![]() ![]() This project is licensed under the MIT license. The Responsible Disclosure Program details the procedure for disclosing security issues. Please do not report security vulnerabilities on the public GitHub issue tracker. If you have found a bug or if you have a feature request, please report them at this repository issues section. They can be presented by clients such as browsers and external programs. They are issued after a login request by a central identity server and used to identify and credential a user and grant access to resources. express-jwt-permissions - Permissions middleware for JWT tokens JSON Web Tokens are portable, industry-standard identity tokens.jsonwebtoken - JSON Web Token sign and verification.The isRevoked function had (req, payload, cb), now it can return a promise and receives (req, token).The secret function had (req, header, payload, cb), now it can return a promise and receives (req, token).The decoded JWT payload is now available as req.auth rather than req.user.TokenGetter = (req: express.Request) => string | Promise | undefined.IsRevoked = (req: express.Request, token: jwt.Jwt | undefined) => Promise.GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined) => Promise.The available functions have the following interface: all the options available in the jsonwebtoken verify function. requestProperty?: string (optional): Name of the property in the request object where the payload is set.credentialsRequired?: boolean (optional): If its false, continue to the next middleware if the request does not contain a token instead of failing, defaults to true.onExpired?: ExpirationHandler (optional): A function to handle expired tokens.isRevoked?: IsRevoked (optional): A function to verify if a token is revoked.getToken?: TokenGetter (optional): A function that receives the express Request and returns the token, by default it looks in the Authorization header.secret: jwt.Secret | GetVerificationKey (required): The secret as a string or a function to retrieve the secret.The decoded JWT payload is available on the request object. This module provides Express middleware for validating JWTs ( JSON Web Tokens) through the jsonwebtoken module.
0 Comments
Leave a Reply. |