Skip to content

simon-p-r/yajwt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

yajwt

Greenkeeper badge build status Current Version dependency Status devDependency Status Coveralls

An implementation of JSON Web Tokens.

This was developed against draft-ietf-oauth-json-web-token-08. It makes use of node-jws and has heavily used jsonwebtoken module as inspiration

Install

$ npm install yajwt

Usage

jwt.sign(options, [callback])

(Asynchronous) Callback has err, JWT string signature

jwt.signSync(options)

(Synchronous) Returns an object with an error(on failure) and token property (on success)

options:

  • header object with following properties
    • alg default: RS256
    • typ default 'JWT', this is only accepted value for this property
  • payload: object with the following properties
    • aud: string - audience of token
    • exp: number ms since EPOCH or a string describing a time duration added to seconds since EPOCH rauchg/ms. Eg: 60, "2 days", "10h", "7d" or Moment formats types ['DD-MM-YYYY', 'DD-MM-YY', 'DD/MM/YYYY', 'DD/MM/YY']
    • iat: same as above, defaults to the time payload is signed. If duration is used the value is added to Date.now()
    • iss: string - issuer of token
    • jti: string - unique identity of token
    • nbf: same as exp
    • sub: string - describing subject of token
  • privateKey: string or buffer of private key to sign token

All timestamp related fields if a number are coerced into seconds from ms.

Additional custom header properties can be provided via the header object.

Example

const jwt = require('yajwt');

// read key for signing
const key = fs.readFileSync('private.pem');  
const signed = jwt.signSync({ header: { alg: 'HS256' }, payload: {aud: 'private'}, privateKey: key });
console.log(signed.token); /// prints JWT string


// sign asynchronously
jwt.sign({ header: { alg: 'HS256' }, payload: {aud: 'private'}, privateKey: key }, (err, token) => {
  console.log(err, token);
});

jwt.verify(options, callback)

(Asynchronous) Callback has err, decoded JWT signature

jwt.verifySync(options)

(Synchronous) Returns true or false depending on whether token can be verified as valid

options

  • algorithms default: RS256.
  • signature json string to verify
  • publicKey: is a string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
// verify a token asymmetric
const publicKey = fs.readFileSync('public.pem');  // get public key

const valid = jwt.verifySync(token, publicKey);
console.log(valid) // true

// verify a token symmetric
jwt.verify({signature: jsonString, algorithm: 'HS256',  publicKey: publicKey}, (err, decoded) => {
  console.log(err) // null
  console.log(decoded) // decoded token meaning payload verified
});

Todo

  • improve error handling for missing callback on async funcs

About

yet another json web token module

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages