loopback-jwt is a node express middleware plugin to map Json Web tokens and Loopback users.
// load loopback-jwt module
var auth = require('loopback-jwt')(app,{
secretKey: '<secret>',
model: '<model>'
});
// apply to a path
app.use('/<path>',auth.authenticated,function(req,res,next) {
debug("has valid token",req.user);
next();
});
// catch error
app.use(function (err, req, res, next) {
if (err.name === 'UnauthorizedError') {
res.status(401).send('invalid token, or no token supplied');
} else {
res.status(401).send(err);
}
});loopback-jwt is a simple middleware to map jwt with loopback. It is assumed that a jwt has been passed in the request
$ npm install loopback-jwt --savevar auth = require('loopback-jwt')(app,{options});
options allows any options that are permitted to be passed to the loopback-jwt middleware
options:
secretKeythe key need to verify the jwt (required)modelthe loopback model used for User maintenance (defaults to 'User')identifierthe jwt claim to identify the user (defaults to 'email')passwordthe default password to use when creating loopback users (defaults to uuid.v4())
the authenticated method of loopback-jwt is added to any path that you wish to protect. If the client has not supplied a valid, signed jwt then an error will be raised
// apply to a path
app.use('/<path>',auth.authenticated,function(req,res,next) {
debug("has valid token",req.user);
next();
});
// catch error
app.use(function (err, req, res, next) {
if (err.name === 'UnauthorizedError') {
res.status(401).send('invalid token, or no token supplied');
} else {
res.status(401).send(err);
}
});Register a beforeCreate callback in options and modify/enrich the passed in user object with profile data contained in the jwt token:
var auth = require('loopback-jwt')(app,{
secretKey: '<secret>',
model: '<model>',
beforeCreate: function(newUser, data) {
newUser.name = data.name;
}
});