Validate a JWTs scope to authorize access to an endpoint.
$ npm install express-jwt-authz
Use together with express-jwt to both validate a JWT and make sure it has the correct permissions to call an endpoint.
var jwt = require('express-jwt');
var jwtAuthz = require('express-jwt-authz');
app.get('/users',
jwt({ secret: 'shared_secret' }),
jwtAuthz([ 'read:users' ]),
function(req, res) { ... });The JWT must have a scope claim and it must be a string that specifies permissions separated by spaces. For example:
"write:users read:users"
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.