JWT Authentication
npm install @feathersjs/authentication --saveThe JWTStrategy is an authentication strategy included in @feathersjs/authentication for authenticating JSON web tokens (JWT):
{ "strategy": "jwt", "accessToken": "<your JWT>" }Usage
import { AuthenticationService, JWTStrategy } from '@feathersjs/authentication' import type { Application } from './declarations' declare module './declarations' { interface ServiceTypes { authentication: AuthenticationService } } export const authentication = (app: Application) => { const authentication = new AuthenticationService(app) authentication.register('jwt', new JWTStrategy()) app.use('authentication', authentication) }Options
Options are set in the authentication configuration under the strategy name. Available options are:
header(default:'Authorization'): The HTTP header containing the JWTschemes(default:[ 'Bearer', 'JWT' ]): An array of schemes to support
The default settings support passing the JWT through the following HTTP headers:
Authorization: <your JWT> Authorization: Bearer <your JWT> Authorization: JWT <your JWT>Options are usually set under the registered name via Feathers configuration in config/default.json or config/<environment>.json:
{ "authentication": { "jwt": { "header": "X-Auth" } } }Important
Since the default options are what most clients expect for JWT authentication they usually don't need to be customized.
To change the settings for generating and validating a JWT see the authentication service configuration
JwtStrategy
getEntity(id, params)
jwtStrategy.getEntity(id, params) returns the entity instance for id, usually entityService.get(id, params). It will not be called if entity in the authentication configuration is set to null.
authenticate(data, params)
jwtStrategy.authenticate(data, params) will try to verify data.accessToken by calling the strategies authenticationService.verifyAccessToken.
Returns a promise that resolves with the following format:
{ [entity], accessToken, authentication: { strategy: 'jwt', payload } }Important
Since the JWT strategy returns an accessToken property (the same as the token sent to this strategy), that access token will also be returned by authenticationService.create instead of creating a new one.
getEntityQuery(params)
Returns the query to use when calling entityService.get (default: {}).
parse(req, res)
Parse the HTTP request headers for JWT authentication information. By default in the Authorization header. Returns a promise that resolves with either null or data in the form of:
{ strategy: '<strategy name>', accessToken: '<access token from HTTP header>' }Customization
import { AuthenticationService, JWTStrategy } from '@feathersjs/authentication' import { LocalStrategy } from '@feathersjs/authentication-local' import type { Application } from './declarations' declare module './declarations' { interface ServiceTypes { authentication: AuthenticationService } } class MyJwtStrategy extends JWTStrategy { // Only allow authenticating activated users async getEntityQuery(params: Params) { return { active: true } } } export default (app: Application) => { const authentication = new AuthenticationService(app) authentication.register('jwt', new MyJwtStrategy()) // ... app.use('authentication', authentication) }