JSPM

passport-jwt-site

1.0.0
    • ESM via JSPM
    • ES Module Entrypoint
    • Export Map
    • Keywords
    • License
    • Repository URL
    • TypeScript Types
    • README
    • Created
    • Published
      • 0
    • Score
      100M100P100Q25175F
    • License MIT

    Passport web application authentication strategy using JSON Web Tokens

    Package Exports

    • passport-jwt-site

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (passport-jwt-site) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    passport-jwt-site

    Build Status Code Climate

    A Passport strategy for authenticating with a JSON Web Token.

    This module is another version of the original passport-jwt by Mike Nicholson that let's you authenticate a Node.js web-application's middleware endpoints using a JSON web token. Unlike, the generic passport-jwt, the following module allows to include JSON web tokens in the http-request body and session authorization variable.

    Supported By

    If you want to quickly add secure token-based authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan at auth0.com/overview Auth0 Logo

    Install

    npm install passport-jwt-site@1.0.0

    What was changed...

    Specifically, I've modified the JwtStrategy.prototype.authenticate(...) method by providing the functionality that allows to retrieve JSON web tokens not only from the standard Authorization header, but also the http-request body and session authorization variable:

    JwtStrategy.prototype.authenticate = function(req, options) {
    var self = this; var token = null;
    // Retrieve JSON web token from the http-request body
    if ((req.body["Authorization"] != null) && 
        (req.body["Authorization"] != undefined)) {
            token = req.body["Authorization"];
    }
    // Retrieve JSON web token from the session Authorization variable
    else if ((req.session["Authorization"] != null) && 
             (req.session["Authorization"] != undefined)) {
                token = req.session["Authorization"];
    }

    if ((token != null) && (token != undefined)) {
        // Extract a valid JSON web token string
        token = token.substr(token.indexOf(' ') + 1);
    }
    else {
        // Retrieve JSON web token from the Authorization header
        token = self._jwtFromRequest(req);
    }

    if (!token) {
        return self.fail(new Error("No auth token"));
    }
    // ****
};

    The following fragment of code listed above, while being executed, first attempts to retrieve JSON web token from the http-request body and assign it to the token local variable. If the http-request body variable Authorization is null or undefined, it performs another check if the JSON web token is included in the session authorization variable instead. If so, it retrieves and assigns a valid token string to the same token variable. Finally, if neither the http-request body nor session authorization variable contains a valid token, it regularly retrieves the token from the authorization header by executing token = self._jwtFromRequest(req) method.

    Usage

    Normally, with the re-engineered passport-jwt-site strategy module you can include JSON web tokens to the either http-request body or session authorization variable. Here's how:

    Including JWT To The HTTP-Request Body

    With passport-jwt-site, now, you can include JSON web tokens to the Ajax http-request body:

    index.html

    $.get('/profile', {"Authorization": "Bearer " + token}, function(response) => { ... });
$.post('/profile', {"Authorization": "Bearer " + token}, function(response) => { ... });

    Including JWT To Session Authorization Variable

    server.js

    Also, you can include JSON web tokens to the session Authorization variable:

    router.post('/login', function(req, res, next) {
  auth.passport.authenticate('jwt', {session: false},
   function(err, user, info) {
    if (err) { return next(err); }
    req.logIn(user, function(err) {
      if (user != false) {
           // Include JWT to the session Authorization variable
           req.session.Authorization = req.body["Authorization"];
      }
      return res.status(200).send(user);
    });
  })(req, res, next);
});

    This is typically done to have an ability to perform authenticated web-page redirects such as:

    index.html

    $.post('/login', {"Authorization": "Bearer " + token}, 
    (response) => {
        // Redirect to the users profile web page
        $(location).attr('href', '/profile');
    });

    Create an authenticated middleware, rendering the users profile's web page:

    server.js

    router.get('/profile', passport.authenticate('jwt', {session: false }),
    function(req, res, next) { 
        res.statusCode = 200; res.render('profile');
    });

    Migrating

    The the Migration Guide for help upgrading to the latest major version of passport-jwt

    Tests

    npm install
npm test

    To generate test-coverage reports:

    npm install -g istanbul
npm run-script testcov
istanbul report

    License

    The MIT License

    Copyright (c) 2019 by Arthur V. Ratz