1.0.3 • Published 2 years ago

jwt-nano v1.0.3

Weekly downloads
-
License
ISC
Repository
github
Last release
2 years ago

JWT-NANO

Lightweight, 0 dependency Node.js module for working with JWT (JSON web tokens)

Getting started

Install

npm install jwt-nano

If you don't want to pass the password as a param in every decode(x) or encode(x) call, just set this key as an environment variable.(this is the default set in the methods)

JWT_SECRET_SHA256_KEY=mySecretPassword1234567890

Usage

const jwt = require("jwt-nano");

const somePayload = {
  exp: 120, // 120 seconds(2 minutes) // Default to 1 hour if not set. To disable, set to 0
  someKey: "Hello, world!",
};

// encode
const token = jwt.encode(somePayload);

if (token) {
  // do something
} else {
  // do something else
}

// decode
const payload = decode(token);

if (payload) {
  // do something
} else {
  // do something else
}

Changing the environment key

If you want to change the environment key from JWT_SECRET_SHA256_KEY to something else, you'll have to pass the password in each call

For the sake of simplicity, let's say you want to change the key to mySecretKey. In this case, you'll use it like this:

const { encode } = require("jwt-nano");

const key = process.env.mySecretKey;

const token = encode({ message: "Hello, world!" }, key);

Changing the algorithm

The default algorithm is sha256, but it also supports sha384 sha512

If you change it, you'll have to pass the key as a param as well.

Example:

const { encode } = require("jwt-nano");
// HS512 = sha512 / HS384=sha384 / HS256=sha256(default)
const token = encode({ message: "Hello, world!" }, mySecretKey, "HS512");

Client-side

A "token" is just a string with 3 segments separated by dot(.) => "Header.Payload.Signature"

I didn't want to create another useless module for reading the payload client-side. You can just use this:

// this assumes you sent the token as a header with the key "x-auth-token", edit to match your needs
const token = res.headers["x-auth-token"]

const data = getPayloadFromToken(token)

const getPayloadFromToken = (token) => {
  try {
    return JSON.parse(atob(token.split(".")[1]));
  } catch (e) {
    // payload may be a string, try decoding if it fails parsing it
    return atob(token.split(".")[1]);
  }
};

Notes

I wasn't expecting this, but looks like you can encode just about anything, not just objects, strings and numbers.

What seemed quite weird was that you can send empty arrays [], empty objects {}, null, false, true, 0, but you can't send empty strings, which is strange, but whatever.. now it does exactly what the official does(with the caveat of not being able to use other algorithms, just sha256,sha384 and sha512), but for a fraction of the code.

@everything-registry/sub-chunk-1997@infinitebrahmanuniverse/nolb-jw@zalastax/nolb-jw
1.0.2

2 years ago

1.0.3

2 years ago

1.0.1

2 years ago

1.0.0

3 years ago