express-jwt vs. jsonwebtoken
Coming back to this many months later. In case it's helpful to anyone, express-jwt
is built on top of the jsonwebtoken
package and does a bunch of additional cool things. You still use jsonwebtoken
to sign and verify your JWTs, but express-jwt
helps you protect routes, checks JWTs against a secret, and creates a req.user
from the payload of the token if it can verify it.
tl;dr: express-jwt
uses jsonwebtoken
in its own code and adds additional neatness.
Express-JWT is just a library for Express that validates/signs json web tokens whcih can be used with the express web server (middleware). JsonWebTokens is just another implementation of json web tokens. There are many other JWT token libraries you can implement with node. Express-jwt is just one of those. They both essentially do the same thing and you can use either or. None are built on top of each other, they are build using the JWT standard. Choose the one which best suites your requirements.