jsonwebtoken (JWT) npm package

• The jsonwebtoken package in npm (Node Package Manager) is a library that allows you to work with JSON Web Tokens (JWTs) in Node.js. JWTs are a compact, URL-safe means of representing claims between two parties. They are commonly used for authentication and information exchange.

Key Features of jsonwebtoken

• Signing Tokens: You can sign tokens with a secret or a private key to ensure the integrity and authenticity of the token.

• Verifying Tokens: You can verify tokens to ensure they have been signed correctly and have not been tampered with.

• Decoding Tokens: You can decode tokens to read the payload without verifying their signature.

Installation

• To install jsonwebtoken, you use npm:

    npm install jsonwebtoken

1. Signing a Token

• To create a token, you use the `sign` method. You pass a payload (which is the data you want to store in the token), a secret or private key, and optionally some options like the token's expiration time.

    const jwt = require('jsonwebtoken');

    const payload = {

        userId: '123456',

        username: 'john_doe',

        role: 'admin'

    };

    const secretKey = 'your-256-bit-secret';

    const token = jwt.sign(payload, secretKey, { expiresIn: '1h' });

    console.log(token);

2. Verifying a Token

• To verify a token, you use the `verify` method. You pass the token, the secret or public key, and a callback function.

    jwt.verify(token, secretKey, (err, decoded) => {

        if (err) {

            console.log('Token verification failed:', err);

        } else {

            console.log('Token is valid:', decoded);

        }

    });

3. Decoding a Token

• To decode a token without verifying its signature, you use the `decode` method. This can be useful for extracting information from a token without checking its integrity.

    const decoded = jwt.decode(token);

    console.log(decoded);

Example Usage in Express.js

• Here's a basic example of how you might use `jsonwebtoken` in an Express.js application for user authentication.

    const express = require('express');

    const jwt = require('jsonwebtoken');

    const app = express();

    const port = 3000;

    const secretKey = 'your-256-bit-secret';

    // Middleware to check the token

    const authenticateJWT = (req, res, next) => {

        const token = req.header('Authorization');

        if (token) {

            jwt.verify(token, secretKey, (err, decoded) => {

                if (err) {

                    return res.status(403).send('Forbidden');

                }

                req.user = decoded;

                next();

            });

        } else {

            res.status(401).send('Unauthorized');

        }

    };

    // Login route

    app.post('/login', (req, res) => {

        // In a real application, you'd verify the user's credentials

        const user = {

            id: 1,

            username: 'john_doe',

            role: 'admin'

        };

        const token = jwt.sign(user, secretKey, { expiresIn: '1h' });

        res.json({ token });

    });

    // Protected route

    app.get('/protected', authenticateJWT, (req, res) => {

        res.send('This is a protected route. Your user info: ' + JSON.stringify(req.user));

    });

    app.listen(port, () => {

        console.log(`Server running at http://localhost:${port}/`);

    });

In this example:

• The `/login` route simulates a login, signing a token with user information.
• The `/protected` route is protected by the `authenticateJWT` middleware, which verifies the token and grants access if valid.

Conclusion

• The `jsonwebtoken` package is a powerful tool for handling JWTs in a Node.js environment. It allows you to securely transmit information between parties, ensuring that the data is verifiable and trustworthy. With easy-to-use methods for signing, verifying, and decoding tokens, it integrates well with authentication systems in web applications.