The TokenVerifier class provides methods for verifying and validating JWT tokens in a web application. This documentation provides a comprehensive guide on how to use this class effectively.
Here's a quick example of how to use the TokenVerifier class in your application:
// Import dependencies and configure SECRET_KEY
const jwt = require('jsonwebtoken');
const User = require('./user-model'); // Replace with your User model
const SECRET_KEY = 'your-secret-key';
// Create a TokenVerifier instance
const tokenVerifier = new TokenVerifier();
// Define a protected route
app.get('/protected-route', tokenVerifier.verifyToken, (req, res) => {
// Access the user and sub (subject) in req.user and req.sub
res.json({ message: 'Access granted!' });
});
The TokenVerifier class allows for customization of token verification by providing options to specify the expected audience and issuer. Here's how to use these options:
// Customize token verification
const tokenVerifier = new TokenVerifier({
audience: 'your-audience',
issuer: 'your-issuer',
});
// Use it as middleware
app.get('/custom-protected-route', tokenVerifier.verifyToken, (req, res) => {
res.json({ message: 'Custom access granted!' });
});
You can extend the TokenVerifier class to add custom methods or override existing ones. For example, you might want to implement token refresh functionality:
class CustomTokenVerifier extends TokenVerifier {
constructor(options) {
super(options);
}
async refreshToken(req, res) {
// Implement your token refresh logic here
// This method can be used in protected routes for token renewal
}
}
const customTokenVerifier = new CustomTokenVerifier();
// Use the custom class
app.get('/refresh-token', customTokenVerifier.refreshToken, (req, res) => {
// Handle token refresh
res.json({ message: 'Token refreshed!' });
});
Depending on your application's requirements, you may want to implement different error handling strategies when token verification fails. You can customize the sendErrorResponse method in the TokenVerifier class to tailor error responses to your needs.
class CustomTokenVerifier extends TokenVerifier {
constructor(options) {
super(options);
}
sendErrorResponse(res, message, statusCode) {
// Implement custom error response logic here
// For example, you can log errors to a file or notify an admin
console.error(message);
return res.status(statusCode).json({ customMessage: 'Custom error message' });
}
}
You can create custom middleware functions using the TokenVerifier class to implement fine-grained access control. This section provides examples of how to use the class in various middleware scenarios.
// Example: Creating middleware for admin access
function requireAdminAccess(req, res, next) {
const tokenVerifier = new TokenVerifier();
tokenVerifier.verifyToken(req, res, () => {
if (req.user && req.user.role === 'admin') {
next(); // Allow access for admins
} else {
res.status(403).json({ message: 'Access denied. Admin access required.' });
}
});
}
// Use the custom middleware
app.get('/admin-route', requireAdminAccess, (req, res) => {
res.json({ message: 'Admin access granted!' });
});
Implementing a token refresh mechanism is a common use case in authentication. This section explains how to use the TokenVerifier class to handle token refresh and renew expired tokens.
// Example: Implementing token refresh
app.get('/refresh-token', customTokenVerifier.refreshToken, (req, res) => {
// Handle token refresh logic
res.json({ message: 'Token refreshed!' });
});
'''
© 2023 Nolen Felten