1 | # jwt-simple
|
2 |
|
3 | [JWT(JSON Web Token)](http://self-issued.info/docs/draft-jones-json-web-token.html) encode and decode module for node.js.
|
4 |
|
5 | ## Install
|
6 |
|
7 | $ npm install jwt-simple
|
8 |
|
9 | ## Usage
|
10 |
|
11 | ```javascript
|
12 | var jwt = require('jwt-simple');
|
13 | var payload = { foo: 'bar' };
|
14 | var secret = 'xxx';
|
15 |
|
16 | // HS256 secrets are typically 128-bit random strings, for example hex-encoded:
|
17 | // var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex')
|
18 |
|
19 | // encode
|
20 | var token = jwt.encode(payload, secret);
|
21 |
|
22 | // decode
|
23 | var decoded = jwt.decode(token, secret);
|
24 | console.log(decoded); //=> { foo: 'bar' }
|
25 | ```
|
26 |
|
27 | ### decode params
|
28 |
|
29 | ```javascript
|
30 | /*
|
31 | * jwt.decode(token, key, noVerify, algorithm)
|
32 | */
|
33 |
|
34 | // decode, by default the signature of the token is verified
|
35 | var decoded = jwt.decode(token, secret);
|
36 | console.log(decoded); //=> { foo: 'bar' }
|
37 |
|
38 | // decode without verify the signature of the token,
|
39 | // be sure to KNOW WHAT ARE YOU DOING because not verify the signature
|
40 | // means you can't be sure that someone hasn't modified the token payload
|
41 | var decoded = jwt.decode(token, secret, true);
|
42 | console.log(decoded); //=> { foo: 'bar' }
|
43 |
|
44 | // decode with a specific algorithm (not using the algorithm described in the token payload)
|
45 | var decoded = jwt.decode(token, secret, false, 'HS256');
|
46 | console.log(decoded); //=> { foo: 'bar' }
|
47 | ```
|
48 |
|
49 | ### Algorithms
|
50 |
|
51 | By default the algorithm to encode is `HS256`.
|
52 |
|
53 | The supported algorithms for encoding and decoding are `HS256`, `HS384`, `HS512` and `RS256`.
|
54 |
|
55 | ```javascript
|
56 | // encode using HS512
|
57 | jwt.encode(payload, secret, 'HS512')
|
58 | ```
|