JSON Web Token (JWT)
JSON Web Token is a library for generating and verifying JSON Web Tokens.
The jsonwebtoken module is made available with the following require() statement:
const {sign, decode, verify} = require('jwt');
Exposed methods
You can use these methods from the library directly in your Function's code:
decodeto extract and return the payload and optionally the header from a token without verifying its signature or authenticity.verifyto check the validity of a given token against a secret key, ensuring it hasn’t been altered and meets expected conditions.signto create and sign a new JWT with the provided payload and secret key.
Examples
- Decode
- Verify
- Sign
const jwt = require('jsonwebtoken');
// Example token (this should be a valid JWT)
const token = 'your.jwt.token.here';
const decoded = jwt.decode(token, { complete: true });
console.log('Decoded Token:', decoded);
The decode method returns the token’s payload, and if { complete: true } is set, it returns an object containing both the payload and the header.
With { complete: true }:
Decoded Token: {
header: { alg: 'HS256', typ: 'JWT' },
payload: { userId: '123456', username: 'johndoe', iat: 1616239022, exp: 1616242622 },
signature: 'h04J3jUOeGXRHgZzg28pzF5omFxCeK2FlhEXbPZnQ'
}
Without { complete: true }:
Decoded Token: { userId: '123456', username: 'johndoe', iat: 1616239022, exp: 1616242622 }
const jwt = require('jsonwebtoken');
const secretKey = 'your-256-bit-secret';
// Example token (ensure you replace this with a valid token signed with the `secretKey`)
const token = 'your.jwt.token.here';
try {
const decoded = jwt.verify(token, secretKey);
console.log('Decoded Payload:', decoded);
} catch (err) {
console.error('Token verification failed:', err.message);
}
If the token is successfully verified, the verify method returns the decoded payload (or the full token data if complete: true is specified). If verification fails (due to tampering, expiration, or using the wrong key), it throws an error.
If successful:
Decoded Payload: { userId: '123456', username: 'johndoe', iat: 1616239022, exp: 1616242622 }
If verification fails:
Token verification failed: jwt expired
The error message will vary depending on the reason for failure, such as expiration or invalid signature.
const jwt = require('jsonwebtoken');
const payload = {
userId: '123456',
username: 'johndoe'
};
const secretKey = 'your-256-bit-secret';
const token = jwt.sign(payload, secretKey, { expiresIn: '1h' });
console.log('Generated Token:', token);
The sign method returns a JWT as a string. This token can be used in your application for authentication and authorization purposes.
Generated Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjM0NTYiLCJ1c2VybmFtZSI6ImpvaG5kb2UiLCJpYXQiOjE2MTYyMzkwMjIsImV4cCI6MTYxNjI0MjYyMn0.g8h04J3jUOeGXRHgZzg28pzF5omFxCeK2FlhEXbPZnQ
The actual token value will differ each time you generate it due to the timestamp and signature.
Functions support
Functions provides a rich set of tools, and this documentation does not cover all of the potential situations you may encounter. If you need help with a situation not covered by the documentation, please contact PubNub Support