1.0.4 • Published 6 years ago

auth-token-express v1.0.4

Weekly downloads
3
License
ISC
Repository
github
Last release
6 years ago

auth-token

Authentication package for handling access tokens and refresh token

Requirements

Installation

Using NPM

npm i auth-token-express

In Node.js:

import {authToken} from 'auth-token-express';
or
const authToken = require('auth-token-express').authToken;

Example

git clone git@github.com:<<username>>/auth-token.git
cd example
npm install
npm run dev

Why auth-token

Auth-token makes authentication relatively an easy process. You don't need to worry about access_token / refresh_token creation. This package depends upon redis to manage and store refresh_tokens. This package is great for:

  • Creatiing accessToken and refreshTokens
  • Verifying JSONWebTokens
  • Refreshing accessTokens using refreshToken

API Reference

initilize:void

This method will initilize the package. The best place to use this method would be in the starting file of your application e.g app.js;

Parameters

ParameterTypeDescription
secretOrPrivateKeySecret[]Key used to generate JWT
optionsSignOptions[]Additional options required to generate JWT

createTokens:Promise<{accessToken: string, refreshToken: string}>

Will create accessToken and refreshToken based on the secret or private key passed in the initilize method. The refreshToken will saved in redis server against the userId

ParameterTypeDescription
userIdstring,numberId of the user for which you want to save refreshToken
payloadstring,Buffer,objectAll additional information which you want to store within both tokens
dataIDataAll additional information which you want to store in redis in addition to your refreshToken against userId

removeAllToken:Promise<boolean>

This will remove all refreshTokens of a specific user. Best use case to use this method will be when you observe some abnormal behavior for an account and want to logout the user from all the devices. | Parameter | Type | Description | |--|--|--| |userId|string,number|UserId against which you want to delete all data stored in redis.

removeTokenForDevice:Promise<boolean>

Will remove a refreshToken for a specifc user against a specific device. Should be used when a user logsout from a singlr device. | Parameter | Type | Description | |--|--|--| |userId|string,number|UserId against which you want to delete data stored in redis. |device|string|user-agent's name against which you want to delete data stored in redis

verify:string | object

Checks if a JWT token is valid or not | Parameter | Type | Description | |--|--|--| |token|string|Token which needs to be verified |type|'access','refresh'|Type of token which needs to be verified. Deafult is 'access'

refreshToken:Promise<{accessToken: string, refreshToken: string}>

This method should be used when you want to refresh you accessToken | Parameter | Type | Description | |--|--|--| |userId|string,number|Id of user used to fetch data from redis |refreshToken|string|Token which will be validated and used to create new tokens |payload|string,Buffer,object|All additional information which you want to store within both tokens |data|IData| All additional information which you want to store in redis in addition to your refreshToken against userId

Interfaces

Secret

PropertyDescriptionType(s)
SecretArray of secrets with which you want to create and verify tokens. Value at index 0 will be used as a secret for accessToken and value at index 1 will be used for refreshTokenstring,Buffer,{ key: string | Buffer; passphrase: string };

SignOptions

PropertyDescriptionType(s)
algorithm?Algorithm
keyid?string
expiresIn?expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d"string,number
notBefore?expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d"string,number
audience?string,string[]
subject?string
issuer?string
jwtid?string
mutatePayload?boolean
noTimestamp?boolean
header?object
encoding?string

IData

PropertyDescriptionType(s)
deviceUser-Agent from which API was consumed. This is required so that when someone logout from a specific device/browser, we could remove that data (refreshToken) from redis associated with a specific user-agent (Consult to Example to see usage)string
refreshToken?string
jsonwebtokenredistslib
@everything-registry/sub-chunk-1183
1.0.4

6 years ago

1.0.2

6 years ago

1.0.1

6 years ago

1.0.3

6 years ago

1.0.0

6 years ago