Gathering detailed insights and metrics for fastify-jwt-jwks
Gathering detailed insights and metrics for fastify-jwt-jwks
Installations
npm install fastify-jwt-jwksDeveloper
nearform
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 20
Typescript Support
Yes
Node Version
18.20.4
NPM Version
10.7.0
Statistics
10 Stars
373 Commits
7 Forks
32 Watching
5 Branches
47 Contributors
Updated on 25 Nov 2024
Languages
JavaScript (96.47%)
TypeScript (3.53%)
Total Downloads
Cumulative downloads
Total Downloads
830,699
Last day
-19.9%
2,928
Compared to previous day
Last week
-2.1%
13,934
Compared to previous week
Last month
-3.1%
65,861
Compared to previous month
Last year
401%
692,484
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
fastify-jwt-jwks
JSON Web Key Set (JWKS) verification plugin for Fastify, internally uses @fastify/jwt.
Note
JSON Web Key Sets (JWKS) are used to verify that a signed JWT originated from a particular authorization server, and that the token hasn't been tampered with. If you are looking to implement JWT authentication in your Fastify application you may be looking for @fastify/jwt.
Installation
Just run:
1npm install fastify-jwt-jwks --save
Usage
Register as a plugin, providing one or more of the following options:
jwksUrl: JSON Web Key Set url (JWKS). The public endpoint returning the set of keys that contain amongst other things the keys needed to verify JSON Web Tokens (JWT). Eg. https://domain.com/.well-known/jwks.jsonaudience: The intended consumer of the token. This is typically a set of endpoints at which the token can be used. If you provide the valuetrue, the domain will be also used as audience. Accepts a string value, or an array of strings for multiple audiences.issuer: The domain of the system which is issuing OAuth access tokens. By default the domain will be also used as audience. Accepts a string value, or an array of strings for multiple issuers.secret: The OAuth client secret. It enables verification of HS256 encoded JWT tokens.complete: If to return also the header and signature of the verified token.secretsTtl: How long (in milliseconds) to cache RS256 secrets before getting them again using well known JWKS URLS. Setting to 0 or less disables the cache. Defaults to 1 week.cookie: Used to indicate that the token can be passed using cookie, instead of the Authorization header.cookieName: The name of the cookie.signed: Indicates whether the cookie is signed or not. If set totrue, the JWT will be verified using the unsigned value.
namespace: A string used to namespace the decorators of this plugin. This is to allow this plugin to be applied multiple times to a single Fastify instance. See the description of the namespace parameter in @fastify/jwt.
Since this plugin is based on the @fastify/jwt verify, it is also possibile to pass the options documented here, see the example below.
Once registered, your fastify instance and request will be decorated as describe by @fastify/jwt.
In addition, the request will also get the authenticate decorator.
This decorator can be used as preValidation hook to add authenticate to your routes. The token information will be available in request.user.
Example:
1const fastify = require('fastify') 2const server = fastify() 3 4await server.register(require('fastify-jwt-jwks'), { 5 jwksUrl: '<JWKS url>', 6 audience: '<app audience>' 7}) 8 9server.get('/verify', { preValidation: server.authenticate }, (request, reply) => { 10 reply.send(request.user) 11}) 12 13server.listen(0, err => { 14 if (err) { 15 throw err 16 } 17})
You can configure there to be more than one JWT API audience:
1await server.register(require('fastify-jwt-jwks'), { 2 jwksUrl: '<JWKS url>', 3 audience: ['<app audience>', '<admin audience>'] 4})
You can include @fastify/jwt verify options:
1await server.register(require('fastify-jwt-jwks'), { 2 jwksUrl: '<JWKS url>', 3 audience: ['<app audience>', '<admin audience>'], 4 cache: true, // @fastify/jwt cache 5 cacheTTL: 100, // @fastify/jwt cache ttl 6 errorCacheTTL: -1 // @fastify/jwt error cache ttl 7})
You can also use the namespace option to apply this plugin multiple times to the same Fastify instance, in order to perform JWT verification with different JWKs URLs:
1await server.register(require('fastify-jwt-jwks'), { 2 jwksUrl: '<JWKS url>', 3 audience: '<app audience>' 4}) 5 6await server.register(require('fastify-jwt-jwks'), { 7 jwksUrl: '<JWKS url 2>', 8 audience: '<app audience 2>', 9 namespace: 'newToken' 10}) 11 12server.get('/verify', 13 { 14 preValidation: async function (request, reply) { 15 try { 16 await server.authenticate() 17 } catch (err) { 18 await server.newTokenAuthenticate() 19 } 20 } 21 }, 22 (request, reply) => { reply.send(request.user) } 23)
Contributing
See CONTRIBUTING.md
Developer notes
Tests
Tests are currently split into unit and integration tests.
License
Copyright NearForm Ltd. Licensed under the Apache-2.0 license.
No vulnerabilities found.
No security vulnerabilities found.