| 1 | # jwt-simple
|
| 2 |
|
| 3 | [JWT(JSON Web Token)](http://self-issued.info/docs/draft-jones-json-web-token.html) encode and decode module for node.js.
|
| 4 |
|
| 5 | ## Install
|
| 6 |
|
| 7 | $ npm install jwt-simple
|
| 8 |
|
| 9 | ## Usage
|
| 10 |
|
| 11 | ```javascript
|
| 12 | var jwt = require('jwt-simple');
|
| 13 | var payload = { foo: 'bar' };
|
| 14 | var secret = 'xxx';
|
| 15 |
|
| 16 | // HS256 secrets are typically 128-bit random strings, for example hex-encoded:
|
| 17 | // var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex')
|
| 18 |
|
| 19 | // encode
|
| 20 | var token = jwt.encode(payload, secret);
|
| 21 |
|
| 22 | // decode
|
| 23 | var decoded = jwt.decode(token, secret);
|
| 24 | console.log(decoded); //=> { foo: 'bar' }
|
| 25 | ```
|
| 26 |
|
| 27 | ### decode params
|
| 28 |
|
| 29 | ```javascript
|
| 30 | /*
|
| 31 | * jwt.decode(token, key, noVerify, algorithm)
|
| 32 | */
|
| 33 |
|
| 34 | // decode, by default the signature of the token is verified
|
| 35 | var decoded = jwt.decode(token, secret);
|
| 36 | console.log(decoded); //=> { foo: 'bar' }
|
| 37 |
|
| 38 | // decode without verify the signature of the token,
|
| 39 | // be sure to KNOW WHAT ARE YOU DOING because not verify the signature
|
| 40 | // means you can't be sure that someone hasn't modified the token payload
|
| 41 | var decoded = jwt.decode(token, secret, true);
|
| 42 | console.log(decoded); //=> { foo: 'bar' }
|
| 43 |
|
| 44 | // decode with a specific algorithm (not using the algorithm described in the token payload)
|
| 45 | var decoded = jwt.decode(token, secret, false, 'HS256');
|
| 46 | console.log(decoded); //=> { foo: 'bar' }
|
| 47 | ```
|
| 48 |
|
| 49 | ### Algorithms
|
| 50 |
|
| 51 | By default the algorithm to encode is `HS256`.
|
| 52 |
|
| 53 | The supported algorithms for encoding and decoding are `HS256`, `HS384`, `HS512` and `RS256`.
|
| 54 |
|
| 55 | ```javascript
|
| 56 | // encode using HS512
|
| 57 | jwt.encode(payload, secret, 'HS512')
|
| 58 | ```
|