Skip to content

riazosama/auth-token

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
example
example
 
 
src
src
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
tslint.json
tslint.json
 
 

Repository files navigation

auth-token

Authentication package for handling access tokens and refresh token

Requirements

  • Redis

Installation

Using NPM

npm i auth-token-express

In Node.js:

import {authToken} from 'auth-token-express';
or
const authToken = require('auth-token-express').authToken;

Example

git clone git@github.com:<<username>>/auth-token.git
cd example
npm install
npm run dev

Why auth-token

Auth-token makes authentication relatively an easy process. You don't need to worry about access_token / refresh_token creation. This package depends upon redis to manage and store refresh_tokens. This package is great for:

  • Creatiing accessToken and refreshTokens
  • Verifying JSONWebTokens
  • Refreshing accessTokens using refreshToken

API Reference

initilize:void

This method will initilize the package. The best place to use this method would be in the starting file of your application e.g app.js;

Parameters

Parameter Type Description
secretOrPrivateKey Secret[] Key used to generate JWT
options SignOptions[] Additional options required to generate JWT

createTokens:Promise<{accessToken: string, refreshToken: string}>

Will create accessToken and refreshToken based on the secret or private key passed in the initilize method. The refreshToken will saved in redis server against the userId

Parameters

Parameter Type Description
userId string,
number		 Id of the user for which you want to save refreshToken
payload string,
Buffer,
object		 All additional information which you want to store within both tokens
data IData All additional information which you want to store in redis in addition to your refreshToken against userId

removeAllToken:Promise<boolean>

This will remove all refreshTokens of a specific user. Best use case to use this method will be when you observe some abnormal behavior for an account and want to logout the user from all the devices.

Parameters

Parameter Type Description
userId string,
number		 UserId against which you want to delete all data stored in redis.

removeTokenForDevice:Promise<boolean>

Will remove a refreshToken for a specifc user against a specific device. Should be used when a user logsout from a singlr device.

Parameters

Parameter Type Description
userId string,
number		 UserId against which you want to delete data stored in redis.
device string user-agent's name against which you want to delete data stored in redis

verify:string | object

Checks if a JWT token is valid or not

Parameters

Parameter Type Description
token string Token which needs to be verified
type 'access',
'refresh'		 Type of token which needs to be verified. Deafult is 'access'

refreshToken:Promise<{accessToken: string, refreshToken: string}>

This method should be used when you want to refresh you accessToken

Parameters

Parameter Type Description
userId string,
number		 Id of user used to fetch data from redis
refreshToken string Token which will be validated and used to create new tokens
payload string,
Buffer,
object		 All additional information which you want to store within both tokens
data IData All additional information which you want to store in redis in addition to your refreshToken against userId

Interfaces

Secret

Property Description Type(s)
Secret Array of secrets with which you want to create and verify tokens. Value at index 0 will be used as a secret for accessToken and value at index 1 will be used for refreshToken string,
Buffer,
`{ key: string

SignOptions

Property Description Type(s)
algorithm? Algorithm
keyid? string
expiresIn? expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" string,
number
notBefore? expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" string,
number
audience? string,
string[]
subject? string
issuer? string
jwtid? string
mutatePayload? boolean
noTimestamp? boolean
header? object
encoding? string

IData

Property Description Type(s)
device User-Agent from which API was consumed. This is required so that when someone logout from a specific device/browser, we could remove that data (refreshToken) from redis associated with a specific user-agent (Consult to Example to see usage) string
refreshToken? string

About

Authentication package for handling access tokens and refresh token

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages