gitmyhub

node-jsonwebtoken

JavaScript ★ 18k updated 8d ago

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

node-jsonwebtoken is a Node.js library for creating and verifying JSON Web Tokens, the most common way to handle user logins by sending a signed token instead of storing sessions on the server.

JavaScriptNode.jssetup: easycomplexity 2/5

node-jsonwebtoken is a Node.js library for creating and verifying JSON Web Tokens (JWTs). A JWT is a compact, self-contained package of information — typically used to prove that a user is who they say they are after logging in. Instead of storing session data on the server, a server generates a signed token and sends it to the client; the client presents that token with future requests, and the server verifies the signature to confirm the token is genuine and unmodified.

The library provides three main functions. The sign function creates a new token from a payload (any data you want to embed, like a user ID or permissions) and a secret key or private key, optionally setting an expiration time. The verify function checks that an incoming token's signature is valid, that it has not expired, and that it matches expected values like issuer or audience. The decode function reads the token's content without verifying the signature, useful for inspecting tokens in non-security-critical situations.

It supports both synchronous and asynchronous usage. Multiple signing algorithms are available, including HMAC-based ones (which use a shared secret) and RSA or ECDSA-based ones (which use a public/private key pair). The library enforces a minimum key size for RSA signatures to prevent use of weak keys. It is published on npm and maintained by Auth0.

Where it fits