Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
132 lines (94 sloc) 4.07 KB
HTTP requests authentication middleware for Marble.js based on JWT mechanism.


This module lets you authenticate HTTP requests using JWT tokens in your Marble.js applications. JWTs are typically used to protect API endpoints, and are often issued using OpenID Connect.

{% hint style="info" %} You can find more details about JWT (RFC 7519) standard here. {% endhint %}

The middleware uses jsonwebtoken package under the hood. It wraps the package API into more
RxJS-friendly abstractions that can be partially applied and composed inside Effect streams.


$ npm i @marblejs/middleware-jwt

Requires @marblejs/core to be installed.


import { authorize$ } from '@marblejs/middleware-jwt';

Type declaration

authorize$ :: (VerifyOptions, object -> Observable<object>) -> HttpMiddlewareEffect


parameter definition
config VerifyOptions
verifyPayload$ (payload: object) => Observable<object>

{% tabs %} {% tab title="verifyPayload$" %} A function used for payload verification. With this handler we can check if the payload extracted from the JWT token fulfills our security criterias (eg. we can verify if the given user identifier exists in the database). Besides the general verification, the function can return the streamed object, that will be available inside HttpRequest req.user parameter. If the stream throws an error (eg. during the validation) the authorize$ middleware responds with 401 / Unauthorized error.

Type declaration

verifyPayload$ :: object -> Observable<object>


The function checks the presence of the user id in the database and then returns an Observable of found user instance.

const verifyPayload$ = (payload: Payload) => UserDao

{% endtab %}

{% tab title="VerifyOptions" %} Config object, passed as a first argument, defines a set of parameters that are used during token verification process.

parameter definition
secret `string
algorithms <optional> string[]
audience <optional> `string
clockTimestamp <optional> number
clockTolerance <optional> number
issuer <optional> `string
ignoreExpiration <optional> boolean
ignoreNotBefore <optional> boolean
jwtid <optional> string
subject <optional> string
{% endtab %}
{% endtabs %}

{% hint style="info" %} For more infos about jwt.VerifyOptions please read jsonwebtoken docs. {% endhint %}

{% hint style="info" %} You can read more about token creation here. {% endhint %}


It is recommended to extract the middleware configuration into separate file. This way you can reuse it in many places.

{% code-tabs %} {% code-tabs-item title="auth.middleware.ts" %}

import { authorize$ as jwt$ } from '@marblejs/middleware-jwt';
import { SECRET_KEY } from './config';

const config = { secret: SECRET_KEY };

const verifyPayload$ = (payload: Payload) => UserDao

export const authorize$ = jwt$(config, verifyPayload$);

{% endcode-tabs-item %} {% endcode-tabs %}

The configured middleware can be simply composed in any route, that should be validated.

import { r } from '@marblejs/core';
import { authorize$ } from './auth-middleware';

const getUsers$ = r.pipe(

const user$ = combineRoutes('/user', {
  effects: [getUsers$],
  middlewares: [authorize$], 👈

If the incoming request doesn't pass the authentication process (eg. token is invalid, expired or the verifyPayload$ throws an error, the middleware responds with 401 / Unauthorized error.

You can’t perform that action at this time.