Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tsndr/cloudflare-worker-jwt

A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.
https://github.com/tsndr/cloudflare-worker-jwt

cloudflare-worker cloudflare-workers esm esmodules jsonwebtoken jwt lightweight npm npm-package ts typescript zero-dependencies zero-dependency

Last synced: about 16 hours ago
JSON representation

A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.

Host: GitHub
URL: https://github.com/tsndr/cloudflare-worker-jwt
Owner: tsndr
License: mit
Created: 2021-02-04T10:35:25.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-07-24T05:13:26.000Z (2 months ago)
Last Synced: 2024-09-16T06:50:46.138Z (9 days ago)
Topics: cloudflare-worker, cloudflare-workers, esm, esmodules, jsonwebtoken, jwt, lightweight, npm, npm-package, ts, typescript, zero-dependencies, zero-dependency
Language: TypeScript
Homepage:
Size: 368 KB
Stars: 650
Watchers: 7
Forks: 52
Open Issues: 8
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

        # Cloudflare Worker JWT

A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.

## Contents

- [Install](#install)

- [Examples](#examples)

- [Usage](#usage)

    - [Sign](#sign)

    - [Verify](#verify)

    - [Decode](#decode)

## Install

```

npm i @tsndr/cloudflare-worker-jwt

```

## Examples

### Basic Example

```typescript

async () => {

    import jwt from '@tsndr/cloudflare-worker-jwt'

    // Creating a token

    const token = await jwt.sign({ name: 'John Doe', email: '[email protected]' }, 'secret')

    // Verifing token

    const isValid = await jwt.verify(token, 'secret')

    // Check for validity

    if (!isValid)

        return

    // Decoding token

    const { payload } = jwt.decode(token)

}

```

### Restrict Timeframe

```typescript

async () => {

    import jwt from '@tsndr/cloudflare-worker-jwt'

    // Creating a token

    const token = await jwt.sign({

        name: 'John Doe',

        email: '[email protected]',

        nbf: Math.floor(Date.now() / 1000) + (60 * 60),      // Not before: Now + 1h

        exp: Math.floor(Date.now() / 1000) + (2 * (60 * 60)) // Expires: Now + 2h

    }, 'secret')

    // Verifing token

    const isValid = await jwt.verify(token, 'secret') // false

    // Check for validity

    if (!isValid)

        return

    // Decoding token

    const { payload } = jwt.decode(token) // { name: 'John Doe', email: '[email protected]', ... }

}

```

## Usage

- [Sign](#sign)

- [Verify](#verify)

- [Decode](#decode)



### Sign

#### `jwt.sign(payload, secret, [options])`

Signs a payload and returns the token.

#### Arguments

Argument                 | Type               | Status   | Default     | Description

------------------------ | ------------------ | -------- | ----------- | -----------

`payload`                | `object`                            | required | -           | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.

`secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -           | A string which is used to sign the payload.

`options`                | `string`, `object`                  | optional | `HS256`     | Either the `algorithm` string or an object.

`options.algorithm`      | `string`                            | optional | `HS256`     | See [Available Algorithms](#available-algorithms)

`options.keyid`          | `string`                            | optional | `undefined` | The `keyid` or `kid` to be set in the header of the resulting JWT.

#### `return`

Returns token as a `string`.



### Verify

#### `jwt.verify(token, secret, [options])`

Verifies the integrity of the token and returns a boolean value.

Argument                 | Type               | Status   | Default | Description

------------------------ | ------------------ | -------- | ------- | -----------

`token`                  | `string`                            | required | -       | The token string generated by `jwt.sign()`.

`secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -       | The string which was used to sign the payload.

`options`                | `string`, `object`                  | optional | `HS256` | Either the `algorithm` string or an object.

`options.algorithm`      | `string`                            | optional | `HS256` | See [Available Algorithms](#available-algorithms)

`options.clockTolerance` | `number`                            | optional | `0`     | Clock tolerance in seconds, to help with slighly out of sync systems.

`options.throwError`     | `boolean`                           | optional | `false` | By default this we will only throw implementation errors, only set this to `true` if you want verification errors to be thrown as well.

#### `throws`

If `options.throwError` is `true` and the token is invalid, an error will be thrown.

#### `return`

Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 



### Decode

#### `jwt.decode(token)`

Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!

Argument    | Type     | Status   | Default | Description

----------- | -------- | -------- | ------- | -----------

`token`     | `string` | required | -       | The token string generated by `jwt.sign()`.

#### `return`

Returns an `object` containing `header` and `payload`:

```javascript

{

    header: {

        alg: 'HS256',

        typ: 'JWT'

    },

    payload: {

        name: 'John Doe',

        email: '[email protected]'

    }

}

```

### Available Algorithms

 - ES256

 - ES384

 - ES512

 - HS256

 - HS384

 - HS512

 - RS256

 - RS384

 - RS512