JWT

npm version Changelog

$ npm install @feathersjs/authentication --save

The JWTStrategy is an authentication strategy included in @feathersjs/authentication for authenticating JSON web token service methods calls and HTTP requests, e.g.

{
  "strategy": "jwt",
  "accessToken": "<your JWT>"
}

Options

  • header (default: 'Authorization'): The HTTP header containing the JWT
  • schemes (default: [ 'Bearer', 'JWT' ]): An array of schemes to support

The default settings support passing the JWT through the following HTTP headers:

Authorization: <your JWT>
Authorization: Bearer <your JWT>
Authorization: JWT <your JWT>

Standard JWT authentication can be configured with those options in config/default.json like this:

{
  "authentication": {
    "jwt": {}
  }
}

Note: Since the default options are what most clients expect for JWT authentication they usually don't need to be customized.

JwtStrategy

getEntity(id, params)

jwtStrategy.getEntity(id, params) returns the entity instance for id, usually entityService.get(id, params). It will not be called if entity in the authentication configuration is set to null.

authenticate(data, params)

jwtStrategy.authenticate(data, params) will try to verify data.accessToken by calling the strategies authenticationService.verifyAccessToken.

Returns a promise that resolves with the following format:

{
  [entity],
  accessToken,
  authentication: {
    strategy: 'jwt',
    payload
  }
}

Note: Since the JWT strategy returns an accessToken property (the same as the token sent to this strategy), that access token will also be returned by authenticationService.create instead of creating a new one.

parse(req, res)

Parse the HTTP request headers for JWT authentication information. Returns a promise that resolves with either null or data in the form of:

{
  strategy: '<strategy name>',
  accessToken: '<access token from HTTP header>'
}

Customization