@graphql-yoga/plugin-jwt

Version:

jwt plugin for GraphQL Yoga.

52 lines (51 loc) • 2.03 kB

text/typescript

import { Plugin } from 'graphql-yoga'; import { Algorithm } from 'jsonwebtoken'; export type JwtPluginOptions = JwtPluginOptionsWithJWKS | JwtPluginOptionsWithSigningKey; export interface JwtPluginOptionsBase { /** * List of the algorithms used to verify the token * * Default: ["RS256"] (Allowed values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512, none) */ algorithms?: Algorithm[]; /** * The audience is the identifier of the API and is forwarded to your Auth API in order to specify for which API we are trying to authenticate our user for. E.g. if our API is hosted on `http://localhost:3000/graphql`, we would pass that value. */ audience?: string; /** * For example: `https://myapp.auth0.com/` */ issuer: string; /** * Once a user got successfully authenticated the authentication information is added on the context object under this field. In our resolvers we can then access the authentication information via `context._jwt.sub`. */ extendContextField?: string; /** * Function to extract the token from the request object * * Default: Extracts the token from the Authorization header with the format `Bearer <token>` */ getToken?: (params: { request: Request; serverContext: object | undefined; url: URL; }) => Promise<string | undefined> | string | undefined; } export interface JwtPluginOptionsWithJWKS extends JwtPluginOptionsBase { /** * The endpoint to fetch keys from. * * For example: https://example.com/.well-known/jwks.json */ jwksUri: string; signingKey?: never; } export interface JwtPluginOptionsWithSigningKey extends JwtPluginOptionsBase { /** * Signing key to be used to verify the token * You can also use the jwks option to fetch the key from a JWKS endpoint */ signingKey: string; jwksUri?: never; } export declare function useJWT(options: JwtPluginOptions): Plugin;