authkit-js/utils/jwt.js

Express auth toolkit (JWT, Sessions with Redis, Google/GitHub OAuth) in JavaScript

const jwt = require('jsonwebtoken');


function issueTokens(user, secret, opts = {}) {
const {
issuer, audience,
accessTokenTtlSec = 15 * 60,
refreshTokenTtlSec = 7 * 24 * 60 * 60,
algorithm = 'HS256',
} = opts;


const base = {};
if (issuer) base.iss = issuer;
if (audience) base.aud = audience;


const accessToken = jwt.sign(base, secret, {
algorithm,
expiresIn: accessTokenTtlSec,
subject: String(user.id),
});


const refreshToken = jwt.sign({ ...base, type: 'refresh' }, secret, {
algorithm,
expiresIn: refreshTokenTtlSec,
subject: String(user.id),
});
return { accessToken, refreshToken };
}


function verifyToken(token, secret, opts = {}) {
const { issuer, audience, algorithm = 'HS256' } = opts;
return jwt.verify(token, secret, { algorithms: [algorithm], issuer, audience });
}


module.exports = { issueTokens, verifyToken };