@serverless-jwt/jwt-verifier

The base module for the serverless-jwt ecosystem which is platform independent and can be used to build provider specific integrations or which can be used straight out of the box.

Installation

npm install --save @serverless-jwt/jwt-verifier

Usage

The verifier can be configured to validate tokens from a given issuer to a given audience.

const { JwtVerifier, JwtVerifierError } = require('@serverless-jwt/jwt-verifier');

const jwt = new JwtVerifier({
  issuer: 'https://auth.sandrino.dev/',
  audience: 'urn:colors-api'
});

try {
  const claims = await jwt.verifyAccessToken(token);
  ...
} catch (e) {
   if (e instanceof JwtVerifierError) {
      console.error(e.code, e.message);
    }
}

Advanced Options

Claims Mapping

You can also provide a function to map the incoming claims to a format that is more usable in your application. This would allow you to rename certain claims or to change the claim from a string to an array:

const { JwtVerifier, removeNamespaces, claimToArray } = require('@serverless-jwt/jwt-verifier');

const jwt = new JwtVerifier({
  issuer: 'https://auth.sandrino.dev/',
  audience: 'urn:colors-api',
  mapClaims: (claims) => {
    let user = {
      ...claims
    };

    // Helper to remove namespaces from each claim (eg: http://schemas.acme.com/roles would be transformed into simply roles)
    user = removeNamespaces(user);

    // Use a helper to transform a string into an array.
    user.scopes = claimToArray(user.scopes);
  }
});

Extract Token

If a token was provided through the Authorization header, a small helper is available to extract the token from the header:

const { getTokenFromHeader } = require('@serverless-jwt/jwt-verifier');
const token = getTokenFromHeader(request.headers.get('Authorization'));