jwt-permissions

A permissions layer built on top of jsonwebtokens

Usage no npm install needed!

<script type="module">
  import jwtPermissions from 'https://cdn.skypack.dev/jwt-permissions';
</script>

README

JWT Permissions

Build Status

A permissions layer built on top of jsonwebtokens

Table Of Contents

Quick Start

Verify a jsonwebtoken has required roles

const secret = 'the secret';
const requiredRoles = [/^write.*$/]; // has to match each regex
// create a token with some roles in the payload
const accessToken = jsonwebtoken.sign({ roles: ['write-1234'] }, secret);
verifyPermission({ requiredRoles, accessToken, secret })
  .then(() => {
    // token is good and has all needed roles
  })
  .catch(() => {
    // either a bad token or missing roles
  });

Verify (with customizable payload key)

const secret = 'the secret';
const requiredRoles = [/^write.*$/]; // has to match each regex
// create a token with some roles in the payload
const accessToken = jsonwebtoken.sign({ otherRoleKey: ['write-1234'] }, secret);
verifyPermission({ requiredRoles, accessToken, secret, rolesKey: 'otherRoleKey' })
  .then(() => {
    // token is good and has all needed roles
  })
  .catch(() => {
    // either a bad token or missing roles
  });

Test

npm test
npm run test:watch

API

verifyPermission

Verify a token is valid and has all required permissions

Arguments

options - object - input options with the following keys

  • requiredRoles - array of regex - each regex must pass on at least one role in the token
  • accessToken - jsonwebtoken - a jsonwebtoken that can be verified
  • secret - string - a secret used to verify the jsonwebtoken
  • rolesKey - string - (optional) the key to pull the roles from the payload in the jsonwebtoken