This package provides JSON Web Token Authentication support for Express. It conveniently sets req.user for authenticated requests. The authorization header is in the from of:
Authorization JWT < jwt token > New to using JSON Web Tokens? Take a look at these resources:
npm install express-jwt-tokenvar express = require('express') , auth = require('express-jwt-token') , app = express() , router = express.Router() // Require jwt authorization on all routes router.all('*', auth.jwtAuthProtected) // Require jwt authorization on only api routes router.all('/api/*', auth.jwtAuthProtected) // Require jwt auth on a specific route router.get('/auth-protected', auth.jwtAuthProtected, function(req, res){ res.send({'msg': 'Im jwt auth protected!'}) }) app.use('/', router) app.listen(3000)Now your route(s) are protected and require an authorization header in the form of:
Authorization JWT < jwt token > Configure your JWT Secret. This must be changed for production. Default value is 'secret'.
process.env.JWT_SECRET_KEY = 'Your Secret'Configure the authorization header prefix. this is optional. Default is 'JWT'.
process.env.jwtAuthHeaderPrefixAn Express.js middleware that ensures that a request has supplied an authorization header.
- @param {object} req
- @param {object} res
- @param {function} next
An Express.js middleware validates a JWT token.
- @param {object} req
- @param {object} res
- @param {function} next
An Express.js middleware that ensures that a request has supplied an authorization header.
- @param {object} req
- @param {object} res
- @param {function} next
The grouped middleware needed to enforce jwt Auth. Mounts the same as a single middleware.
When authorization fails express-jwt-token will return an UnauthorizedError with some helpful details about what went wrong.
This implementation was based on the excellent django-rest-framework-jwt library.