JWT Session Storage

const jwtStorage = require('@arangodb/foxx/sessions/storages/jwt');

The JWT session storage converts sessions to and fromJSON Web Tokens.

Examples

  1. // Pass in a secure secret from the Foxx configuration
  2. const secret = module.context.configuration.jwtSecret;
  3. const sessions = sessionsMiddleware({
  4. storage: jwtStorage(secret),
  5. transport: 'header'
  6. });
  7. module.context.use(sessions);

Creating a storage

jwtStorage(options): Storage

Creates a Storage that can be used in the sessions middleware.

Note: while the “none” algorithm (i.e. no signature) is supported thisdummy algorithm provides no security and allows clients to make arbitrarymodifications to the payload and should not be used unless you are certainyou specifically need it.

Arguments

  • options: Object

An object with the following properties:

  • algorithm: string (Default: "HS512")

The algorithm to use for signing the token.

Supported values:

  1. - <code>&#34;HS256&#34;</code> (HMAC-SHA256)
  2. - <code>&#34;HS384&#34;</code> (HMAC-SHA384)
  3. - <code>&#34;HS512&#34;</code> (HMAC-SHA512)
  4. - <code>&#34;none&#34;</code> (no signature)
  • secret: string

The secret to use for signing the token.

This field is forbidden when using the “none” algorithm but required otherwise.

  • ttl: number (Default: 3600)

The maximum lifetime of the token in seconds. You may want to keep thisshort as a new token is generated on every request allowing clients torefresh tokens automatically.

  • verify: boolean (Default: true)

If set to false the signature will not be verified but still generated(unless using the “none” algorithm).

  • maxExp: number (Default: Infinity)

Largest value that will be accepted in an incoming JWT exp (expiration) field.

If a string is passed instead of an options object it will be interpretedas the secret option.