kolbeinsson88-jwt

Package for creating, decoding and verifying JSON Web Tokens (JWT).

Usage no npm install needed!

<script type="module">
  import kolbeinsson88Jwt from 'https://cdn.skypack.dev/kolbeinsson88-jwt';
</script>

README

What is it ?

Allows you to create, decode and verify JSON Web Tokens (JWT).

Getting started

yarn add --dev kolbeinsson-jwt

Create tokens

Secure JWT will accept headers fields for algorithm, content type and media type. To encrypt our token we will be using a HS256 cryptographic algorithm, so you must set the alg field to HS256. You must also set the content type header. Will be using base64 encoding because thats all node.js got.

const { jsonWebToken } = require('kolbeinsson-jwt');
/**
 * Create a JWT token, to create a secure JWT you need to use a cryptographic algorithm to 
 * create an encrypted token signature, we only support HMAC-SHA256 encryption. You may set 
 * your content type and type header. Your token will also accept a payload object with 
 * whatever claims you need. Your private key may be an arbritary string of at least 11 characters for semantic reasons
*/

const header = { "alg": "hs256", "cty": "jwt", "typ": "jwt" };
const payload = {
    "userId": 1,
    "email": 'john@example.com',
    "firstName": 'John',
    "lastName": "Doe",
    "admin": true,
    "exp": Math.floor(Date.now() / 1000 + (480 * 480)),
    "iat": Math.floor(Date.now() / 1000),
    "iss": "https://sitename.com"
};

// The private key needs to be at least 11 characters long
const privateKey11PlusChar = 'f0859760-3d22-16eb-aa93-0222ac130002';
const token = jsonWebToken(header, payload, privateKey11PlusChar); // JWT: eyJhbGciOiJoczI1NiIsIm .... jNTU2M2JhYzdlZDA4MWI1M2Q2YWM4Yw==

Create unsecure tokens

You can create an unsecure JWT base64 encoded token. The alg header field is set to none because we are not signing the token with cryptographic algorithm

const { jsonWebToken } = require('kolbeinsson-jwt');
/**
 * Create a JWT token, to create a secure JWT you need to use a cryptographic algorithm to 
 * create an encrypted token signature, we only support HMAC-SHA256 encryption. You may set 
 * your content type and type header. Your token will also accept a payload object with 
 * whatever claims you need.
*/

const unsecureHeader = { "alg": "none", "typ": "jwt" };
const payload = {
    "id": 1,
    "name": 'John Doe',
};

// The private key needs to be at least 11 characters long
const privateKey11PlusChar = 'f0859760-3d22-16eb-aa93-0222ac130002';
const token = base64UnsecureJwt(unsecureHeader, payload, privateKey11PlusChar); // JWT: eyJhbGciOiJub25 .... Imh0dHBzc2l0ZW5hbWUuY29tIn0=.

Example use

You can also create a promise that can return a token, authenticate the JWT token if you have the correct private key and finally decode the token in order to access the header and payload claims from the token.

const { jsonWebToken, jasonWebTokenPromise, base64UnsecureJwt, verifyJasonWebToken, decodeJasonWebToken } = require('kolbeinsson-jwt');

// The private key needs to be at least 11 characters long
const privateKey11PlusChar = 'f0859760-3d22-16eb-aa93-0222ac130002'; 

const token = jsonWebToken(header, payload, privateKey11PlusChar); // JWT: eyJhbGciOiJoczI1NiIsIm .... jNTU2M2JhYzdlZDA4MWI1M2Q2YWM4Yw==
jasonWebTokenPromise(header, payload, privateKey11PlusChar) 
    .then(res => console.log(res)) // JWT: eyJhbGciOiJoczI1NiIsIm .... jNTU2M2JhYzdlZDA4MWI1M2Q2YWM4Yw==
    .catch(err => console.error(err)); // error
console.log(base64UnsecureJwt(unsecureHeader, payload)); // Unsecure JWT: eyJhbGciOiJub .... BzOi8vc2l0ZW5hbWUuY29tIn0=.
console.log(verifyJasonWebToken(token, privateKey11PlusChar)); // true
console.log(decodeJasonWebToken(token)); // Decoded JSON object