Skip to content

riazosama/auth-token

Repository files navigation

auth-token

Authentication package for handling access tokens and refresh token

Requirements

  • Redis

Installation

Using NPM

npm i auth-token-express

In Node.js:

import {authToken} from 'auth-token-express';
or
const authToken = require('auth-token-express').authToken;

Example

git clone [email protected]:<<username>>/auth-token.git
cd example
npm install
npm run dev

Why auth-token

Auth-token makes authentication relatively an easy process. You don't need to worry about access_token / refresh_token creation. This package depends upon redis to manage and store refresh_tokens. This package is great for:

  • Creatiing accessToken and refreshTokens
  • Verifying JSONWebTokens
  • Refreshing accessTokens using refreshToken

API Reference

initilize:void

This method will initilize the package. The best place to use this method would be in the starting file of your application e.g app.js;

Parameters

Parameter Type Description
secretOrPrivateKey Secret[] Key used to generate JWT
options SignOptions[] Additional options required to generate JWT

createTokens:Promise<{accessToken: string, refreshToken: string}>

Will create accessToken and refreshToken based on the secret or private key passed in the initilize method. The refreshToken will saved in redis server against the userId

Parameters

Parameter Type Description
userId string,
number
Id of the user for which you want to save refreshToken
payload string,
Buffer,
object
All additional information which you want to store within both tokens
data IData All additional information which you want to store in redis in addition to your refreshToken against userId

removeAllToken:Promise<boolean>

This will remove all refreshTokens of a specific user. Best use case to use this method will be when you observe some abnormal behavior for an account and want to logout the user from all the devices.

Parameters

Parameter Type Description
userId string,
number
UserId against which you want to delete all data stored in redis.

removeTokenForDevice:Promise<boolean>

Will remove a refreshToken for a specifc user against a specific device. Should be used when a user logsout from a singlr device.

Parameters

Parameter Type Description
userId string,
number
UserId against which you want to delete data stored in redis.
device string user-agent's name against which you want to delete data stored in redis

verify:string | object

Checks if a JWT token is valid or not

Parameters

Parameter Type Description
token string Token which needs to be verified
type 'access',
'refresh'
Type of token which needs to be verified. Deafult is 'access'

refreshToken:Promise<{accessToken: string, refreshToken: string}>

This method should be used when you want to refresh you accessToken

Parameters

Parameter Type Description
userId string,
number
Id of user used to fetch data from redis
refreshToken string Token which will be validated and used to create new tokens
payload string,
Buffer,
object
All additional information which you want to store within both tokens
data IData All additional information which you want to store in redis in addition to your refreshToken against userId

Interfaces

Secret

Property Description Type(s)
Secret Array of secrets with which you want to create and verify tokens. Value at index 0 will be used as a secret for accessToken and value at index 1 will be used for refreshToken string,
Buffer,
`{ key: string

SignOptions

Property Description Type(s)
algorithm? Algorithm
keyid? string
expiresIn? expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" string,
number
notBefore? expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" string,
number
audience? string,
string[]
subject? string
issuer? string
jwtid? string
mutatePayload? boolean
noTimestamp? boolean
header? object
encoding? string

IData

Property Description Type(s)
device User-Agent from which API was consumed. This is required so that when someone logout from a specific device/browser, we could remove that data (refreshToken) from redis associated with a specific user-agent (Consult to Example to see usage) string
refreshToken? string

About

Authentication package for handling access tokens and refresh token

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published