Example of refreshing tokens with jwt (original) (raw)
Star (252) You must be signed in to star a gist
Fork (58) You must be signed in to fork a gist
Clone this repository at <script src="https://gist.github.com/ziluvatar/a3feb505c4c0ec37059054537b38fc48.js"></script>
Save ziluvatar/a3feb505c4c0ec37059054537b38fc48 to your computer and use it in GitHub Desktop.
Clone this repository at <script src="https://gist.github.com/ziluvatar/a3feb505c4c0ec37059054537b38fc48.js"></script>
Save ziluvatar/a3feb505c4c0ec37059054537b38fc48 to your computer and use it in GitHub Desktop.
Example of refreshing tokens with jwt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
| /** |
|---|
| * Example to refresh tokens using https://github.com/auth0/node-jsonwebtoken |
| * It was requested to be introduced at as part of the jsonwebtoken library, |
| * since we feel it does not add too much value but it will add code to mantain |
| * we won't include it. |
| * |
| * I create this gist just to help those who want to auto-refresh JWTs. |
| */ |
| const jwt = require('jsonwebtoken'); |
| function TokenGenerator (secretOrPrivateKey, secretOrPublicKey, options) { |
| this.secretOrPrivateKey = secretOrPrivateKey; |
| this.secretOrPublicKey = secretOrPublicKey; |
| this.options = options; //algorithm + keyid + noTimestamp + expiresIn + notBefore |
| } |
| TokenGenerator.prototype.sign = function(payload, signOptions) { |
| const jwtSignOptions = Object.assign({}, signOptions, this.options); |
| return jwt.sign(payload, this.secretOrPrivateKey, jwtSignOptions); |
| } |
| // refreshOptions.verify = options you would use with verify function |
| // refreshOptions.jwtid = contains the id for the new token |
| TokenGenerator.prototype.refresh = function(token, refreshOptions) { |
| const payload = jwt.verify(token, this.secretOrPublicKey, refreshOptions.verify); |
| delete payload.iat; |
| delete payload.exp; |
| delete payload.nbf; |
| delete payload.jti; //We are generating a new token, if you are using jwtid during signing, pass it in refreshOptions |
| const jwtSignOptions = Object.assign({ }, this.options, { jwtid: refreshOptions.jwtid }); |
| // The first signing converted all needed options into claims, they are already in the payload |
| return jwt.sign(payload, this.secretOrPrivateKey, jwtSignOptions); |
| } |
| module.exports = TokenGenerator; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
| /** |
|---|
| * Just few lines to test the behavior. |
| */ |
| const TokenGenerator = require('./token-generator'); |
| const jwt = require('jsonwebtoken'); |
| const tokenGenerator = new TokenGenerator('a', 'a', { algorithm: 'HS256', keyid: '1', noTimestamp: false, expiresIn: '2m', notBefore: '2s' }) |
| token = tokenGenerator.sign({ myclaim: 'something' }, { audience: 'myaud', issuer: 'myissuer', jwtid: '1', subject: 'user' }) |
| setTimeout(function () { |
| token2 = tokenGenerator.refresh(token, { verify: { audience: 'myaud', issuer: 'myissuer' }, jwtid: '2' }) |
| console.log(jwt.decode(token, { complete: true })) |
| console.log(jwt.decode(token2, { complete: true })) |
| }, 3000) |