npm
Sign UpSign In

@cran/lib.auth.jwt
TypeScript icon, indicating that this package has built-in type declarations

0.0.4 • Public • Published

Authentication Provider for JWT

Basic Usage

Note: It is always recommended to somehow configure the provider, either by supplying configuration arguments or using environment variables (see below)

import { JwtProvider } from "@cran/lib.auth.jwt";

const provider = new JwtProvider();

const token = provider.sign({ claim: 1, });

const { payload } = provider.verify(token);

const newToken = provider.exchange(token);

Inline Configuration

import { JwtProvider } from "@cran/lib.auth.jwt";

const configureAsymmetric = {
  algorithm: `${"RS" | "ES" | "PS"}${256 | 384 | 512}`,
  privateKey: fs.readFileSync("private.pem"),
  publicKey: fs.readFileSync("public.pem"),
};

const provideAsymmetric = new JwtProvider(configureAsymmetric);

const configureSymmetric = {
  algorithm: `${"HS"}${256 | 384 | 512}`,
  secret: "development",
};

const provideSymmetric = new JwtProvider(configureSymmetric)

Environment Configuration

Note: If JWT_ALGORITHM is not supplied it is assumed to be symmetric HS256 by default as per jsonwebtoken and JWT_SECRET will be read accordingly

Note: If JWT_SECRET is required and not supplied it will default to a random UUID which is not secure and should never be used in a production deployment

Note: If JWT_PRIVATE_KEY or JWT_PUBLIC_KEY are required and not supplied a development key will be generated in memory which is not secure and should never be used in a production deployment

# Asymmetric configuration
export JWT_ALGORITHM=RS256 # May be any asymmetric algorithm
export JWT_PRIVATE_KEY=`cat private.pem`
export JWT_PUBLIC_KEY=`cat public.pem`

# Symmetric configuration
export JWT_ALGORITHM=HS256 # May be any symmetric algorithm
export JWT_SECRET="my_secret"
import { JwtProvider } from "@cran/lib.auth.jwt";

// Note: This is the default, it is more likely
// you will want to override these values locally
// via `{ ...JwtProvider.env(), /* overrides */ }`
const provider = new JwtProvider(JwtProvider.env());

Security Considerations

Important: While this library attempts to prevent security compromises and enforce best practices it is alwyas strongly recommended to read appropriate literature to ensure your usage is accurate

JWT Security Recommendations

In keeping with the above literature, the following have been implemented

  • The none option is not accepted as a valid algorithm
  • Generated keypairs use 2048 bits by default

Readme

Keywords

Package Sidebar

Install

npm i @cran/lib.auth.jwt

Weekly Downloads

1

Version

0.0.4

License

CC BY-SA 4.0

Unpacked Size

19.4 kB

Total Files

15

Last publish

Collaborators

  • common-cranberry
Try on RunKit
Report malware