npmpackage.info

Gathering detailed insights and metrics for @667/express-jwt-authz

@667/express-jwt-authz - 2.4.1-1 | npmpackage.info

@667/express-jwt-authz

Validate the JWT scope to authorize access to an endpoint

2.4.1-1

NOASSERTION

JavaScript

8.31 kB

2.7

Installations

npm install @667/express-jwt-authz

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>=6

Node Version

12.21.0

NPM Version

6.14.11 Pull Requests

Open

0

Total

0

Closed

0

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Languages

JavaScript

JavaScript (100%)

Developer

june07

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

NOASSERTION License

62 Commits

1 Watchers

2 Branches

1 Contributors

Updated on Mar 23, 2021

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

2.4.1-1

Package Id

@667/express-jwt-authz@2.4.1-1

Unpacked Size

8.31 kB

Size

3.43 kB

File Count

NPM Version

6.14.11

Node Version

12.21.0

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

express @types/express restify

Dev Dependencies

chai husky mocha prettier pretty-quick

express-jwt-authz

This fork of https://github.com/auth0/express-jwt-authz supports restify as well as express.

Validate a JWTs scope to authorize access to an endpoint.

Install

$ npm install express-jwt-authz

restify@^8.5.1 is a peer dependency. express@^4.0.0 is a peer dependency. Make sure one of them is installed in your project.

Usage

Use together with express-jwt to both validate a JWT and make sure it has the correct permissions to call an endpoint.

1var jwt = require('express-jwt');
2var jwtAuthz = require('express-jwt-authz');
3
4var options = {};
5app.get('/users',
6  jwt({ secret: 'shared_secret' }),
7  jwtAuthz([ 'read:users' ], options),
8  function(req, res) { ... });

If multiple scopes are provided, the user must have at least one of the specified scopes.

1app.post('/users',
2  jwt({ secret: 'shared_secret' }),
3  jwtAuthz([ 'read:users', 'write:users' ], {}),
4  function(req, res) { ... });
5
6// This user will be granted access
7var authorizedUser = {
8  scope: 'read:users'
9};

To check that the user has all the scopes provided, use the checkAllScopes: true option:

1app.post('/users',
2  jwt({ secret: 'shared_secret' }),
3  jwtAuthz([ 'read:users', 'write:users' ], { checkAllScopes: true }),
4  function(req, res) { ... });
5
6// This user will have access
7var authorizedUser = {
8  scope: 'read:users write:users'
9};
10
11// This user will NOT have access
12var unauthorizedUser = {
13  scope: 'read:users'
14};

The JWT must have a scope claim and it must either be a string of space-separated permissions or an array of strings. For example:

// String:
"write:users read:users"

// Array:
["write:users", "read:users"]

Options

failWithError: When set to true, will forward errors to next instead of ending the response directly. Defaults to false.
checkAllScopes: When set to true, all the expected scopes will be checked against the user's scopes. Defaults to false.
customUserKey: The property name to check for the scope key. By default, permissions are checked against req.user, but you can change it to be req.myCustomUserKey with this option. Defaults to user.
customScopeKey: The property name to check for the actual scope. By default, permissions are checked against user.scope, but you can change it to be user.myCustomScopeKey with this option. Defaults to scope.

Issue Reporting

For issues directly related to restify support, please report them at this reposittory issues section.

If you have found a bug or if you have a feature request, please report them at https://github.com/auth0/express-jwt-authz/issues. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

June07

License

This project is licensed under the MIT license. See the LICENSE file for more info.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

License

Determines if the project has defined a license.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

2.7

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More