function JwtStrategy(options, verify) {
passport.Strategy.call(this);
this.name = 'jwt';
this._secretOrKey = options.secretOrKey;
if (!this._secretOrKey) {
throw new TypeError('JwtStrategy requires a secret or key');
}
this._verify = verify;
if (!this._verify) {
throw new TypeError('JwtStrategy requires a verify callback');
}
this._jwtFromRequest = options.jwtFromRequest;
if (!this._jwtFromRequest) {
throw new TypeError('JwtStrategy requires a function to retrieve jwt from requests (see option jwtFromRequest)');
}
this._passReqToCallback = options.passReqToCallback;
this._verifOpts = {};
if (options.issuer) {
this._verifOpts.issuer = options.issuer;
}
if (options.audience) {
this._verifOpts.audience = options.audience;
}
if (options.algorithms) {
this._verifOpts.algorithms = options.algorithms;
}
if (options.ignoreExpiration != null) {
this._verifOpts.ignoreExpiration = options.ignoreExpiration;
}
}n/a
function Strategy() {
}n/a
fromAuthHeader = function () {
return extractors.fromAuthHeaderWithScheme(DEFAULT_AUTH_SCHEME);
}...
An example configuration which reads the JWT from the http
Authorization header with the scheme 'JWT':
```js
var JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = 'secret';
opts.issuer = "accounts.examplesoft.com";
opts.audience = "yoursite.net";
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
...fromAuthHeaderWithScheme = function (auth_scheme) {
return function (request) {
var token = null;
if (request.headers[AUTH_HEADER]) {
var auth_params = auth_hdr.parse(request.headers[AUTH_HEADER]);
if (auth_params && auth_scheme === auth_params.scheme) {
token = auth_params.value;
}
}
return token;
};
}...
return token;
};
};
extractors.fromAuthHeader = function () {
return extractors.fromAuthHeaderWithScheme(DEFAULT_AUTH_SCHEME);
};
extractors.fromExtractors = function(extractors) {
if (!Array.isArray(extractors)) {
throw new TypeError('extractors.fromExtractors expects an array')
}
...fromBodyField = function (field_name) {
return function (request) {
var token = null;
if (request.body && Object.prototype.hasOwnProperty.call(request.body, field_name)) {
token = request.body[field_name];
}
return token;
};
}...
queryParam = options.tokenQueryParameterName || 'auth_token';
return function (request) {
var authHeaderExtractor = extractors.fromAuthHeaderWithScheme(authScheme);
var token = authHeaderExtractor(request);
if (!token) {
var bodyExtractor = extractors.fromBodyField(bodyField);
token = bodyExtractor(request);
}
if (!token) {
var queryExtractor = extractors.fromUrlQueryParameter(queryParam);
token = queryExtractor(request);
}
...fromExtractors = function (extractors) {
if (!Array.isArray(extractors)) {
throw new TypeError('extractors.fromExtractors expects an array')
}
return function (request) {
var token = null;
var index = 0;
while(!token && index < extractors.length) {
token = extractors[index].call(this, request);
index ++;
}
return token;
}
}...
});
describe('fromExtractors', function() {
it('should raise a type error when the extractor is constructed with a non-array argument', function() {
this_should_throw = function() {
var extractor = extract_jwt.fromExtractors({})
}
expect(this_should_throw).to.throw(TypeError)
});
var extractor = extract_jwt.fromExtractors([extract_jwt.fromAuthHeader(), extract_jwt.fromHeader('authorization')]);
...fromHeader = function (header_name) {
return function (request) {
var token = null;
if (request.headers[header_name]) {
token = request.headers[header_name];
}
return token;
};
}...
var extract_jwt = require('../lib/extract_jwt'),
Request = require('./mock_request');
describe('Token extractor', function() {
describe('fromHeader', function() {
var extractor = extract_jwt.fromHeader('test_header');
it('should return null no when token is present', function() {
var req = new Request();
var token = extractor(req);
expect(token).to.be.null;
...fromUrlQueryParameter = function (param_name) {
return function (request) {
var token = null,
parsed_url = url.parse(request.url, true);
if (parsed_url.query && Object.prototype.hasOwnProperty.call(parsed_url.query, param_name)) {
token = parsed_url.query[param_name];
}
return token;
};
}...
