Skip to content
An example API for creating/verifying json web tokens
Branch: master
Clone or download
dependabot-preview and circa10a [Security] Bump lodash from 4.17.11 to 4.17.14 (#1)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.11...4.17.14)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Latest commit b773e26 Jul 12, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
config add docker file, more jwt data in response Jul 6, 2019
lib initial commit Jul 5, 2019
middleware add docker file, more jwt data in response Jul 6, 2019
routes add k8s deployment Jul 10, 2019
.dockerignore add docker file, more jwt data in response Jul 6, 2019
.eslintrc.json initial commit Jul 5, 2019
.gitignore Initial commit Jul 5, 2019
Dockerfile add docker file, more jwt data in response Jul 6, 2019
LICENSE Create LICENSE Jul 5, 2019
README.md update readme for k8s deploy Jul 10, 2019
create_keys.sh initial commit Jul 5, 2019
index.js fix lint issue Jul 5, 2019
jwtRS256.key initial commit Jul 5, 2019
jwtRS256.key.pub initial commit Jul 5, 2019
k8s-deployment.yaml
package-lock.json [Security] Bump lodash from 4.17.11 to 4.17.14 (#1) Jul 11, 2019
package.json initial commit Jul 5, 2019

README.md

Express-JWT

An example API for creating/verifying json web tokens.

Yes, the private key is in the repo. Not secure. I know.

Usage

Install Dependencies

npm install

Start

npm start

Docker

docker run -d --name express-jwt -p 8000:8000 circa10a/express-jwt

Kubernetes

kubectl apply -f https://raw.githubusercontent.com/circa10a/express-jwt/master/k8s-deployment.yaml

Then navigate to http://localhost:8000/ to see the swagger api docs.

Configuration

Port

Default listens on port 8000, but can be changed by specifying a PORT environment variable.

Basic auth users

To obtain your JWT, you must authenticate against /login with Basic Auth.

There are 2 hardcoded sample users in config/config.js that can be used. You can also easily append to the object for more fake users.

Users

user password base64
admin admin YWRtaW46YWRtaW4=
guest password Z3Vlc3Q6cGFzc3dvcmQ=

JWT Expiration

In config/config.js the default expiration time of a JWT is 1h

Obtain token

curl -H "Authorization: Basic YWRtaW46YWRtaW4=" http://localhost:8000/login

Auth with token

You can use the token previously acquired via curl or here's a token with no expiration you can test with:

curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpYXQiOjE1NjIzNDc0MzR9.g0-jxWgWVc98C6EzEWYoWxyIXVY3xmzgIZfD32PBZfrwrVrTiAqP69IrJ3DKBseeVgf2dwOm4ennwpakHXv-xxfZyMoM8-nfwJardv0Pr4bToBhGwxJhe-g1Hy7ygID5XpqQok9zY_R-0vZn-o-opi9VZYvTft9ZBAPEdj9oPZrRk_LfrrMQjO-oK9BiNQTjZm0rzFsqetk8FmqKwtb-TDPmmkgS0remsbsJzyvAi2x6r7fosljM2t0vjxdGzumbU4pxuSsQUjoRDzPG0VAH2rKNHECFqmCWJ8myIBOobYYAt7TIW0TzzJkyXb9amfDjy1IBlZyvwEznTUT_XBh6hQ" http://localhost:8000/protected
You can’t perform that action at this time.