{"id":13796709,"url":"https://github.com/auth0/express-jwt-authz","last_synced_at":"2025-04-05T06:06:36.914Z","repository":{"id":53718063,"uuid":"59341463","full_name":"auth0/express-jwt-authz","owner":"auth0","description":"Validate the JWT scope to authorize access to an endpoint","archived":false,"fork":false,"pushed_at":"2024-02-08T18:57:10.000Z","size":85,"stargazers_count":97,"open_issues_count":2,"forks_count":37,"subscribers_count":82,"default_branch":"master","last_synced_at":"2025-03-29T05:04:54.505Z","etag":null,"topics":["dx-sdk","express","jwt"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-21T04:20:22.000Z","updated_at":"2024-08-15T14:54:30.000Z","dependencies_parsed_at":"2024-02-08T20:02:24.119Z","dependency_job_id":null,"html_url":"https://github.com/auth0/express-jwt-authz","commit_stats":{"total_commits":37,"total_committers":12,"mean_commits":"3.0833333333333335","dds":0.6486486486486487,"last_synced_commit":"4591867995181a4568fb38f9c4b00c658116a815"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fexpress-jwt-authz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fexpress-jwt-authz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fexpress-jwt-authz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fexpress-jwt-authz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","download_url":"https://codeload.github.com/auth0/express-jwt-authz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247294536,"owners_count":20915340,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dx-sdk","express","jwt"],"created_at":"2024-08-03T23:01:14.088Z","updated_at":"2025-04-05T06:06:36.889Z","avatar_url":"https://github.com/auth0.png","language":"JavaScript","readme":"# express-jwt-authz ![](https://travis-ci.org/auth0/express-jwt-authz.svg?branch=master)\n\nValidate a JWTs `scope` to authorize access to an endpoint.\n\n## Install\n\n    $ npm install express-jwt-authz\n\n\u003e `express@^4.0.0` is a peer dependency. Make sure it is installed in your project.\n\n## Usage\n\nUse together with [express-jwt](https://github.com/auth0/express-jwt) to both validate a JWT and make sure it has the correct permissions to call an endpoint.\n\n:note: `express-jwt` sets the decoded JWT payload on `req.auth` since version `6.0.0`, so make sure to set `customUserKey: 'auth'` in the options provided to `express-jwt-authz` if you are using that version or newer.\n\n```javascript\nvar jwt = require('express-jwt');\nvar jwtAuthz = require('express-jwt-authz');\n\nvar options = { customUserKey: 'auth' };\napp.get('/users',\n  jwt({ secret: 'shared_secret' }),\n  jwtAuthz([ 'read:users' ], options),\n  function(req, res) { ... });\n```\n\nIf multiple scopes are provided, the user must have _at least one_ of the specified scopes.\n\n```javascript\nvar options = { customUserKey: 'auth' };\napp.post('/users',\n  jwt({ secret: 'shared_secret' }),\n  jwtAuthz([ 'read:users', 'write:users' ], options),\n  function(req, res) { ... });\n\n// This user will be granted access\nvar authorizedUser = {\n  scope: 'read:users'\n};\n```\n\nTo check that the user has _all_ the scopes provided, use the `checkAllScopes: true` option:\n\n```javascript\napp.post('/users',\n  jwt({ secret: 'shared_secret' }),\n  jwtAuthz([ 'read:users', 'write:users' ], { checkAllScopes: true, customUserKey: 'auth' }),\n  function(req, res) { ... });\n\n// This user will have access\nvar authorizedUser = {\n  scope: 'read:users write:users'\n};\n\n// This user will NOT have access\nvar unauthorizedUser = {\n  scope: 'read:users'\n};\n```\n\nThe JWT must have a `scope` claim and it must either be a string of space-separated permissions or an array of strings. For example:\n\n```\n// String:\n\"write:users read:users\"\n\n// Array:\n[\"write:users\", \"read:users\"]\n```\n\n## Options\n\n- `failWithError`: When set to `true`, will forward errors to `next` instead of ending the response directly. Defaults to `false`.\n- `checkAllScopes`: When set to `true`, all the expected scopes will be checked against the user's scopes. Defaults to `false`.\n- `customUserKey`: The property name to check for the scope key. By default, permissions are checked against `req.user`, but you can change it to be `req.myCustomUserKey` with this option. Defaults to `user`.\n- `customScopeKey`: The property name to check for the actual scope. By default, permissions are checked against `user.scope`, but you can change it to be `user.myCustomScopeKey` with this option. Defaults to `scope`.\n\n## Issue Reporting\n\nIf you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.\n\n## Author\n\n[Auth0](https://auth0.com)\n\n## License\n\nThis project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.\n","funding_links":[],"categories":["Libraries"],"sub_categories":["Node.js"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fexpress-jwt-authz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0%2Fexpress-jwt-authz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fexpress-jwt-authz/lists"}