Class: JWT | JavaScript API

Class: JWT

$k. JWT

new $k.JWT(user, expiry, claims)

Creates a new token

Name	Type	Description
`user`	$k.User
`expiry`	object	optional Either a number (expiry in minutes since the current date), or a date. Default is 24 hours
`claims`	object	optional

Version:

Experimental feature, might be removed at any time

Since:

5.0.1 Generate and verify JSON web tokens for REST requests

Methods

static$k.JWT.createKeys(overwrite)

Creates persistent keys for signing

Name	Type	Description
`overwrite`	boolean	optional True (default) if existing keys should be overwritten, false if keys should only be generated if there are no keys yet.

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

Throws:

Type	Description
$k.exception.AccessDenied	If generating keys is not allowed

static$k.JWT.parse(encodedToken) : JSONWebToken

Parses an encoded token. Does not check its validity.

Name	Type	Description
`encodedToken`	string

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

Throws:

Type	Description
$k.exception.InvalidValue	If the string is not a valid token

Returns:

Type	Description
JSONWebToken	Token

static$k.JWT.verify(token, expectedClaims, key)

Verifies the token. Shortcut for $k.JWT.parse(token).verify(key, claims)

Name	Type	Description
`token`	string	Token to verify
`expectedClaims`	object	optional Expected claims.
`key`	string	optional keyComment

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

Throws:

Type	Description
$k.exception.AccessDenied	If the token could not be verified

addClaims(claims)

Adds additional claims. Overwrites claims with the same name

Name	Type	Description
`claims`	object

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

payload() : object

Returns the payload object

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

Throws:

Type	Description
$k.exception.InvalidValue	If the payload is not valid JSON

Returns:

Type	Description
object

setExpiry(expiry)

Set the expiry claim of the token

Name	Type	Description
`expiry`	object	Either a number (expiry in seconds since the current date), or a date

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

setRenew(duration)

Sends an updated token in the response if the request was sent before expiry. The expiry of the new token will be max(currentDate + duration, expiry).

The allow renew option in the authentication configuration must be activated. Otherwise this setting will have no effect.

If the original token has no expiry, setting this option will have no effect.

Name	Type	Description
`duration`	object	Duration in seconds

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

setUser(user)

Set the user as the subject of the token

Name	Type	Description
`user`	$k.User

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

sign() : String

Signs the token.

This method does not check the authentication of the user. This allows custom authentication mechanisms.
Use $k.User.getAuthenticatedUser() for built-in username/password checking.

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

See:

$k.User#getAuthenticatedUser

Returns:

Type	Description
String	Signed, encoded token ( ..)

verify(expectedClaims, key)

Verifies the token.

Name	Type	Description
`expectedClaims`	object	optional Expected claims.
`key`	string	optional Signing key. If not provided, a volume specific persistent key is used.

Version:

Experimental feature, might be removed at any time

Since:

5.0.1

Throws:

Type	Description
$k.exception.AccessDenied	If the token could not be verified