https://github.com/stacks-network/jsontokens-js
Library for encoding, decoding, and verifying JSON Web Tokens (JWTs) in node.js
https://github.com/stacks-network/jsontokens-js
Last synced: over 1 year ago
JSON representation
Library for encoding, decoding, and verifying JSON Web Tokens (JWTs) in node.js
- Host: GitHub
- URL: https://github.com/stacks-network/jsontokens-js
- Owner: stacks-network
- License: mit
- Created: 2015-09-22T22:13:10.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2023-09-11T17:22:25.000Z (almost 3 years ago)
- Last Synced: 2025-03-11T14:08:51.434Z (over 1 year ago)
- Language: TypeScript
- Homepage:
- Size: 4.87 MB
- Stars: 45
- Watchers: 6
- Forks: 26
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# JSON Tokens JS
[](https://circleci.com/gh/blockstack/jsontokens-js/tree/master)
[](https://www.npmjs.com/package/jsontokens)
[](https://www.npmjs.com/package/jsontokens)
[](https://www.npmjs.com/package/jsontokens)
[](http://slack.blockstack.org/)
node.js library for signing, decoding, and verifying JSON Web Tokens (JWTs) with the ES256K signature scheme (which uses the secp256k elliptic curve). This is currently the only supported signing and verification scheme for this library.
### Installation
```
npm install jsontokens
```
### Signing Tokens
```js
import { TokenSigner } from 'jsontokens'
const rawPrivateKey = '278a5de700e29faae8e40e366ec5012b5ec63d36ec77e8a2417154cc1d25383f'
const tokenPayload = {"iat": 1440713414.85}
const token = new TokenSigner('ES256K', rawPrivateKey).sign(tokenPayload)
```
### Creating Unsecured Tokens
```js
import { createUnsecuredToken } from 'jsontokens'
const unsecuredToken = createUnsecuredToken(tokenPayload)
```
### Decoding Tokens
```js
import { decodeToken } = from 'jsontokens'
const tokenData = decodeToken(token)
```
### Verifying Tokens
The TokenVerifier class will validate that a token is correctly signed. It does not perform checks on the claims in the payload (e.g., the `exp` field)--- checking the expiration field, etc., is left as a requirement for callers.
```js
import { TokenVerifier } from 'jsontokens'
const rawPublicKey = '03fdd57adec3d438ea237fe46b33ee1e016eda6b585c3e27ea66686c2ea5358479'
const verified = new TokenVerifier('ES256K', rawPublicKey).verify(token)
```
### Example Tokens
```text
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
```