npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

vc-jwt-auth

v0.0.3

Published

Authentication with Verifiable Credentials

Downloads

2

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

javiessesjaviesses

Keywords

Readme

RIF Identity Authentication

This package exposes a set of functions to authenticate users using DIDs and Verifiable Credentials

How it works

  1. User sends him/her DID and asks for a challenge.
  2. The package generates it and associate the just generated challenge with the received DID. The challenge will be valid for a fixed time. Default: 5 minutes
  3. The user signs a VC that includes the challenge in it and sends its JWT representation to the package.
  4. The package validates that the VC is signed by the private key associated with the previous sent DID and that it contains the previous sent challenge. If it is ok, it generates another VC and returns its JWT representation. Default expiration time: 10 hours.
  5. The user sends that received JWT in the Authorization header of each authenticated request.
  6. The package provides a middleware that can be used in Express applications, it validates the sent JWT, if it is okay, it authenticates the request, if not, 401 is returned.

Operations

initializeAuth

The library must be initialized with this method. If not, an exception will be thrown when invoking the rest of the methods. It configures the library with the sent options and initializes the identity that will sign the authentication JWTs.

Parameter

  • env Is an object that contains the following: -- did - did that will be used to sign auth tokens. REQUIRED -- signer - Signer object associated with the did, will be used to sign auth tokens. REQUIRED -- rpcUrl: rsk rpc url used to validate credentials - Default: https://did.testnet.rsk.co:4444 -- authExpirationInHours - Default: 10 -- challengeExpirationInSeconds - Default: 300 -- maxRequestsPerToken - Default: 20

getChallenge

Generates a random 64 bytes challenge that will be validated when the user logs in. The challenge will be deleted after the challengeExpirationInSeconds value provided in the initializeAuth method.

Parameter

  • did - string DID that will be associated with the generated challenge. REQUIRED

getAuthToken

Generates the JWT representation of a VC that will be used to authenticate requests from now onward. Throws errors if the challenge is not valid or the VC received is not well formatted. The generated JWT will be deleted after the authExpirationInHours value provided in the initializeAuth method.

Parameter

  • jwt - jwt representation of a VC signed by the client with the received challenge. That VC should be signed by the DID sent before and follow this format:
vc: {
    '@context': ['https://www.w3.org/2018/credentials/v1'],
    type: ['VerifiableCredential'],
    credentialSubject: {
      claims: [
        { claimType: 'challenge', claimValue: RECEIVED_CHALLENGE }
      ]
    }
  }

authExpressMiddleware

It is a middleware created to be used in Express applications. The token should be included raw in the Authorization header of the request. This method validates that that token has been signed by the privateKey provided in the initializeAuth method, that it is not expired and also that the token did not exceed the max amount of requests allowed per user (maxRequestsPerToken)

Run for development and test

npm i
npm test

Link to other project

npm link
cd path/to/your/project
npm link @rsksmart/rif-id-jwt-auth