@antelopejs/auth-jwt

A flexible authentication and authorization module that implements the Auth interface of antelopejs with JWT.

For detailed documentation on the Auth interface, please refer to the docs.

Installation

ajs project modules add @antelopejs/auth-jwt

Configuration

The Auth module can be configured with the following options:

{
  "secret": "your-secret-key",
  "signKey": "path-to-private-key-file",
  "verifyKey": "path-to-public-key-file",
  "signOptions": {
    "expiresIn": "1h",
    "algorithm": "RS256"
  },
  "verifyOptions": {
    "ignoreExpiration": false,
    "algorithms": ["RS256"]
  }
}

The configuration options include:

• secret: A shared secret key used for both signing and verification (symmetric)
• signKey: Path to a private key file (for asymmetric signing)
• verifyKey: Path to a public key file (for asymmetric verification)
• signOptions: Options for token signing (follows jsonwebtoken's SignOptions)
• verifyOptions: Options for token verification (follows jsonwebtoken's VerifyOptions)

Note: Either secret or both signKey and verifyKey must be provided.

Usage with API Controllers

As this module interfaces auth decorator with the interface API provider system, it can be used with API controllers.

Authentication decorators can be used with any parameter in API controller methods. They can be combined with other parameters and decorators:

import { Controller, Get } from '@ajs/api/beta';
import { Authentication, AdminAuth } from '@ajs/auth/beta';

class UsersController extends Controller('/users') {
  // Accessible to all authenticated users
  @Get()
  async listUsers(@Authentication() user: any) {
    // List users
    return { users: [] };
  }
}

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.