired and is yet mature.
jwtfn.verify(token, 'secret', { exp: true, nbf: true })

// Check the token header (same for payload).
jwtfn.verify(token, 'secret', {
  header: {
    add1: 'add1', // Should be equal
    add2: [/remove/, '/add/'] // Should has one or more matches
  }
})

decode(token, options)

Sync decode a JsonWebToken.

  • token A JsonWebToken as string format to decode (required).
  • options A decode options object.
    • base64 The state to return a response with base64 parts (default: false).

The function return a decoded: object.

Examples
// Get base64 parts.
jwtfn.decode(token, { base64: true })

Return an object like:

{
  header: {...},
  payload: {...},
  base64: {
    header: '...',
    payload: '...',
    signature: '...'
  }
}

Errors

  • InvalidTokenError Root error
  • InvalidSignatureError When the signature not match with the JWT.
  • InvalidAlgorithmError When the algorithm is not allowed on the options.
  • InvalidTypeError When the JWT type is not validated by the options..
  • InvalidIssuedAtError When the token iat timestamp is lower than the options.
  • ExpiredSignatureError When the token exp timestamp is lower than now.
  • ImmatureSignatureError When the token nbf timestamp is greater than now.
  • InvalidIssuerError When then issuer is not validated by options.
  • InvalidAudienceError When the audience is not validated by options.
  • InvalidSubjectError When the subject is not validated by options.
  • InvalidTokenIDError When the tokenID is not validated by options.
  • InvalidHeaderError When any defined verification options header is not valid.
  • InvalidPayloadError When any defined verification options payload is not valid.