GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → auth0 → Express Jwt Authz

auth0 / Express Jwt Authz

Licence: mit
Validate the JWT scope to authorize access to an endpoint

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

expressjwt

Projects that are alternatives of or similar to Express Jwt Authz

Crate
👕 👖 📦 A sample web and mobile application built with Node, Express, React, React Native, Redux and GraphQL. Very basic replica of stitchfix.com / krate.in (allows users to get monthly subscription of trendy clothes and accessories).
Stars: ✭ 2,281 (+2982.43%)
Mutual labels:  express, jwt
Nest Angular
NestJS, Angular 6, Server Side Rendering (Angular Universal), GraphQL, JWT (JSON Web Tokens) and Facebook/Twitter/Google Authentication, Mongoose, MongoDB, Webpack, TypeScript
Stars: ✭ 307 (+314.86%)
Mutual labels:  express, jwt
Express Graphql Boilerplate
Express GraphQL API with JWT Authentication and support for sqlite, mysql, and postgresql
Stars: ✭ 201 (+171.62%)
Mutual labels:  express, jwt
Node Express Mongoose Passport Jwt Rest Api Auth
Node, express, mongoose, passport and JWT REST API authentication example
Stars: ✭ 146 (+97.3%)
Mutual labels:  express, jwt
Express Jwt Permissions
🚦 Express middleware for JWT permissions
Stars: ✭ 444 (+500%)
Mutual labels:  express, jwt
Express Mongodb Rest Api Boilerplate
A boilerplate for Node.js apps / Rest API / Authentication from scratch - express, mongodb (mongoose).
Stars: ✭ 153 (+106.76%)
Mutual labels:  express, jwt
Securing Restful Apis With Jwt
How to secure a Nodejs RESTful CRUD API using JSON web tokens?
Stars: ✭ 301 (+306.76%)
Mutual labels:  express, jwt
Angular Full Stack
Angular Full Stack project built using Angular, Express, Mongoose and Node. Whole stack in TypeScript.
Stars: ✭ 1,261 (+1604.05%)
Mutual labels:  express, jwt
Foal
Elegant and all-inclusive Node.Js web framework based on TypeScript. 🚀.
Stars: ✭ 1,176 (+1489.19%)
Mutual labels:  express, jwt
Vue Crud X
Vue+Express Cookbook & CRUD Component (with Vite and Web Components)
Stars: ✭ 393 (+431.08%)
Mutual labels:  express, jwt
Electrode Csrf Jwt
Stateless Cross-Site Request Forgery (CSRF) protection with JWT
Stars: ✭ 127 (+71.62%)
Mutual labels:  express, jwt
Starter Nodejs Rest
DEPRECATED!! Starter for a Node.js REST Application using MongoDB and JSON Web Token
Stars: ✭ 29 (-60.81%)
Mutual labels:  express, jwt
Mern Boilerplate
Fullstack boilerplate with React, Redux, Express, Mongoose, Passport Local, JWT, Facebook and Google OAuth out of the box.
Stars: ✭ 112 (+51.35%)
Mutual labels:  express, jwt
Mern
🌐 MERN stack 2.0 - MongoDB, Express, React/Redux, Node
Stars: ✭ 175 (+136.49%)
Mutual labels:  express, jwt
Express Jwt
An example API for creating/verifying json web tokens
Stars: ✭ 105 (+41.89%)
Mutual labels:  express, jwt
Auth Jwt
A demo to learn JWT by reverse engineering
Stars: ✭ 208 (+181.08%)
Mutual labels:  express, jwt
Kikoeru Express
kikoeru 后端,不再维护,请到https://github.com/umonaca/kikoeru-express 获取更新
Stars: ✭ 79 (+6.76%)
Mutual labels:  express, jwt
Express Rest Api Boilerplate
Express REST API with JWT Authentication and support for sqlite, mysql, and postgresql
Stars: ✭ 384 (+418.92%)
Mutual labels:  express, jwt
Node Express Mongodb Jwt Rest Api Skeleton
This is a basic API REST skeleton written on JavaScript using async/await. Great for building a starter web API for your front-end (Android, iOS, Vue, react, angular, or anything that can consume an API). Demo of frontend in VueJS here: https://github.com/davellanedam/vue-skeleton-mvp
Stars: ✭ 603 (+714.86%)
Mutual labels:  express, jwt
Jwt Node Vue
Repositório responsável pelo primeiro projeto da série de vídeos: Coding Stuff.
Stars: ✭ 29 (-60.81%)
Mutual labels:  express, jwt
View All Similar Projects ➔

express-jwt-authz

Validate a JWTs scope to authorize access to an endpoint.

Install

$ npm install express-jwt-authz

[email protected]^4.0.0 is a peer dependency. Make sure it is installed in your project.

Usage

Use together with express-jwt to both validate a JWT and make sure it has the correct permissions to call an endpoint.

var jwt = require('express-jwt');
var jwtAuthz = require('express-jwt-authz');

var options = {};
app.get('/users',
  jwt({ secret: 'shared_secret' }),
  jwtAuthz([ 'read:users' ], options),
  function(req, res) { ... });

If multiple scopes are provided, the user must have at least one of the specified scopes.

app.post('/users',
  jwt({ secret: 'shared_secret' }),
  jwtAuthz([ 'read:users', 'write:users' ], {}),
  function(req, res) { ... });

// This user will be granted access
var authorizedUser = {
  scope: 'read:users'
};

To check that the user has all the scopes provided, use the checkAllScopes: true option:

app.post('/users',
  jwt({ secret: 'shared_secret' }),
  jwtAuthz([ 'read:users', 'write:users' ], { checkAllScopes: true }),
  function(req, res) { ... });

// This user will have access
var authorizedUser = {
  scope: 'read:users write:users'
};

// This user will NOT have access
var unauthorizedUser = {
  scope: 'read:users'
};

The JWT must have a scope claim and it must either be a string of space-separated permissions or an array of strings. For example:

// String:
"write:users read:users"

// Array:
["write:users", "read:users"]

Options

  • failWithError: When set to true, will forward errors to next instead of ending the response directly. Defaults to false.
  • checkAllScopes: When set to true, all the expected scopes will be checked against the user's scopes. Defaults to false.
  • customUserKey: The property name to check for the scope key. By default, permissions are checked against req.user, but you can change it to be req.myCustomUserKey with this option. Defaults to user.
  • customScopeKey: The property name to check for the actual scope. By default, permissions are checked against user.scope, but you can change it to be user.myCustomScopeKey with this option. Defaults to scope.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].