JSON Web Token authentication for Flora.
This plugin for the Flora API framework enables authentication with JSON Web Tokens.
Authenticated requests contain a JSON Web Token either
- in the
Authorizationheader field (e.g.Authorization: Bearer eyJhb...), or - in the
access_tokenbody parameter, or - in the
access_tokenquery parameter.
Additionally, when calling flora internally (without HTTP), the access_token property of the flora.Request object is used.
If the credentialsRequired option is set to true (default), an AuthenticationError (ERR_MISSING_TOKEN) is thrown if no valid token is found. If set to false and no token is used, request._auth is set to null or whatever the validate function returns.
By default, the contents of the JSON Web Token are saved to request._auth.
When further processing is needed, an async validate function can be specified, which may transform the JWT contents to something application specific.
const flora = require('@florajs/flora');
const floraAuthJwt = require('@florajs/auth-jwt');
const server = new flora.Server('./config.js');
server.register('auth-jwt', floraAuthJwt, {
secret: 'My Secret Key',
algorithms: ['HS256'], // optional
credentialsRequired: false, // default: false
validate: async (jwt, request) => {
// return value will go to request._auth
return { userId: jwt.sub };
}
});
server.run();