README
Token
Kind: global class
Summary: a JSON Web Token
- Token
- new Token(payload, [signature])
- .payload ⇒
Object
- .read([key]) ⇒
*
- .write(key, value) ⇒
Token
- .remove(key) ⇒
Token
- .sign(key, [algorithm]) ⇒
Promise.<string>
- .verify(jwt, crt, [signature]) ⇒
Promise.<Token>
new Token(payload, [signature])
Param | Type | Description |
---|---|---|
payload | Object |
A valid JSON Web Token payload |
[signature] | string | null |
Optional signature to verify token origin. This can be useful as an added security measure to ensure the token originated from the expected origin to prevent CSRF attacks. Generate a signature and store it in a secure location, e.g. HttpOnly cookie. Then, pass this signature value to the Token.verify static method upon verification to confirm token origin. |
Object
token.payload ⇒ Kind: instance property of Token
Summary: An object value of this Token's payload.
Although it is recommended to use the read
and write
methods of Token, this method can be useful if you use
Token to store a flat data structure that you intend to
operate on with other ES* methods.
Access: public
*
token.read([key]) ⇒ Kind: instance method of Token
Summary: Reads the value at specified key or returns
the entire payload if no key is specified.
Access: public
Param | Type | Description |
---|---|---|
[key] | string |
Key to read. |
Token
token.write(key, value) ⇒ Kind: instance method of Token
Summary: Writes a value to the payload
Access: public
Param | Type | Description |
---|---|---|
key | string |
Key for value to write. |
value | string |
Value to write. |
Token
token.remove(key) ⇒ Kind: instance method of Token
Summary: Removes specified key.
Access: public
Param | Type | Description |
---|---|---|
key | string |
Key to remove. |
Promise.<string>
token.sign(key, [algorithm]) ⇒ Kind: instance method of Token
Summary: Returns a signed JWT
Access: public
Param | Type | Default | Description |
---|---|---|---|
key | Buffer |
The private key to sign this token. | |
[algorithm] | string |
"'RS256'" |
The algorithm to use to sign. |
Promise.<Token>
token.verify(jwt, crt, [signature]) ⇒ Kind: instance method of Token
Summary: Verifies a signed JWT and returns a Token if valid over the
passed public certificate.
Access: public
Param | Type | Description |
---|---|---|
jwt | string |
A signed JWT. |
crt | Buffer |
The public certificate to verify the passed value against |
[signature] | string |
Optional signature to verify origin of token. This can be useful as an added security measure to ensure the token originated from the expected origin to prevent CSRF attacks. |