function JwtStrategy(options, verify) { passport.Strategy.call(this); this.name = 'jwt'; this._secretOrKey = options.secretOrKey; if (!this._secretOrKey) { throw new TypeError('JwtStrategy requires a secret or key'); } this._verify = verify; if (!this._verify) { throw new TypeError('JwtStrategy requires a verify callback'); } this._jwtFromRequest = options.jwtFromRequest; if (!this._jwtFromRequest) { throw new TypeError('JwtStrategy requires a function to retrieve jwt from requests (see option jwtFromRequest)'); } this._passReqToCallback = options.passReqToCallback; this._verifOpts = {}; if (options.issuer) { this._verifOpts.issuer = options.issuer; } if (options.audience) { this._verifOpts.audience = options.audience; } if (options.algorithms) { this._verifOpts.algorithms = options.algorithms; } if (options.ignoreExpiration != null) { this._verifOpts.ignoreExpiration = options.ignoreExpiration; } }
n/a
function Strategy() { }
n/a
fromAuthHeader = function () { return extractors.fromAuthHeaderWithScheme(DEFAULT_AUTH_SCHEME); }
...
An example configuration which reads the JWT from the http
Authorization header with the scheme 'JWT':
```js
var JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = 'secret';
opts.issuer = "accounts.examplesoft.com";
opts.audience = "yoursite.net";
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
...
fromAuthHeaderWithScheme = function (auth_scheme) { return function (request) { var token = null; if (request.headers[AUTH_HEADER]) { var auth_params = auth_hdr.parse(request.headers[AUTH_HEADER]); if (auth_params && auth_scheme === auth_params.scheme) { token = auth_params.value; } } return token; }; }
...
return token;
};
};
extractors.fromAuthHeader = function () {
return extractors.fromAuthHeaderWithScheme(DEFAULT_AUTH_SCHEME);
};
extractors.fromExtractors = function(extractors) {
if (!Array.isArray(extractors)) {
throw new TypeError('extractors.fromExtractors expects an array')
}
...
fromBodyField = function (field_name) { return function (request) { var token = null; if (request.body && Object.prototype.hasOwnProperty.call(request.body, field_name)) { token = request.body[field_name]; } return token; }; }
...
queryParam = options.tokenQueryParameterName || 'auth_token';
return function (request) {
var authHeaderExtractor = extractors.fromAuthHeaderWithScheme(authScheme);
var token = authHeaderExtractor(request);
if (!token) {
var bodyExtractor = extractors.fromBodyField(bodyField);
token = bodyExtractor(request);
}
if (!token) {
var queryExtractor = extractors.fromUrlQueryParameter(queryParam);
token = queryExtractor(request);
}
...
fromExtractors = function (extractors) { if (!Array.isArray(extractors)) { throw new TypeError('extractors.fromExtractors expects an array') } return function (request) { var token = null; var index = 0; while(!token && index < extractors.length) { token = extractors[index].call(this, request); index ++; } return token; } }
...
});
describe('fromExtractors', function() {
it('should raise a type error when the extractor is constructed with a non-array argument', function() {
this_should_throw = function() {
var extractor = extract_jwt.fromExtractors({})
}
expect(this_should_throw).to.throw(TypeError)
});
var extractor = extract_jwt.fromExtractors([extract_jwt.fromAuthHeader(), extract_jwt.fromHeader('authorization')]);
...
fromHeader = function (header_name) { return function (request) { var token = null; if (request.headers[header_name]) { token = request.headers[header_name]; } return token; }; }
...
var extract_jwt = require('../lib/extract_jwt'),
Request = require('./mock_request');
describe('Token extractor', function() {
describe('fromHeader', function() {
var extractor = extract_jwt.fromHeader('test_header');
it('should return null no when token is present', function() {
var req = new Request();
var token = extractor(req);
expect(token).to.be.null;
...
fromUrlQueryParameter = function (param_name) { return function (request) { var token = null, parsed_url = url.parse(request.url, true); if (parsed_url.query && Object.prototype.hasOwnProperty.call(parsed_url.query, param_name)) { token = parsed_url.query[param_name]; } return token; }; }
...
