Passport Expiration-jwt

Question

Passport Expiration-jwt

I use passport-jwt to create my tokens, but I noticed that tokens never expire, is there a way to invalidate a specific token in accordance with the set of rules set for me, for example:

'use strict';
const passport = require('passport');
const passportJWT = require('passport-jwt');
const ExtractJwt = passportJWT.ExtractJwt;
const Strategy = passportJWT.Strategy;
const jwt = require('../jwt');
const cfg = jwt.authSecret();

const params = {
    secretOrKey: cfg.jwtSecret,
    jwtFromRequest: ExtractJwt.fromAuthHeader()
};

module.exports = () => {
    const strategy = new Strategy(params, (payload, done) => {
        //TODO: Create a custom validate strategy
        done(null, payload);
    });
    passport.use(strategy);
    return {
        initialize: function() {
            return passport.initialize();
        },
        authenticate: function() {
            //TODO: Check if the token is in the expired list
            return passport.authenticate('jwt', cfg.jwtSession);
        }
    };
};

or some strategy to revoke some tokens

+6

node.js express jwt passport.js

1fabiopereira Oct 22 '16 at 2:34

source share

3 answers

JWT- 1 .

let token = jwt.sign({
    exp: Math.floor(Date.now() / 1000) + (60 * 60),
    data: JSON.stringify(user_object)
}, 'secret_key');
res.send({token : 'JWT '+token})

0

Sumit Kumar 08 . '19 5:34

, , , .

, .

/* ----------------------------- Create a new Strategy -------------------------*/
const strategy = new Strategy(params, (payload, done) => {

    const query = {
        token: jwtSimple.encode(payload, credentials.jwtSecret),
        expires: {$gt: new Date()}
    };

    TokenSchema.findOne(query, (err, result) => {
        if (err) done(err, null);
        if (!result) done(null, null);
        done(null, payload);
    });
});
passport.use(strategy);
/* -------------------------------------------------------------------------------*/

.

-2

1fabiopereira 07 . '17 11:57

Paul · Accepted Answer · 2017-02-07T12:03:50+0000

The standard for the JWT is to include expiration in the payload as "exp". If you do, the JWT passport module will respect it unless you explicitly say so. It’s easier to implement it yourself.

EDIT

Now with lots of code!

npm jsonwebtoken / , exp . :

const jwt = require('jsonwebtoken');

// in your login route
router.post('/login', (req, res) => {
  // do whatever you do to handle authentication, then issue the token:

  const token = jwt.sign(req.user, 's00perS3kritCode', { expiresIn: '30m' });
  res.send({ token });
});

JWT , , , , 30 , (, ).

Passport Expiration-jwt

More articles: