Any complete example for express-jwt? [closed]
I would recommend that you try to understand the principle of JWT's and how they are passed between server and client and matched server-side against a secret - here's the doc
The payload can be any arbitrary user data - i.E.: just a username or id
Basically you need a service that generates a token on successful authentication (when the user logs in with the proper credentials, i.E.: usr & pwd) and create an additional header with the token to be used in further requests to the server.
For jwt-express you obviously need to install the package (same as with jsonwebtoken) like:
npm install jwt-express --save
then initialize it like:
var jwt = require('jwt-express');app.use(jwt.init('secret'));
from the docs:
The jwt.init() function returns a middleware function for Express soit must be called inside app.use(). It will automatically read in theJWT from either the cookie or the Authorization header (configured byyou) and add a JWT object to the Request object (req). It will alsoadd the jwt() method to the Response object (res) to create / storeJWTs. jwt.init() must be called before any other jwt method.
These are you options:
- cookie: (string) The name of the cookie (default: 'jwt-express')
- cookieOptions: (object) Options to use when storing the cookie (default: {httpOnly: true})
- cookies: (boolean) If true, will use cookies, otherwise will use the Authorization header (default: true)
- refresh: (boolean) Indicates if the JWT should be refreshed and stored every request (default: true)
- reqProperty: (string) The property of req to populate (default: 'jwt')
- revoke: (function) jwt.revoke() will call this function (default: function(jwt) {})
- signOptions: (object) Options to use when signing the JWT (default: {})
- stales: (number) Milliseconds when the jwt will go stale (default: 900000 (15 minutes))
- verify: (function) Additional verification. Must return a boolean (default: function(jwt) {return true})
- verifyOptions: (object) Options to use when verifying the JWT (default: {})
The rest of the logic is up to you to code, but my examples should give you a fair idea how to manage jwt's in your application..
Here is an example how I implemented jwt via jsonwebtoken:
// INFO: Function to create headers, add token, to be used in HTTP requests createAuthenticationHeaders() { this.loadToken(); // INFO: Get token so it can be attached to headers // INFO: Headers configuration options this.options = new RequestOptions({ headers: new Headers({ 'Content-Type': 'application/json', // INFO: Format set to JSON 'authorization': this.authToken // INFO: Attach token }) }); } // INFO: Function to get token from client local storage loadToken() { this.authToken = localStorage.getItem('token');; // Get token and assign to variable to be used elsewhere }
and some functionality to store the user-status i.E.:
// INFO: Function to store user's data in client local storage storeUserData(token, user) { localStorage.setItem('token', token); // INFO: Set token in local storage localStorage.setItem('user', JSON.stringify(user)); // INFO: Set user in local storage as string this.authToken = token; // INFO: Assign token to be used elsewhere this.user = user; // INFO: Set user to be used elsewhere }
and a logout function to destroy the token in the local storage, i.E.:
// INFO: Function for logging out logout() {this.authToken = null; // INFO: Set token to null this.user = null; // INFO: Set user to null localStorage.clear(); // INFO: Clear local storage }
In case you use npm's jsonwebtoken, you can set the ttl of the token when generating it:
const token = jwt.sign({ id: idDB }, "secret", { expiresIn: '24h' });
or whatever ttl you desire, the string "secret" refers to the secret that's matched against the server.