new $k.JWT(user, expiry, claims)
Creates a new token
| Name | Type | Description |
|---|---|---|
user |
$k.User | |
expiry |
object |
optional
Either a number (expiry in seconds since the current date), or a date. Default is 24 hours |
claims |
object | optional |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0 Generate and verify JSON web tokens for REST requests
Methods
static$k.JWT.createKeys(overwrite)
Creates persistent keys for signing
| Name | Type | Description |
|---|---|---|
overwrite |
boolean |
optional
True (default) if existing keys should be overwritten, false if keys should only be generated if there are no keys yet. |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
| Type | Description |
|---|---|
| $k.exception.AccessDenied | If generating keys is not allowed |
static$k.JWT.parse(encodedToken) : JSONWebToken
Parses an encoded token. Does not check its validity.
| Name | Type | Description |
|---|---|---|
encodedToken |
string |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
| Type | Description |
|---|---|
| $k.exception.InvalidValue | If the string is not a valid token |
Returns:
| Type | Description |
|---|---|
| JSONWebToken | Token |
static$k.JWT.verify(token, expectedClaims, key)
Verifies the token. Shortcut for $k.JWT.parse(token).verify(key, claims)
| Name | Type | Description |
|---|---|---|
token |
string |
Token to verify |
expectedClaims |
object |
optional
Expected claims. |
key |
string |
optional
Base64url encoded key. If not provided, a volume specific persistent key is used. |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
| Type | Description |
|---|---|
| $k.exception.AccessDenied | If the token could not be verified |
addClaims(claims)
Adds additional claims. Overwrites claims with the same name
| Name | Type | Description |
|---|---|---|
claims |
object |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
payload() : object
Returns the payload object
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
| Type | Description |
|---|---|
| $k.exception.InvalidValue | If the payload is not valid JSON |
Returns:
| Type | Description |
|---|---|
| object |
setExpiry(expiry)
Set the expiry claim of the token
| Name | Type | Description |
|---|---|---|
expiry |
object |
Either a number (expiry in seconds since the current date), or a date |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
setRenew(duration)
Set the renew claim of the token
| Name | Type | Description |
|---|---|---|
duration |
object |
Duration in seconds |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
setUser(user)
Set the user as the subject of the token
| Name | Type | Description |
|---|---|---|
user |
$k.User |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
sign() : string
Signs the token.
This method does not check the authentication of the user. This allows custom authentication mechanisms.
Use $k.User.getAuthenticatedUser() for built-in username/password checking.
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
- See:
-
- $k.User#getAuthenticatedUser
Returns:
| Type | Description |
|---|---|
| string | Signed, encoded token ( |
verify(expectedClaims, key)
Verifies the token.
| Name | Type | Description |
|---|---|---|
expectedClaims |
object |
optional
Expected claims. |
key |
string |
optional
Signing key. If not provided, a volume specific persistent key is used. |
- Version:
- Experimental feature, might be removed at any time
- Since:
- 5.1.0
Throws:
| Type | Description |
|---|---|
| $k.exception.AccessDenied | If the token could not be verified |