Validate the JWT scope to authorize access to an endpoint
Clone or download
Latest commit a396511 Jan 15, 2019


Validate a JWTs scope to authorize access to an endpoint.


$ npm install express-jwt-authz

express@^4.0.0 is a peer dependency. Make sure it is installed in your project.


Use together with express-jwt to both validate a JWT and make sure it has the correct permissions to call an endpoint.

var jwt = require('express-jwt');
var jwtAuthz = require('express-jwt-authz');

  jwt({ secret: 'shared_secret' }),
  jwtAuthz([ 'read:users' ]),
  function(req, res) { ... });

The JWT must have a scope claim and it must be a string that specifies permissions separated by spaces. For example:

"write:users read:users"

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.




This project is licensed under the MIT license. See the LICENSE file for more info.