Vaidate google's JWTs middleware in connect applications.
JavaScript
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
LICENSE.txt
README.md
index.js
package.json

README.md

Use Google's JWTs to authenticate calls to your backend API.

Google implements the standard OpenID Connect, after the authorization flow with response_type=id_token you will get a JWT in the client side of your application. You can use this JWT to authenticate calls to your api.

This middleware validate three things expiration, audience and signature.

The signature is validated with the certs from https://www.googleapis.com/oauth2/v1/certs as stated in Google Docs Validating an ID Token. These certs are downloaded when your application starts and every 24hs.

If you want to validate JWT's from other sources (not google) use express-jwt.

Install

$ npm i connect-google-jwt

Usage

In an express.js application:

var googleJWT = require('connect-google-jwt');

app.configure(function () {
  //middlewares
  this.use('/api', googleJWT({
    client_id: 'your client id'
  }))
});

app.get('/api/messages', function (req, res) {
  req.user // you have the decoded JWT here
});

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.