{"id":15007795,"url":"https://github.com/tsndr/cloudflare-worker-jwt","last_synced_at":"2025-05-14T03:03:11.597Z","repository":{"id":37687610,"uuid":"335920446","full_name":"tsndr/cloudflare-worker-jwt","owner":"tsndr","description":"A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.","archived":false,"fork":false,"pushed_at":"2025-05-11T21:13:01.000Z","size":424,"stargazers_count":792,"open_issues_count":4,"forks_count":63,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-05-11T21:16:43.919Z","etag":null,"topics":["cloudflare-worker","cloudflare-workers","esm","esmodules","jsonwebtoken","jwt","lightweight","npm","npm-package","ts","typescript","zero-dependencies","zero-dependency"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tsndr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"tsndr"}},"created_at":"2021-02-04T10:35:25.000Z","updated_at":"2025-05-11T21:13:05.000Z","dependencies_parsed_at":"2024-01-26T15:24:52.971Z","dependency_job_id":"4e1df1ee-6998-43d9-9e60-900454976266","html_url":"https://github.com/tsndr/cloudflare-worker-jwt","commit_stats":null,"previous_names":[],"tags_count":66,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsndr%2Fcloudflare-worker-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsndr%2Fcloudflare-worker-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsndr%2Fcloudflare-worker-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsndr%2Fcloudflare-worker-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tsndr","download_url":"https://codeload.github.com/tsndr/cloudflare-worker-jwt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254059474,"owners_count":22007767,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudflare-worker","cloudflare-workers","esm","esmodules","jsonwebtoken","jwt","lightweight","npm","npm-package","ts","typescript","zero-dependencies","zero-dependency"],"created_at":"2024-09-24T19:13:55.512Z","updated_at":"2025-05-14T03:03:11.575Z","avatar_url":"https://github.com/tsndr.png","language":"TypeScript","funding_links":["https://github.com/sponsors/tsndr"],"categories":["TypeScript"],"sub_categories":[],"readme":"# Cloudflare Worker JWT\n\nA lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.\n\n\n## Contents\n\n- [Install](#install)\n- [Examples](#examples)\n- [Usage](#usage)\n    - [Sign](#sign)\n    - [Verify](#verify)\n    - [Decode](#decode)\n\n\n## Install\n\n```bash\nnpm i @tsndr/cloudflare-worker-jwt\n```\n\n\n## Examples\n### Basic Example\n\n```typescript\nimport jwt from \"@tsndr/cloudflare-worker-jwt\"\n\nasync () =\u003e {\n\n    // Create a token\n    const token = await jwt.sign({\n        sub: \"1234\",\n        name: \"John Doe\",\n        email: \"john.doe@gmail.com\"\n    }, \"secret\")\n\n    // Verify token\n    const verifiedToken = await jwt.verify(token, \"secret\")\n\n    // Abort if token isn't valid\n    if (!verifiedToken)\n        return\n\n    // Access token payload\n    const { payload } = verifiedToken\n\n    // { sub: \"1234\", name: \"John Doe\", email: \"john.doe@gmail.com\" }\n}\n```\n\n\n### Restrict Timeframe\n\n```typescript\nimport jwt from \"@tsndr/cloudflare-worker-jwt\"\n\nasync () =\u003e {\n\n    // Create a token\n    const token = await jwt.sign({\n        sub: \"1234\",\n        name: \"John Doe\",\n        email: \"john.doe@gmail.com\",\n        nbf: Math.floor(Date.now() / 1000) + (60 * 60),      // Not before: Now + 1h\n        exp: Math.floor(Date.now() / 1000) + (2 * (60 * 60)) // Expires: Now + 2h\n    }, \"secret\")\n\n    // Verify token\n    const verifiedToken = await jwt.verify(token, \"secret\")\n\n    // Abort if token isn't valid\n    if (!verifiedToken)\n        return\n\n    // Access token payload\n    const { payload } = verifiedToken\n\n    // { sub: \"1234\", name: \"John Doe\", email: \"john.doe@gmail.com\", ... }\n}\n```\n\n## Usage\n\n- [Sign](#sign)\n- [Verify](#verify)\n- [Decode](#decode)\n\n\u003chr\u003e\n\n### Sign\n#### `sign(payload, secret, [options])`\n\nSigns a payload and returns the token.\n\n\n#### Arguments\n\nArgument                 | Type                                | Status   | Default     | Description\n------------------------ | ----------------------------------- | -------- | ----------- | -----------\n`payload`                | `object`                            | required | -           | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.\n`secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -           | A string which is used to sign the payload.\n`options`                | `string`, `object`                  | optional | `HS256`     | Either the `algorithm` string or an object.\n`options.algorithm`      | `string`                            | optional | `HS256`     | See [Available Algorithms](#available-algorithms)\n`options.header`         | `object`                            | optional | `undefined` | Extend the header of the resulting JWT.\n\n\n#### `return`\n\nReturns token as a `string`.\n\n\n\u003chr\u003e\n\n\n### Verify\n#### `verify(token, secret, [options])`\n\nVerifies the integrity of the token.\n\nArgument                 | Type                                | Status   | Default | Description\n------------------------ | ----------------------------------- | -------- | ------- | -----------\n`token`                  | `string`                            | required | -       | The token string generated by `sign()`.\n`secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -       | The string which was used to sign the payload.\n`options`                | `string`, `object`                  | optional | `HS256` | Either the `algorithm` string or an object.\n`options.algorithm`      | `string`                            | optional | `HS256` | See [Available Algorithms](#available-algorithms)\n`options.clockTolerance` | `number`                            | optional | `0`     | Clock tolerance in seconds, to help with slighly out of sync systems.\n`options.throwError`     | `boolean`                           | optional | `false` | By default this we will only throw integration errors, only set this to `true` if you want verification errors to be thrown as well.\n\n\n#### `throws`\n\nThrows integration errors and if `options.throwError` is set to `true` also throws `ALG_MISMATCH`, `NOT_YET_VALID`, `EXPIRED` or `INVALID_SIGNATURE`.\n\n\n#### `return`\n\nReturns the decoded token or `undefined`.\n\n```typescript\n{\n    header: {\n        alg: \"HS256\",\n        typ: \"JWT\"\n    },\n    payload: {\n        sub: \"1234\",\n        name: \"John Doe\",\n        email: \"john.doe@gmail.com\"\n    }\n}\n```\n\n\n\u003chr\u003e\n\n\n### Decode\n#### `decode(token)`\n\nJust returns the decoded token **without** verifying verifying it. Please use `verify()` if you intend to verify it as well.\n\nArgument    | Type     | Status   | Default | Description\n----------- | -------- | -------- | ------- | -----------\n`token`     | `string` | required | -       | The token string generated by `sign()`.\n\n\n#### `return`\n\nReturns an `object` containing `header` and `payload`:\n\n```typescript\n{\n    header: {\n        alg: \"HS256\",\n        typ: \"JWT\"\n    },\n    payload: {\n        sub: \"1234\",\n        name: \"John Doe\",\n        email: \"john.doe@gmail.com\"\n    }\n}\n```\n\n\n### Available Algorithms\n\n - `ES256`, `ES384`, `ES512`\n - `HS256`, `HS384`, `HS512`\n - `RS256`, `RS384`, `RS512`","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsndr%2Fcloudflare-worker-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftsndr%2Fcloudflare-worker-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsndr%2Fcloudflare-worker-jwt/lists"}