Issues and verifies JWT access tokens from a supplied keypair
See RFC7519
- Read PEM-formatted keys into memory (see fs)
- Instantiate token service with:
issuer
: the CN of the service issuing the tokensubject
: the CN of any service that may accept the tokenalgorithm
: only supports 'SHA256' for nowpublicKeyPEMBuffer
: A Buffer representation of a PEM encoded public keyprivateKeyPEMBuffer
: A Buffer representation of a PEM encoded private key
// instantiate the token service
const tokenService = new TokenService(
process.env.TOKEN_ISSUER as string,
[process.env.TOKEN_AUDIENCE as string],
'SHA256',
publicKeyPEMBuffer,
privateKeyPEMBuffer,
)
// after a successful login
const {expiresOn, accessToken} = await tokenService.issueAccessToken(user.id)
// on a request to a protected route
const isValid = await tokenService.validateAccessToken(accessToken)
- Clone the repo
- Install dependencies
npm i
- Run tests
npm test
- Watch/compile
npm run start:dev