Authentication package for handling access tokens and refresh token
- Redis
Using NPM
npm i auth-token-express
In Node.js:
import {authToken} from 'auth-token-express';
or
const authToken = require('auth-token-express').authToken;
git clone git@github.com:<<username>>/auth-token.git
cd example
npm install
npm run dev
Auth-token makes authentication relatively an easy process. You don't need to worry about access_token / refresh_token creation. This package depends upon redis to manage and store refresh_tokens. This package is great for:
- Creatiing
accessTokenandrefreshTokens - Verifying
JSONWebTokens - Refreshing
accessTokensusingrefreshToken
This method will initilize the package. The best place to use this method would be in the starting file of your application e.g app.js;
| Parameter | Type | Description |
|---|---|---|
| secretOrPrivateKey | Secret[] | Key used to generate JWT |
| options | SignOptions[] | Additional options required to generate JWT |
Will create accessToken and refreshToken based on the secret or private key passed in the initilize method. The refreshToken will saved in redis server against the userId
| Parameter | Type | Description |
|---|---|---|
| userId | string,number |
Id of the user for which you want to save refreshToken |
| payload | string,Buffer,object |
All additional information which you want to store within both tokens |
| data | IData | All additional information which you want to store in redis in addition to your refreshToken against userId |
This will remove all refreshTokens of a specific user. Best use case to use this method will be when you observe some abnormal behavior for an account and want to logout the user from all the devices.
| Parameter | Type | Description |
|---|---|---|
| userId | string,number |
UserId against which you want to delete all data stored in redis. |
Will remove a refreshToken for a specifc user against a specific device. Should be used when a user logsout from a singlr device.
| Parameter | Type | Description |
|---|---|---|
| userId | string,number |
UserId against which you want to delete data stored in redis. |
| device | string |
user-agent's name against which you want to delete data stored in redis |
Checks if a JWT token is valid or not
| Parameter | Type | Description |
|---|---|---|
| token | string |
Token which needs to be verified |
| type | 'access','refresh' |
Type of token which needs to be verified. Deafult is 'access' |
This method should be used when you want to refresh you accessToken
| Parameter | Type | Description |
|---|---|---|
| userId | string,number |
Id of user used to fetch data from redis |
| refreshToken | string |
Token which will be validated and used to create new tokens |
| payload | string,Buffer,object |
All additional information which you want to store within both tokens |
| data | IData | All additional information which you want to store in redis in addition to your refreshToken against userId |
| Property | Description | Type(s) |
|---|---|---|
| Secret | Array of secrets with which you want to create and verify tokens. Value at index 0 will be used as a secret for accessToken and value at index 1 will be used for refreshToken |
string,Buffer,`{ key: string |
| Property | Description | Type(s) |
|---|---|---|
| algorithm? | Algorithm |
|
| keyid? | string |
|
| expiresIn? | expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" | string,number |
| notBefore? | expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" | string,number |
| audience? | string,string[] |
|
| subject? | string |
|
| issuer? | string |
|
| jwtid? | string |
|
| mutatePayload? | boolean |
|
| noTimestamp? | boolean |
|
| header? | object |
|
| encoding? | string |
| Property | Description | Type(s) |
|---|---|---|
| device | User-Agent from which API was consumed. This is required so that when someone logout from a specific device/browser, we could remove that data (refreshToken) from redis associated with a specific user-agent (Consult to Example to see usage) |
string |
| refreshToken? | string |