archive-gh-me/feathers
1
0
Fork 0
mirror of https://github.com/feathersjs/feathers.git synced 2025-12-08 19:46:22 +00:00
Code Issues Projects Releases Wiki Activity
feathers/docs/api/authentication/jwt.md
David Luecke eeb62e13ef
chore(docs): Add current v5 API docs (#2805)
2022-10-17 12:49:03 -07:00

3.0 KiB
Raw Blame History

outline
deep

JWT Strategy

npm version Changelog

npm install @feathersjs/authentication --save

The JWTStrategy is an authentication strategy included in @feathersjs/authentication for authenticating JSON web token service methods calls and HTTP requests, e.g.

{
  "strategy": "jwt",
  "accessToken": "<your JWT>"
}

Options

  • header (default: 'Authorization'): The HTTP header containing the JWT
  • schemes (default: [ 'Bearer', 'JWT' ]): An array of schemes to support

The default settings support passing the JWT through the following HTTP headers:

Authorization: <your JWT>
Authorization: Bearer <your JWT>
Authorization: JWT <your JWT>

Standard JWT authentication can be configured with those options in config/default.json like this:

{
  "authentication": {
    "jwtOptions": {}
  }
}

Note: Since the default options are what most clients expect for JWT authentication they usually don't need to be customized.

JwtStrategy

getEntity(id, params)

jwtStrategy.getEntity(id, params) returns the entity instance for id, usually entityService.get(id, params). It will not be called if entity in the authentication configuration is set to null.

authenticate(data, params)

jwtStrategy.authenticate(data, params) will try to verify data.accessToken by calling the strategies authenticationService.verifyAccessToken.

Returns a promise that resolves with the following format:

{
  [entity],
  accessToken,
  authentication: {
    strategy: 'jwt',
    payload
  }
}

Note: Since the JWT strategy returns an accessToken property (the same as the token sent to this strategy), that access token will also be returned by authenticationService.create instead of creating a new one.

getEntityQuery(params)

Returns the query to use when calling entityService.get (default: {}).

parse(req, res)

Parse the HTTP request headers for JWT authentication information. Returns a promise that resolves with either null or data in the form of:

{
  strategy: '<strategy name>',
  accessToken: '<access token from HTTP header>'
}

Customization

import { Application } from '@feathersjs/feathers';
import { AuthenticationService, JWTStrategy } from '@feathersjs/authentication';
import { LocalStrategy } from '@feathersjs/authentication-local';

class MyJwtStrategy extends JWTStrategy {
}

export default (app: Application) => {
  const authService = new AuthenticationService(app);

  authService.register('jwt', new MyJwtStrategy());

  // ...
  app.use('/authentication', authService);
}