Skip to content
Vaidate google's JWTs middleware in connect applications.
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.

Use Google's JWTs to authenticate calls to your backend API.

Google implements the standard OpenID Connect, after the authorization flow with response_type=id_token you will get a JWT in the client side of your application. You can use this JWT to authenticate calls to your api.

This middleware validate three things expiration, audience and signature.

The signature is validated with the certs from as stated in Google Docs Validating an ID Token. These certs are downloaded when your application starts and every 24hs.

If you want to validate JWT's from other sources (not google) use express-jwt.


$ npm i connect-google-jwt


In an express.js application:

var googleJWT = require('connect-google-jwt');

app.configure(function () {
  this.use('/api', googleJWT({
    client_id: 'your client id'

app.get('/api/messages', function (req, res) {
  req.user // you have the decoded JWT here

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.




This project is licensed under the MIT license. See the LICENSE file for more info.

You can’t perform that action at this time.