Simple middleware/utilities to verify SigAuth-issued JWTs in Node.js environments.
- Framework-agnostic verifier (
verifyRequest,withSigAuth) - Express middleware (
sigAuthExpress)
Add as a dependency to your app once published:
pnpm add @sigauth/libraryFor local development of this package, see the Testing locally section.
import express from 'express';
import { sigAuthExpress } from '@sigauth/library';
const app = express();
app.use(
sigAuthExpress({
issuer: process.env.SIGAUTH_ISSUER!,
audience: process.env.SIGAUTH_AUDIENCE,
})
);
app.get('/protected', (req, res) => {
res.json({ user: req.user });
});import http from 'http';
import { withSigAuth } from '@sigauth/library';
const handler = withSigAuth(
(req, res) => {
res.writeHead(200, { 'content-type': 'application/json' });
res.end(JSON.stringify({ user: (req as any).user }));
},
{
issuer: process.env.SIGAUTH_ISSUER!,
audience: process.env.SIGAUTH_AUDIENCE,
}
);
http.createServer(handler).listen(3000);- issuer: string (required)
- audience: string | string[] (optional)
- jwksUri: string (optional, defaults to
${issuer}/.well-known/jwks.json) - tokenHeader: string (default: "Authorization")
- tokenCookie: string (default: "sigauth_token")
- algorithms: string[] (optional)
- leewaySeconds: number (default: 5)
- getToken(req): custom extractor
Without publishing, you can:
- Build this package:
pnpm build- Use
pnpm link --globalhere andpnpm link --global @sigauth/libraryin a sample app; or - Use
pnpm packto produce a tarball and install it in a sample app:pnpm add file:./dist.tar.gz - Alternatively, run the included examples directly:
# Express example
pnpm exec ts-node examples/express-app.ts
# Node http example
pnpm exec ts-node examples/node-server.tsSet environment variables before running:
$env:SIGAUTH_ISSUER = "https://auth.example.com"
$env:SIGAUTH_AUDIENCE = "my-api"MIT