Constructor#
new $k.JWT(useropt, expiryopt, claimsopt)#
Creates a new token
Name | Type | Attributes | Description |
---|---|---|---|
user | $k. | <optional> | |
expiry | number | | <optional> | Either a number (expiry in seconds since the current date), or a date. Default is 24 hours |
claims | object | <optional> |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
Methods#
(static) createKeys(overwriteopt)#
Creates persistent keys for signing
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
overwrite | boolean | <optional> | true | True (default) if existing keys should be overwritten, false if keys should only be generated if there are no keys yet. |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
If generating keys is not allowed
(static) parse(encodedToken) → {$k.JWT}#
Parses an encoded token. Does not check its validity.
Name | Type | Description |
---|---|---|
encodedToken | string |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
If the string is not a valid token
Token
- Type:
- $k.
JWT
(static) verify(token, expectedClaimsopt, keyopt)#
Verifies the token. Shortcut for $k.JWT.parse(token).verify(claims, key)
Name | Type | Attributes | Description |
---|---|---|---|
token | string | Token to verify | |
expectedClaims | object | <optional> | Expected claims. |
key | string | <optional> | Encoded key. If not provided, a volume specific persistent key is used. Available since 5.2.2.. Expected formats:
|
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
- Deprecated
- Use $k.JWT.parse(token).verify(claims, key)
If the token could not be verified
addClaims(claims)#
Adds additional claims. Overwrites claims with the same name
Name | Type | Description |
---|---|---|
claims | object |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
payload() → {object}#
Returns the payload object
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
If the payload is not valid JSON
- Type:
- object
setExpiry(expiry)#
Set the expiry claim of the token
Name | Type | Description |
---|---|---|
expiry | number | | Either a number (expiry in seconds since the current date), or a date |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
setPayload()#
Sets the payload object
- Version
- Experimental feature, might be removed at any time
- Since
- 5.2.2
setRenew(duration)#
Set the renew claim of the token
Name | Type | Description |
---|---|---|
duration | number | Duration in seconds |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
- Deprecated
- Do not use any more. This custom claim is not used.
setSubject(subject)#
Set the subject claim of the token
Name | Type | Description |
---|---|---|
subject | string | Subject |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
setUser(user)#
Set the ID of the user as the subject of the token. Do not use if a REST service expects a different subject value (e.g. E-Mail).
Name | Type | Description |
---|---|---|
user | $k. |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
sign(keyopt, algorithmopt) → {string}#
Signs the token.
This method does not check the authentication of the user. This allows custom authentication mechanisms. Use $k.User.getAuthenticatedUser() for built-in username/password checking.
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
key | string | <optional> | Encoded key. If not provided, a volume specific persistent key is used. Available since 5.2.2.. Expected formats:
| |
algorithm | string | <optional> | 'HS256' | Algorithm to use. Default is HS256. Available since 5.2.2. |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
- See
- $k.User#getAuthenticatedUser
Signed, encoded token (<header>.<payload>.<signature>)
- Type:
- string
verify(expectedClaimsopt, keyopt, algorithmopt)#
Verifies the token.
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
expectedClaims | object | <optional> | Expected claims. If undefined then only expiry will be checked. | |
key | string | <optional> | Encoded key. If not provided, a volume specific persistent key is used. Available since 5.2.2.. Expected formats:
| |
algorithm | string | <optional> | 'HS256' | Algorithm to use. Default is HS256. Available since 5.2.2. |
- Version
- Experimental feature, might be removed at any time
- Since
- 5.1.0
If the token could not be verified (e.g. invalid token or unsupported algorithm)