if (!token) {
var bodyExtractor = extractors.fromBodyField(bodyField);
token = bodyExtractor(request);
}
if (!token) {
var queryExtractor = extractors.fromUrlQueryParameter(queryParam);
token = queryExtractor(request);
}
return token;
};
}
...
versionOneCompatibility = function (options) { var authScheme = options.authScheme || DEFAULT_AUTH_SCHEME, bodyField = options.tokenBodyField || 'auth_token', queryParam = options.tokenQueryParameterName || 'auth_token'; return function (request) { var authHeaderExtractor = extractors.fromAuthHeaderWithScheme(authScheme); var token = authHeaderExtractor(request); if (!token) { var bodyExtractor = extractors.fromBodyField(bodyField); token = bodyExtractor(request); } if (!token) { var queryExtractor = extractors.fromUrlQueryParameter(queryParam); token = queryExtractor(request); } return token; }; }
...
Identical behavior can be achieved under v2 with the versionOneCompatibility extractor:
```js
var JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.versionOneCompatibility({ tokenBodyField = "MY_CUSTOM_BODY_FIELD
" });
opts.opts.secretOrKey = 'secret';
opts.issuer = "accounts.examplesoft.com";
opts.audience = "yoursite.net";
passport.use(new JwtStrategy(opts, verifyFunction));
```
...
function JwtStrategy(options, verify) { passport.Strategy.call(this); this.name = 'jwt'; this._secretOrKey = options.secretOrKey; if (!this._secretOrKey) { throw new TypeError('JwtStrategy requires a secret or key'); } this._verify = verify; if (!this._verify) { throw new TypeError('JwtStrategy requires a verify callback'); } this._jwtFromRequest = options.jwtFromRequest; if (!this._jwtFromRequest) { throw new TypeError('JwtStrategy requires a function to retrieve jwt from requests (see option jwtFromRequest)'); } this._passReqToCallback = options.passReqToCallback; this._verifOpts = {}; if (options.issuer) { this._verifOpts.issuer = options.issuer; } if (options.audience) { this._verifOpts.audience = options.audience; } if (options.algorithms) { this._verifOpts.algorithms = options.algorithms; } if (options.ignoreExpiration != null) { this._verifOpts.ignoreExpiration = options.ignoreExpiration; } }
n/a
JwtVerifier = function (token, secretOrKey, options, callback) { return jwt.verify(token, secretOrKey, options, callback); }
...
var token = self._jwtFromRequest(req);
if (!token) {
return self.fail(new Error("No auth token"));
}
// Verify the JWT
JwtStrategy.JwtVerifier(token, this._secretOrKey, this._verifOpts, function(jwt_err,
payload) {
if (jwt_err) {
return self.fail(jwt_err);
} else {
// Pass the parsed token to the user
var verified = function(err, user, info) {
if(err) {
return self.error(err);
...
function Strategy() { }
n/a
authenticate = function (req, options) { var self = this; var token = self._jwtFromRequest(req); if (!token) { return self.fail(new Error("No auth token")); } // Verify the JWT JwtStrategy.JwtVerifier(token, this._secretOrKey, this._verifOpts, function(jwt_err, payload) { if (jwt_err) { return self.fail(jwt_err); } else { // Pass the parsed token to the user var verified = function(err, user, info) { if(err) { return self.error(err); } else if (!user) { return self.fail(info); } else { return self.success(user, info); } }; try { if (self._passReqToCallback) { self._verify(req, payload, verified); } else { self._verify(payload, verified); } } catch(ex) { self.error(ex); } } }); }
...
}
return token;
};
```
### Authenticate requests
Use `passport.authenticate()` specifying `'JWT'` as the strategy.
```js
app.post('/profile', passport.authenticate('jwt', { session: false}),
function(req, res) {
res.send(req.user.profile);
}
);
...
function Strategy() { }
n/a
function Strategy() { }
n/a
authenticate = function (req, options) { throw new Error('Strategy#authenticate must be overridden by subclass'); }
...
}
return token;
};
```
### Authenticate requests
Use `passport.authenticate()` specifying `'JWT'` as the strategy.
```js
app.post('/profile', passport.authenticate('jwt', { session: false}),
function(req, res) {
res.send(req.user.profile);
}
);
...