Fix typo
Merge pull request #6 from onelastjedi/dev
Merge branch 'dev'
JavaScript library to sign and verify JSON Web Tokens in it's simplest form. Has no dependencies.
If you use npm, npm install @onelastjedi/node-jwt
. You can also download the latest release on GitHub.
import jwt from '@onelastjedi/node-jwt'
const secret = process.env.__SECRET__
const data = {
exp: Math.floor(Date.now() / 1000) + 60 * 60,
user: { id: 1, name: 'Mary' }
}
jwt.sign(data, secret) // eyJhbGc.....
jwt.verify(token, secret)
/*
{
alg: 'HS256',
typ: 'JWT',
user: { id: 1, name: 'Mary' },
iat: ...,
exp: ...,
}
*/
jwt.sign(body, secret, [alg])
Generated JWT will include an iat (issued at) claim by default. For expiration claim (exp) simply add it to payload. Default signature is HS256
.
const exp = Math.floor(Date.now() / 1000) + 60
const token = jwt.sign({ foo: 'bar', exp: exp }, secret, 'HS384')
jwt.verify(token, secret)
The result of this transformation will be a decrypted body. Possible thrown errors during verification.
const data = jwt.verify(token, secret)
TokenExpiredError
: if the token is expired.
SignatureInvalidError
: if the signature is invalid.
Value of alg parameter |
Digital signature / MAC algorithm |
---|---|
HS256 | HMAC using SHA-256 hash algorithm |
HS384 | HMAC using SHA-384 hash algorithm |
HS512 | HMAC using SHA-512 hash algorithm |