{"id":15673055,"url":"https://github.com/nickschot/lux-jwt","last_synced_at":"2025-10-24T17:36:32.622Z","repository":{"id":143888149,"uuid":"72429730","full_name":"nickschot/lux-jwt","owner":"nickschot","description":"Middleware implementation of JWT for Lux.","archived":false,"fork":false,"pushed_at":"2020-06-01T01:17:47.000Z","size":597,"stargazers_count":15,"open_issues_count":4,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-18T00:45:27.231Z","etag":null,"topics":["authentication","jwt","lux","lux-middleware","nodejs"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nickschot.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-31T11:21:21.000Z","updated_at":"2020-01-16T03:06:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"6834d615-6d49-43ee-8c58-5a169dddb580","html_url":"https://github.com/nickschot/lux-jwt","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickschot%2Flux-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickschot%2Flux-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickschot%2Flux-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nickschot%2Flux-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nickschot","download_url":"https://codeload.github.com/nickschot/lux-jwt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252777189,"owners_count":21802557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","jwt","lux","lux-middleware","nodejs"],"created_at":"2024-10-03T15:36:23.782Z","updated_at":"2025-10-24T17:36:27.586Z","avatar_url":"https://github.com/nickschot.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lux-jwt\nMiddleware implementation of JWT for [Lux](https://github.com/postlight/lux).\n\n[![Build Status](https://travis-ci.org/nickschot/lux-jwt.svg?branch=master)](https://travis-ci.org/nickschot/lux-jwt) [![Coverage Status](https://coveralls.io/repos/github/nickschot/lux-jwt/badge.svg?branch=master)](https://coveralls.io/github/nickschot/lux-jwt?branch=master) [![Dependency Status](https://david-dm.org/nickschot/lux-jwt.svg)](https://david-dm.org/nickschot/lux-jwt) [![npm version](https://badge.fury.io/js/lux-jwt.svg)](https://badge.fury.io/js/lux-jwt)\n\nThis module lets you authenticate HTTP requests using JWT tokens in your Lux\napplications. JWTs are typically used to protect (stateless) API endpoints.\n\n## Install\n\n    $ npm i --save lux-jwt\n\n## Usage\nThe JWT authentication middleware authenticates callers using a JWT.\nIf the token is valid, `request.user` will be set with the JSON object decoded\nto be used by later middleware for authorization and access control.\n\nAn example usage of using lux-jwt is shown below.\n\nSecret can also be an Array of multiple valid secrets. A good use case for this \nis when you use automatically refreshed secrets. This way the previous secret is \nstill valid so the token isn't immediately invalidated when the secret is \nrefreshed. See [Heroku Secure Key](https://securekey.heroku.com/) for more\n information.\n\n```javascript\nimport {Controller} from 'lux-framework';\nimport jwt from 'lux-jwt';\nimport unless from 'lux-unless';\n\nclass ApplicationController extends Controller {\n    beforeAction = [\n        jwt({secret: 'shhhhhhared-secret'})\n    ];\n}\n```\n\n[lux-unless](https://github.com/nickschot/lux-unless) can be used to keep certain endpoints from being authorized by lux-jwt.\n\n```javascript\nimport {Controller} from 'lux-framework';\nimport jwt from 'lux-jwt';\nimport unless from 'lux-unless';\n\nclass ApplicationController extends Controller {\n    beforeAction = [\n        unless({path: ['/users/login']}, jwt({secret: 'shhhhhhared-secret'}))\n    ];\n}\n```\n\nThis module also exposes the [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) API. Currently this means the following functions are exposed:\n - `sign(payload, secretOrPrivateKey, options)` - Create and sign a JWT.\n - `verify(token, secretOrPublicKey, [options])` - Verify whether or not the passed JWT is valid.\n - `decode(token, [options])` - Decode the contents of the JWT.\n \n For detailed documentation on these functions please refer to the jsonwebtoken README.\n \n ```javascript\n import {sign, verify, decode} from 'lux-jwt'\n ```\n\n## Options\nAn object containing the following options must be passed:\n- `secret` - A string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA. Can also be an array with multiple valid secrets.\n- `requestProperty` (optional) - The key on which the payload of the JWT will be made available.\n- `isRevoked(request, decodedAccessToken)` (optional) - A function returning whether or not the token was revoked.\n- `audience` (optional) - The expected audience (aud) to be present in the token.\n- `issuer` (optional) - The expected issuer (iss) of the token.\n- `clockTolerance` (optional) - Number of seconds to tolerate when checking the nbf and exp claims, to deal with small clock differences among different servers.\n- `algorithms` (optional) - A list of strings with the names of the allowed algorithms. For instance, `[\"HS256\", \"HS384\"]`.\n\n## Related Modules\n\n- [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) — JSON Web Token sign and verification.\n- [lux-unless](https://github.com/nickschot/lux-unless) - Conditionally skip a middleware.\n\n## Tests\n\n    $ npm install\n    $ npm test\n\n## License\nThis project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnickschot%2Flux-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnickschot%2Flux-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnickschot%2Flux-jwt/lists"}