npm version Changelog

npm install @feathersjs/authentication --save

The JWTStrategy is an authentication strategy included in @feathersjs/authentication for authenticating JSON web token service methods calls and HTTP requests, e.g.

  "strategy": "jwt",
  "accessToken": "<your JWT>"

# Options

  • header (default: 'Authorization'): The HTTP header containing the JWT
  • schemes (default: [ 'Bearer', 'JWT' ]): An array of schemes to support

The default settings support passing the JWT through the following HTTP headers:

Authorization: <your JWT>
Authorization: Bearer <your JWT>
Authorization: JWT <your JWT>

Standard JWT authentication can be configured with those options in config/default.json like this:

  "authentication": {
    "jwt": {}

Note: Since the default options are what most clients expect for JWT authentication they usually don't need to be customized.

# JwtStrategy

# getEntity(id, params)

jwtStrategy.getEntity(id, params) returns the entity instance for id, usually entityService.get(id, params). It will not be called if entity in the authentication configuration is set to null.

# authenticate(data, params)

jwtStrategy.authenticate(data, params) will try to verify data.accessToken by calling the strategies authenticationService.verifyAccessToken.

Returns a promise that resolves with the following format:

  authentication: {
    strategy: 'jwt',

Note: Since the JWT strategy returns an accessToken property (the same as the token sent to this strategy), that access token will also be returned by authenticationService.create instead of creating a new one.

# getEntityQuery(params)

Returns the query to use when calling entityService.get (default: {}).

# parse(req, res)

Parse the HTTP request headers for JWT authentication information. Returns a promise that resolves with either null or data in the form of:

  strategy: '<strategy name>',
  accessToken: '<access token from HTTP header>'

# Customization