JWT Session Storage

    The JWT session storage converts sessions to and from JSON Web Tokens.

    Examples

    jwtStorage(options): Storage

    Creates a that can be used in the sessions middleware.

    Note: while the “none” algorithm (i.e. no signature) is supported this dummy algorithm provides no security and allows clients to make arbitrary modifications to the payload and should not be used unless you are certain you specifically need it.

    Arguments

    • An object with the following properties:

      • algorithm: string (Default: "HS512")

        The algorithm to use for signing the token.

        Supported values:

        • (HMAC-SHA384)
        • "HS512" (HMAC-SHA512)
        • "none" (no signature)

      • ttl: number (Default: 3600)

        The maximum lifetime of the token in seconds. You may want to keep this short as a new token is generated on every request allowing clients to refresh tokens automatically.

      • verify: (Default: true)

        If set to false the signature will not be verified but still generated (unless using the “none” algorithm).

      • maxExp: number (Default: Infinity)

        Largest value that will be accepted in an incoming JWT exp (expiration) field.