Authentication package for handling access tokens and refresh token
- Redis
Using NPM
npm i auth-token-express
In Node.js:
import {authToken} from 'auth-token-express';
or
const authToken = require('auth-token-express').authToken;
git clone [email protected]:<<username>>/auth-token.git
cd example
npm install
npm run dev
Auth-token makes authentication relatively an easy process. You don't need to worry about access_token / refresh_token creation. This package depends upon redis
to manage and store refresh_tokens. This package is great for:
- Creatiing
accessToken
andrefreshTokens
- Verifying
JSONWebTokens
- Refreshing
accessTokens
usingrefreshToken
This method will initilize the package. The best place to use this method would be in the starting file of your application e.g app.js
;
Parameter | Type | Description |
---|---|---|
secretOrPrivateKey | Secret[] | Key used to generate JWT |
options | SignOptions[] | Additional options required to generate JWT |
Will create accessToken
and refreshToken
based on the secret or private key passed in the initilize method. The refreshToken
will saved in redis
server against the userId
Parameter | Type | Description |
---|---|---|
userId | string ,number |
Id of the user for which you want to save refreshToken |
payload | string ,Buffer ,object |
All additional information which you want to store within both tokens |
data | IData | All additional information which you want to store in redis in addition to your refreshToken against userId |
This will remove all refreshTokens
of a specific user. Best use case to use this method will be when you observe some abnormal behavior for an account and want to logout the user from all the devices.
Parameter | Type | Description |
---|---|---|
userId | string ,number |
UserId against which you want to delete all data stored in redis. |
Will remove a refreshToken
for a specifc user against a specific device. Should be used when a user logsout from a singlr device.
Parameter | Type | Description |
---|---|---|
userId | string ,number |
UserId against which you want to delete data stored in redis. |
device | string |
user-agent 's name against which you want to delete data stored in redis |
Checks if a JWT token is valid or not
Parameter | Type | Description |
---|---|---|
token | string |
Token which needs to be verified |
type | 'access' ,'refresh' |
Type of token which needs to be verified. Deafult is 'access' |
This method should be used when you want to refresh you accessToken
Parameter | Type | Description |
---|---|---|
userId | string ,number |
Id of user used to fetch data from redis |
refreshToken | string |
Token which will be validated and used to create new tokens |
payload | string ,Buffer ,object |
All additional information which you want to store within both tokens |
data | IData | All additional information which you want to store in redis in addition to your refreshToken against userId |
Property | Description | Type(s) |
---|---|---|
Secret | Array of secrets with which you want to create and verify tokens. Value at index 0 will be used as a secret for accessToken and value at index 1 will be used for refreshToken |
string ,Buffer ,`{ key: string |
Property | Description | Type(s) |
---|---|---|
algorithm? | Algorithm |
|
keyid? | string |
|
expiresIn? | expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" | string ,number |
notBefore? | expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" | string ,number |
audience? | string ,string[] |
|
subject? | string |
|
issuer? | string |
|
jwtid? | string |
|
mutatePayload? | boolean |
|
noTimestamp? | boolean |
|
header? | object |
|
encoding? | string |
Property | Description | Type(s) |
---|---|---|
device | User-Agent from which API was consumed. This is required so that when someone logout from a specific device/browser, we could remove that data (refreshToken ) from redis associated with a specific user-agent (Consult to Example to see usage) |
string |
refreshToken? | string |