UNPKG

@fastify/jwt

Version:

JWT utils for Fastify

github.com/fastify/fastify-jwt

fastify/fastify-jwt

119 lines (91 loc) 3.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# Certificates generation ## RSA Signatures - Certificates (without passphrase) Certificates `private.key` and `public.key` are generated with http://travistidwell.com/jsencrypt/demo/ or with the following command ```sh openssl genrsa -out private.key 2048 openssl rsa -in private.key -out public.key -outform PEM -pubout ``` Code example ```js const { readFileSync } = require('node:fs') const fastify = require('fastify')() const jwt = require('@fastify/jwt') fastify.register(jwt, { secret: { private: readFileSync('path/to/private.key', 'utf8'), public: readFileSync('path/to/public.key', 'utf8') }, sign: { algorithm: 'RS256' } }) ``` ## RSA Signatures - Certificates (with passphrase) Certificates `private.pem` and `public.pem` are generated with the following command lines ```sh # generate a 2048-bit RSA key pair, and encrypts them with a passphrase # the passphrase I choose for the demo files is: super secret passphrase openssl genrsa -des3 -out private.pem 2048 # export the RSA public key to a file openssl rsa -in private.pem -outform PEM -pubout -out public.pem ``` Code example ```js const { readFileSync } = require('node:fs') const fastify = require('fastify')() const jwt = require('@fastify/jwt') fastify.register(jwt, { secret: { private: { key: readFileSync('path/to/private.pem', 'utf8'), passphrase: 'super secret passphrase' }, public: readFileSync('path/to/public.pem', 'utf8') }, sign: { algorithm: 'RS256' } }) ``` ## ECDSA Signatures - Certificates (without passphrase) Certificates `privateECDSA.key` and `publicECDSA.key` are generated with the following command lines ```sh # generate a P-256 curve ECDSA key pair openssl ecparam -genkey -name prime256v1 -out privateECDSA.key # export the ECDSA public key to a file openssl ec -in privateECDSA.key -pubout -out publicECDSA.key ``` Code example ```js const { readFileSync } = require('node:fs') const fastify = require('fastify')() const jwt = require('@fastify/jwt') fastify.register(jwt, { secret: { private: readFileSync('path/to/privateECDSA.key', 'utf8'), public: readFileSync('path/to/publicECDSA.key', 'utf8') }, sign: { algorithm: 'ES256' } }) ``` ## ECDSA Signatures - Certificates (with passphrase) Certificates `privateECDSA.pem` and `publicECDSA.pem` are generated with the following command lines ```sh # generate a P-256 curve ECDSA key pair, and encrypts them with a passphrase # the passphrase I choose for the demo files is: super secret passphrase openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out privateECDSA.pem # export the ECDSA public key to a file openssl ec -in privateECDSA.pem -pubout -out publicECDSA.pem ``` Code example ```js const { readFileSync } = require('node:fs') const fastify = require('fastify')() const jwt = require('@fastify/jwt') fastify.register(jwt, { secret: { private: { key: readFileSync('path/to/publicECDSA.pem', 'utf8'), passphrase: 'super secret passphrase' }, public: readFileSync('path/to/publicECDSA.pem', 'utf8') }, sign: { algorithm: 'ES256' } }) ```