jwt

1. JWT Verification with Express.js

const express = require('express');
const jwt = require('jsonwebtoken');

const app = express();
app.use(express.json());

app.post('/authenticate', (req, res) => {
  const token = jwt.sign({ id: 'admin' }, 'mySecretKey');
  res.json({ token });
});

app.get('/protected', (req, res) => {
  const token = req.headers['authorization'];
  jwt.verify(token, 'mySecretKey', (err, decoded) => {
    if (err) {
      res.status(401).send('Unauthorized');
    } else {
      res.send(`Welcome back, ${decoded.id}!`);
    }
  });
});

app.listen(3000);

2. JWT Issuance and Validation in Node.js

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id', role: 'admin' };
const token = jwt.sign(payload, secret);

const decoded = jwt.verify(token, secret);
console.log(decoded); // { id: 'user_id', role: 'admin' }

3. JWT Authentication in a REST API

const express = require('express');
const jwt = require('jsonwebtoken');

const app = express();
app.use(express.json());

const secretKey = 'mySecretKey';

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  // Authenticate the user (e.g., check credentials against a database)
  const token = jwt.sign({ username }, secretKey);
  res.json({ token });
});

app.get('/protected', (req, res) => {
  const token = req.headers['authorization'];
  jwt.verify(token, secretKey, (err, decoded) => {
    if (err) {
      res.status(401).send('Unauthorized');
    } else {
      res.send(`Welcome back, ${decoded.username}!`);
    }
  });
});

app.listen(3000);

4. JWT for Role-Based Authorization

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id', role: 'admin' };
const token = jwt.sign(payload, secret);

// In a protected route:
const decoded = jwt.verify(token, secret);
if (decoded.role !== 'admin') {
  // Unauthorized
}

5. JWT for Single Sign-On (SSO)

const jwt = require('jsonwebtoken');
const secretKey = 'mySecretKey';

// On the server side:
const payload = { id: 'user_id' };
const token = jwt.sign(payload, secretKey);

// On the client side:
window.localStorage.setItem('token', token);

// On every request to a protected route:
const token = window.localStorage.getItem('token');
const requestHeaders = {
  ...headers,
  Authorization: `Bearer ${token}`,
};

6. JWT with HMAC Algorithm

const jwt = require('jsonwebtoken');
const secret = Buffer.from('mySecretKey');

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { algorithm: 'HS256' });

7. JWT with RSA Algorithm

const jwt = require('jsonwebtoken');
const fs = require('fs');

const privateKey = fs.readFileSync('private.key');
const publicKey = fs.readFileSync('public.key');

const payload = { id: 'user_id' };
const token = jwt.sign(payload, privateKey, { algorithm: 'RS256' });

8. JWT with Expiry Time

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { expiresIn: '1h' });

9. JWT with Not Before Time

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { notBefore: '10m' });

10. JWT with Audience

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { audience: 'myAudience' });

11. JWT with Issuer

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { issuer: 'myIssuer' });

12. JWT with Subject

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { subject: 'mySubject' });

13. JWT with JWT ID

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { jti: 'myJWTID' });

14. JWT with Headers

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { header: { alg: 'HS256', typ: 'JWT' } });

15. JWT with Claims

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id', customClaim: 'myCustomClaim' };
const token = jwt.sign(payload, secret);

16. JWT with Custom Options

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { noTimestamp: true, expiresIn: 0 });

17. JWT with Multiple Signatures

const jwt = require('jsonwebtoken');
const secretKey1 = 'mySecretKey1';
const secretKey2 = 'mySecretKey2';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secretKey1, { algorithm: 'HS256' });
const token2 = jwt.sign(payload, secretKey2, { algorithm: 'HS256' });

18. JWT with Refresh Tokens

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id', refresh: true };
const token = jwt.sign(payload, secret);

19. JWT with Token Expiration

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { expiresIn: 300 });

20. JWT with Token Revocation

const jwt = require('jsonwebtoken');
const secret = 'mySecret';
const revokedTokens = [];

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret);
revokedTokens.push(token);

21. JWT with Token Blacklist

const jwt = require('jsonwebtoken');
const secret = 'mySecret';
const blacklist = [];

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret);
blacklist.push(token);

22. JWT with Token Introspection

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret);

jwt.verify(token, secret, (err, decoded) => {
  if (!err) {
    // Token is valid and has not expired
  } else {
    // Token is invalid or expired
  }
});

23. JWT with Token Whitelist

const jwt = require('jsonwebtoken');
const secret = 'mySecret';
const whitelist = [];

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret);
whitelist.push(token);

24. JWT with Token Renewal

const jwt = require('jsonwebtoken');
const secret = 'mySecret';

const payload = { id: 'user_id' };
const token = jwt.sign(payload, secret, { expiresIn: 300 });

setTimeout(() => {
  // Renew the token
  const newToken = jwt.sign(payload, secret, { expiresIn: 300 });
}, 250);

25. JWT with Token Rotation

const jwt = require('jsonwebtoken');
const secret = 'mySecret';
const privateKey = fs.readFileSync('private.key');
const publicKey = fs.readFileSync('public.key');

// Rotate the secret key periodically
setInterval(() => {
  const newSecret = generateNewSecretKey();
  // Sign the tokens with the new secret key
  const newTokens = jwt.signAll(payloads, newSecret, { algorithm: 'HS256' });
}, 3600);

Previousjoi Nextmocha chai