improve readme and some types. Closes #283

auth0 · Apr 25, 2022 · 1a67f69 · 1a67f69
1 parent bf143d0
commit 1a67f69
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,25 @@ This module provides Express middleware for validating JWTs ([JSON Web Tokens](h
 $ npm install express-jwt
 ```
 
+## API
+
+`expressjwt(options)`
+
+Options has the following paramters:
+
+- `secret: jwt.Secret | GetVerificationKey` (required): The secret as an string or a function to retrieve the secret.
+- `getToken?: TokenGetter` (optional): A function that receives the express `Request` and returns the token, by default it looks in the `Authorization` header.
+- `isRevoked?: IsRevoked` (optional): A function to verify if a token is revoked.
+- `credentialsRequired?: boolean` (optional): If its false, continue to the next middleware if the request does not contain a token instead of failing, defaults to true.
+- `requestProperty?: string` (optional): name of the property in the request object where the payload is set. Default to `req.auth`.
+- Plus... all the options available in the [jsonwebtoken verify function](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback).
+
+The available functions have the following interface:
+
+- `GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined) => Promise<jwt.Secret>;`
+- `IsRevoked = (req: express.Request, token: jwt.Jwt | undefined) => Promise<boolean>;`
+- `TokenGetter = (req: express.Request) => string | Promise<string> | undefined;`
+
 ## Usage
 
 Basic usage using an HS256 secret:
@@ -235,6 +254,13 @@ app.get(
 );
 ```
 
+## Migration from v6
+
+1. The middleware function is now available as a named import rather than a default one: import { expressjwt } from 'express-jwt'
+2. The decoded JWT payload is now available as req.auth rather than req.user
+3. The `secret` function had `(req, header, payload, cb)`, now it can return a promise and receives `(req, token)`. `token` has `header` and `payload`.
+4. The `isRevoked` function had `(req, payload, cb)`, now it can return a promise and receives `(req, token)`. `token` has `header` and `payload`.
+
 ## Related Modules
 
 - [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) — JSON Web Token sign and verification

diff --git a/src/index.ts b/src/index.ts
@@ -3,9 +3,8 @@ import * as express from 'express';
 import expressUnless from 'express-unless';
 import { UnauthorizedError } from './errors/UnauthorizedError';
 
-export type GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined) => Promise<jwt.Secret>;
-export type IsRevoked = (req: express.Request, token: jwt.Jwt | undefined) => Promise<boolean>;
-
+export type GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined) => jwt.Secret | Promise<jwt.Secret>;
+export type IsRevoked = (req: express.Request, token: jwt.Jwt | undefined) => boolean | Promise<boolean>;
 export type TokenGetter = (req: express.Request) => string | Promise<string> | undefined;
 
 type Params = {