joaquimserafim / json-web-token Goto Github PK

View Code? Open in Web Editor NEW

34.0 5.0 10.0 116 KB

JSON Web Token (JWT) for Node.js

License: ISC License

JavaScript 100.00%

json-web-token's Introduction

json-web-token

JWT encode and decode for Node.js that can use callbacks or by returning an object {error:, value:}

WIKI

JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or MACed and/or encrypted.

info & more info

the version 2.*.* should work only for NodeJS >= 4 for NodeJS 0.10 and 0.12 should install the version 1.6.3

API

jwt#encode(key, payload, [algorithm], cb)

key, your secret
payload, the payload or Claim Names or an object with {payload, header}

ex:

{
   "iss": "my_issurer",
  "aud": "World",
  "iat": 1400062400223,
  "typ": "/online/transactionstatus/v2",
  "request": {
    "myTransactionId": "[myTransactionId]",
    "merchantTransactionId": "[merchantTransactionId]",
    "status": "SUCCESS"
  }
}

attention that exists some reserved claim names (like "iss", "iat", etc..) check in here for more info about JWT Claims.

algorithm, default to 'sha256', use jwt#getAlgorithms() to get the supported algorithms
cb, the callback(err[name, message], token)

jwt#decode(key, token, cb)

key, your secret
token, the JWT token
cb, the callback(err[name, message], decodedPayload[, decodedHeader])

Example

var jwt = require('json-web-token');

var payload = {
  "iss": "my_issurer",
  "aud": "World",
  "iat": 1400062400223,
  "typ": "/online/transactionstatus/v2",
  "request": {
    "myTransactionId": "[myTransactionId]",
    "merchantTransactionId": "[merchantTransactionId]",
    "status": "SUCCESS"
  }
};

var secret = 'TOPSECRETTTTT';

// encode
jwt.encode(secret, payload, function (err, token) {
  if (err) {
    console.error(err.name, err.message);
  } else {
    console.log(token);

    // decode
    jwt.decode(secret, token, function (err_, decodedPayload, decodedHeader) {
      if (err) {
        console.error(err.name, err.message);
      } else {
        console.log(decodedPayload, decodedHeader);
      }
    });
  }
});

using the optional reserved headers (alg and typ can't be set using this method)

var settingAddHeaders = {
  payload: {
    "iss": "my_issurer",
    "aud": "World",
    "iat": 1400062400223,
    "typ": "/online/transactionstatus/v2",
    "request": {
      "myTransactionId": "[myTransactionId]",
      "merchantTransactionId": "[merchantTransactionId]",
      "status": "SUCCESS"
    }
  },
  header: {
    kid: 'key ID'
  }
}

jwt.encode(secret, settingAddHeaders, function (err, token) {

})

this projet has been set up with a precommit that forces you to follow a code style, no jshint issues and 100% of code coverage before commit

to run test

npm test

to run jshint

npm run lint

to run code style

npm run style

to run code coverage

npm run coverage

to open the code coverage report

npm run coverage:open

to run benchmarks

npm run bench

to run the source complexity tool

npm run complexity

to open the complexity report

npm run complexity:open

json-web-token's People

Contributors

Stargazers

Watchers

Forkers

srcagency nelsonic loolaz immanuel192 callmepjs ivmarcos ben-turner rakshith-ravi khahory aihuawu

json-web-token's Issues

The algorithm is not supported!

Getting this error while decoding the web-token

Using RSA512
.pem public key

React Native "Requiring unknown module "Crypto"

Hello

I use this library on my react native but i got the error message

Requiring unknown module "crypto". If you are sure the module is there, try restarting the packager or running "npm install"

I already install crypto
https://www.npmjs.com/package/react-native-crypto

Can you help me for this?

thanks

Extend support for additional JWT headers

I've been using this library for my JWT tokens and have found it really useful. Recently came across a requirement to include a key id (kid) of the key used to sign the JWT token in the header section (Ref: Section 5.1 @ http://self-issued.info/docs/draft-jones-json-web-token-01.html)

For example:

	{
	  "alg": "RS256",
	  "typ": "JWT",
	  "kid": "DZjSgUGcezHMQ1rZAtyLhg=="  // Key ID used to sign the token
	}

It would be awesome to extend the library to add additional headers to the JWT header section. I already have a patch ready for review if you think this is a useful addition to your library.

Unable to resolve module crypto with React-Native

Getting Unable to resolve module crypto from /<PathToApp>/node_modules/json-web-token/index.js: Module does not exist in the module map

Using:
json-web-token - 2.1.3
React-Native - 0.41.0

Should we Switch from Auth0 jsonwebtoken to json-web-token ?

Hi @joaquimserafim,

Hope you're having a good weekend.

We are currently using the jsonwebtoken by Auth0: https://github.com/auth0/node-jsonwebtoken - mostly because at the time we were doing our research into JTW: https://github.com/docdis/learn-json-web-tokens - for our Hapi.js JWT Auth plugin: https://github.com/ideaq/hapi-auth-jwt2

Our questions are:

what are the advantages of switching to this module over jsonwebtoken (besides the fact that you have 100% Coverage - which is great!) ... have you benchmarked performance?
and
Do you plan to support verification (or decoding) options? see:
https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback

Thanks! 😸

Catchable errors

It would be nice if I could catch errors from your API and distinguish them from lower level errors.
When I pass a JWT to your .decode method I consider all errors to be user-errors (such as an invalid jwt), but it would be even better, if I could catch these errors specifically.

Or am I doing something wrong?

TypeScript Declaration

Please add a index.d.ts for typescript

Module not found: Error: Can't resolve 'crypto'

Missing Module

ERROR in ./node_modules/json-web-token/index.js
Module not found: Error: Can't resolve 'crypto' in 'C:\folder\project\node_modules\json-web-token'

But the crypto is installed.

Handle Token error

If client sends wrong token this error should be caught instead of sending

500  Internal server error
SyntaxError: Unexpected token

Any way to handle ?

Security Issue - Request For Contact Details

Hi there,

I'd like to report a security issue in this library. How can I contact you privately?

Kind regards
PinkDraconian

test jwt vulnerabilities

https://www.timmclean.net/

Invalid Signature

Hi,

Whenever I'm checking the token on https://jwt.io/, the site is throwing the error that invalid signature.
And am generating the token as follows,
jwToken.issue({email: mymail})
Do I miss anything?

Thanks in advance.
Shiva.P

support node 0.12

Security Issue with dependency

This package uses
"base64-url": "^1.2.2".

Running npm audit command shows:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance

High Out-of-bounds Read
Package base64-url
Patched in >=2.0.0
Dependency of json-web-token
Path json-web-token > base64-url
More info https://nodesecurity.io/advisories/660

Please, would you mind to update it to the latest version?