Mini-jwt NPM | npm.io

mini-jwt

A better, faster, lighter and more secure version of jsonwebtoken

Features

Encrypt data using a secret
Decrypt a token with secret to retrive data back

Installation

To install mini-jwt

  # with npm:
  npm install mini-jwt --save

  # with yarn:
  yarn add mini-jwt

Usage

mini-jwt exports different functions for data encryption for different use cases:

Faster Usage

For a faster (but less secure) encoding and decoding of data using a secret, mini-jwt exports the following functions:

sign(secret, data, options): returns encoded token(technically, not a jwt)
verify(secret, token): returns decoded data

import { sign, verify } from 'mini-jwt'

const secret = 'top-secret'
const token = sign(secret, { uid: 'user_id' }, {  sl: 8 }) // no expiration
const data = verify(secret, token)

console.log(data) // { uid: 'user_id' }

secret can be string

data can be an object literal, buffer or string representing valid JSON.

options:

expiresIn can be a numeric value representing time in ms (no expiration by default).
sl can be a numberic value representing salt length (default value is 16). Salt is a random string which is added on top of data to keep the token different everytime even for the same data.

More secure Usage

For a more secure (but slower) encryption and decryption of data using a secret, mini-jwt exports the following functions that uses sjcl under the hood:

encrypt(secret, data, options): return encrypted token(technically, not a jwt)
decrypt(secret, token): returns decrypted data

import { encrypt, decrypt } from 'mini-jwt'

const secret = 'top-secret'
const token = encrypt(secret, { uid: 'user_id' }, { expiresIn: 180000 }) // will expire after 30 minutes of token creation
const data = decrypt(secret, token)

console.log(data) // { uid: 'user_id' }

secret can be string

data can be an object literal, buffer or string representing valid JSON.

options: