new $k.JWT(user, expiry, claims)
Creates a new token
Name | Type | Description |
---|---|---|
user |
$k.User | |
expiry |
object |
optional
Either a number (expiry in minutes since the current date), or a date. Default is 24 hours |
claims |
object | optional |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0 Generate and verify JSON web tokens for REST requests
Methods
static$k.JWT.createKeys(overwrite)
Creates persistent keys for signing
Name | Type | Description |
---|---|---|
overwrite |
boolean |
optional
True (default) if existing keys should be overwritten, false if keys should only be generated if there are no keys yet. |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
Type | Description |
---|---|
$k.exception.AccessDenied | If generating keys is not allowed |
static$k.JWT.parse(encodedToken) : JSONWebToken
Parses an encoded token. Does not check its validity.
Name | Type | Description |
---|---|---|
encodedToken |
string |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
Type | Description |
---|---|
$k.exception.InvalidValue | If the string is not a valid token |
Returns:
Type | Description |
---|---|
JSONWebToken | Token |
static$k.JWT.verify(token, expectedClaims, key)
Verifies the token. Shortcut for $k.JWT.parse(token).verify(key, claims)
Name | Type | Description |
---|---|---|
token |
string |
Token to verify |
expectedClaims |
object |
optional
Expected claims. |
key |
string |
optional
keyComment |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
Type | Description |
---|---|
$k.exception.AccessDenied | If the token could not be verified |
addClaims(claims)
Adds additional claims. Overwrites claims with the same name
Name | Type | Description |
---|---|---|
claims |
object |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
payload() : object
Returns the payload object
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
Type | Description |
---|---|
$k.exception.InvalidValue | If the payload is not valid JSON |
Returns:
Type | Description |
---|---|
object |
setExpiry(expiry)
Set the expiry claim of the token
Name | Type | Description |
---|---|---|
expiry |
object |
Either a number (expiry in seconds since the current date), or a date |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
setRenew(duration)
Sends an updated token in the response if the request was sent before expiry. The expiry of the new token will be currentDate + duration
. If the renewed expiry is less than the current expiry of the token, then no updated token will be sent.
If the original token has no expiry, setting this option will have no effect.
Name | Type | Description |
---|---|---|
duration |
object |
Duration in seconds |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
setUser(user)
Set the user as the subject of the token
Name | Type | Description |
---|---|---|
user |
$k.User |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
sign() : String
Signs the token.
This method does not check the authentication of the user. This allows custom authentication mechanisms.
Use $k.User.getAuthenticatedUser() for built-in username/password checking.
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
- See:
-
- $k.User#getAuthenticatedUser
Returns:
Type | Description |
---|---|
String | Signed, encoded token ( |
verify(expectedClaims, key)
Verifies the token.
Name | Type | Description |
---|---|---|
expectedClaims |
object |
optional
Expected claims. |
key |
string |
optional
Signing key. If not provided, a volume specific persistent key is used. |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
Type | Description |
---|---|
$k.exception.AccessDenied | If the token could not be verified |