
LokiJS TokenStore for Passwordless

Primary LanguageJavaScriptMIT LicenseMIT


This module provides token storage for Passwordless -- a node.js module for express that allows website authentication without passwords. Visit the project's website https://passwordless.net for more details.

This module allows token to be stored in a LokiJS database. Tokens are hashed and salted using bcrypt.


First, install the module:

$ npm install passwordless-lokijsstore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var LokiJSStore = require('passwordless-lokijsstore');

passwordless.init(new LokiJSStore('tokens.json'));

    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token


new LokiJSStore(file, [options]);
  • file: (string) Name of the file to be saved to. Further documentation can be found on the LokiJS website
  • [options]: (object) Optional. This can include LokiJS options as described in the docs as well as LokiJSStore-specific ones as described below. All options are combined in one object as shown in the example below:


passwordless.init(new LokiJSStore('tokens.json', {
    autosave: true,
    autosaveInterval: 5000,
    lokijsstore: {
        disablesaveatwrite: true


  • [lokijsstore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'
  • [lokijsstore.disablesaveatwrite]: (boolean) Optional. Disables automatic write to disk whenever changes to the database occur. Recommended for more intense workloads. Should only be set to true when LokiJS's autosave is set to true. Default: false

Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected the same way. passwordless-lokijsstore uses bcryptjs with automatically created random salts (10 rounds).


$ npm test


MIT License


Florian Heinemann @thesumofall