if (!token) {
var bodyExtractor = extractors.fromBodyField(bodyField);
token = bodyExtractor(request);
}
if (!token) {
var queryExtractor = extractors.fromUrlQueryParameter(queryParam);
token = queryExtractor(request);
}
return token;
};
}
...versionOneCompatibility = function (options) {
var authScheme = options.authScheme || DEFAULT_AUTH_SCHEME,
bodyField = options.tokenBodyField || 'auth_token',
queryParam = options.tokenQueryParameterName || 'auth_token';
return function (request) {
var authHeaderExtractor = extractors.fromAuthHeaderWithScheme(authScheme);
var token = authHeaderExtractor(request);
if (!token) {
var bodyExtractor = extractors.fromBodyField(bodyField);
token = bodyExtractor(request);
}
if (!token) {
var queryExtractor = extractors.fromUrlQueryParameter(queryParam);
token = queryExtractor(request);
}
return token;
};
}...
Identical behavior can be achieved under v2 with the versionOneCompatibility extractor:
```js
var JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.versionOneCompatibility({ tokenBodyField = "MY_CUSTOM_BODY_FIELD
" });
opts.opts.secretOrKey = 'secret';
opts.issuer = "accounts.examplesoft.com";
opts.audience = "yoursite.net";
passport.use(new JwtStrategy(opts, verifyFunction));
```
...function JwtStrategy(options, verify) {
passport.Strategy.call(this);
this.name = 'jwt';
this._secretOrKey = options.secretOrKey;
if (!this._secretOrKey) {
throw new TypeError('JwtStrategy requires a secret or key');
}
this._verify = verify;
if (!this._verify) {
throw new TypeError('JwtStrategy requires a verify callback');
}
this._jwtFromRequest = options.jwtFromRequest;
if (!this._jwtFromRequest) {
throw new TypeError('JwtStrategy requires a function to retrieve jwt from requests (see option jwtFromRequest)');
}
this._passReqToCallback = options.passReqToCallback;
this._verifOpts = {};
if (options.issuer) {
this._verifOpts.issuer = options.issuer;
}
if (options.audience) {
this._verifOpts.audience = options.audience;
}
if (options.algorithms) {
this._verifOpts.algorithms = options.algorithms;
}
if (options.ignoreExpiration != null) {
this._verifOpts.ignoreExpiration = options.ignoreExpiration;
}
}n/a
JwtVerifier = function (token, secretOrKey, options, callback) {
return jwt.verify(token, secretOrKey, options, callback);
}...
var token = self._jwtFromRequest(req);
if (!token) {
return self.fail(new Error("No auth token"));
}
// Verify the JWT
JwtStrategy.JwtVerifier(token, this._secretOrKey, this._verifOpts, function(jwt_err,
payload) {
if (jwt_err) {
return self.fail(jwt_err);
} else {
// Pass the parsed token to the user
var verified = function(err, user, info) {
if(err) {
return self.error(err);
...function Strategy() {
}n/a
authenticate = function (req, options) {
var self = this;
var token = self._jwtFromRequest(req);
if (!token) {
return self.fail(new Error("No auth token"));
}
// Verify the JWT
JwtStrategy.JwtVerifier(token, this._secretOrKey, this._verifOpts, function(jwt_err, payload) {
if (jwt_err) {
return self.fail(jwt_err);
} else {
// Pass the parsed token to the user
var verified = function(err, user, info) {
if(err) {
return self.error(err);
} else if (!user) {
return self.fail(info);
} else {
return self.success(user, info);
}
};
try {
if (self._passReqToCallback) {
self._verify(req, payload, verified);
} else {
self._verify(payload, verified);
}
} catch(ex) {
self.error(ex);
}
}
});
}...
}
return token;
};
```
### Authenticate requests
Use `passport.authenticate()` specifying `'JWT'` as the strategy.
```js
app.post('/profile', passport.authenticate('jwt', { session: false}),
function(req, res) {
res.send(req.user.profile);
}
);
...function Strategy() {
}n/a
function Strategy() {
}n/a
authenticate = function (req, options) {
throw new Error('Strategy#authenticate must be overridden by subclass');
}...
}
return token;
};
```
### Authenticate requests
Use `passport.authenticate()` specifying `'JWT'` as the strategy.
```js
app.post('/profile', passport.authenticate('jwt', { session: false}),
function(req, res) {
res.send(req.user.profile);
}
);
...