Authentication with JWT
npm install jsonwebtoken @foal/jwt
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Source: https://jwt.io/introduction/
Foal offers a package, named @foal/jwt
, to manage authentication / authorization with JSON Web Tokens. When the user logs in, a token is generated and sent to the client. Then, each subsequent request must include this JWT, allowing the user to access routes, services, and resources that are permitted with that token.
Generate & Provide a Secret
In order to use JWTs, you must provide a secret to sign your tokens. If you do not already have your own, you can generate one with the foal createsecret
command.
$ foal createsecret
Ak0WcVcGuOoFuZ4oqF1tgqbW6dIAeSacIN6h7qEyJM8=
Alternatively you can use a public/private key pair to sign your tokens. In this case, please refer to the advanced section below.
Once the secret is in hand, there are several ways to provide it to the future hooks:
- YAML
- JSON
- JS
settings:
jwt:
secret: "Ak0WcVcGuOoFuZ4oqF1tgqbW6dIAeSacIN6h7qEyJM8="
secretEncoding: base64
{
"settings": {
"jwt": {
"secret": "Ak0WcVcGuOoFuZ4oqF1tgqbW6dIAeSacIN6h7qEyJM8=",
"secretEncoding": "base64"
}
}
}
module.exports = {
settings: {
jwt: {
secret: "Ak0WcVcGuOoFuZ4oqF1tgqbW6dIAeSacIN6h7qEyJM8=",
secretEncoding: "base64"
}
}
}