Skip to content

Commit

Permalink
Update Readme and use a consistent JS style for code examples
Browse files Browse the repository at this point in the history
  • Loading branch information
aarongodin authored and jfromaniello committed Apr 7, 2020
1 parent 6591014 commit 888f0e9
Showing 1 changed file with 24 additions and 23 deletions.
47 changes: 24 additions & 23 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,29 +2,23 @@

[![Build](https://travis-ci.org/auth0/express-jwt.png)](http://travis-ci.org/auth0/express-jwt)

Middleware that validates JsonWebTokens and sets `req.user`.

This module lets you authenticate HTTP requests using JWT tokens in your Node.js
applications. JWTs are typically used to protect API endpoints, and are
often issued using OpenID Connect.
This module provides Express middleware for validating and decoding JWTs ([JSON Web Tokens](https://jwt.io)) through the [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken/) module. The decoded information is provided on the Express request object.

## Install

$ npm install express-jwt
```
$ npm install express-jwt
```

## Usage

The JWT authentication middleware authenticates callers using a JWT.
If the token is valid, `req.user` will be set with the JSON object decoded
to be used by later middleware for authorization and access control.

For example,
Basic usage using an HS256 secret:

```javascript
var jwt = require('express-jwt');

app.get('/protected',
jwt({secret: 'shhhhhhared-secret'}),
jwt({ secret: 'shhhhhhared-secret' }),
function(req, res) {
if (!req.user.admin) return res.sendStatus(401);
res.sendStatus(200);
Expand All @@ -34,9 +28,11 @@ app.get('/protected',
You can specify audience and/or issuer as well:

```javascript
jwt({ secret: 'shhhhhhared-secret',
jwt({
secret: 'shhhhhhared-secret',
audience: 'http://myapi/protected',
issuer: 'http://issuer' })
issuer: 'http://issuer'
})
```

> If the JWT has an expiration (`exp`), it will be checked.
Expand Down Expand Up @@ -100,6 +96,7 @@ app.use(jwt({
```

### Multi-tenancy

If you are developing an application in which the secret used to sign tokens is not static, you can provide a callback function as the `secret` parameter. The function has the signature: `function(req, payload, done)`:
* `req` (`Object`) - The express `request` object.
* `payload` (`Object`) - An object with the JWT claims.
Expand All @@ -108,6 +105,7 @@ If you are developing an application in which the secret used to sign tokens is
* `secret` (`String`) - The secret to use to verify the JWT.

For example, if the secret varies based on the [JWT issuer](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#issDef):

```javascript
var jwt = require('express-jwt');
var data = require('./data');
Expand All @@ -126,7 +124,7 @@ var secretCallback = function(req, payload, done){
};

app.get('/protected',
jwt({secret: secretCallback}),
jwt({ secret: secretCallback }),
function(req, res) {
if (!req.user.admin) return res.sendStatus(401);
res.sendStatus(200);
Expand Down Expand Up @@ -158,19 +156,21 @@ var isRevokedCallback = function(req, payload, done){
};

app.get('/protected',
jwt({secret: 'shhhhhhared-secret',
isRevoked: isRevokedCallback}),
jwt({
secret: 'shhhhhhared-secret',
isRevoked: isRevokedCallback
}),
function(req, res) {
if (!req.user.admin) return res.sendStatus(401);
res.sendStatus(200);
});
}
);
```

### Error handling

The default behavior is to throw an error when the token is invalid, so you can add your custom logic to manage unauthorized access as follows:


```javascript
app.use(function (err, req, res, next) {
if (err.name === 'UnauthorizedError') {
Expand All @@ -179,8 +179,7 @@ app.use(function (err, req, res, next) {
});
```

You might want to use this module to identify registered users while still providing access to unregistered users. You
can do this by using the option _credentialsRequired_:
You might want to use this module to identify registered users while still providing access to unregistered users. You can do this by using the option `credentialsRequired`:

```javascript
app.use(jwt({
Expand All @@ -196,8 +195,10 @@ app.use(jwt({

## Tests

$ npm install
$ npm test
```
$ npm install
$ npm test
```

## Contributors
Check them out [here](https://github.com/auth0/express-jwt/graphs/contributors)
Expand Down

0 comments on commit 888f0e9

Please sign in to comment.