JWT (JSON Web Tokens) and JWKS (JSON Web Key Set) verifier for node / typescript (https://jwt.io)
Works with Express (https://expressjs.com/)
Uses jsrsasign to verify tokens (https://kjur.github.io/jsrsasign/)
- RS256
- HS256
npm install jwt-verifier --save
// JWTVerifier.verify() returns an Observable (http://reactivex.io/rxjs/)
JWTVerifier.verify(auth).subscribe((verified: boolean) => {});
import * as express from "express";
import { JWTConfig, JWTVerifier } from "jwt-verifier";
import { ExpressMiddleware } from "jwt-verifier/dist/middleware";
const app: express.Express = express();
// Needed if you wish to auto retrieve your JWKS from a URL.
JWTConfig.instance.CERT_URL = "https://somejkwserver/jwks";
// Add express middleware to check auth token
app.use((req, res, next) => {
const auth: string = ExpressMiddleware.getAuthToken(req);
if (auth) {
JWTVerifier
.verify(auth).subscribe((verified: boolean) => {
console.info("Verified:", verified);
next();
});
} else {
// Unauthorized
res.sendStatus(401);
}
});
- JWTVerifier.verify(token: string, key?: string | RSAKey, acceptFieldParams?: AcceptFieldParams) - returns Observable<boolean> (http://reactivex.io/rxjs/).
- token: string | required
- key: string (HS256 key) or RSAKey | optional - see https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT
- acceptFieldParams: Object | optional - see https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT
Contributions are welcome via issues / pull requests
Unit tests are run with npm run test
Build is run with npm run build