Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

express-jwt vs. jsonwebtoken

Tags:

authentication

express

jwt

express-jwt

I have a feeling this is going to be a quick answer, but I can't seem to find any great definitive answers on the web - what is the difference between the jsonwebtoken npm package and the express-jwt npm package? I think express-jwt is written on top of jsonwebtoken and simply verifies incoming tokens and sets req.user to the user payload on the JWT.

Is that correct? Sorry if this is a total noob question... I just started learning authentication and node/express, so it's all pretty new to me.

like image 793
bobbyz Avatar asked Dec 08 '15 20:12

bobbyz

People also ask

Is there something better than JWT?

PASETO, or Platform Agnostic Security Token is one of the most successful designs that is being widely accepted by the community as the best-secured alternative to JWT.

What does express JWT do?

JSON Web Tokens (JWT) were created to enable a procedure of communicating between two groups authentically to prevent security threats. JWTs are widely used for the purpose of authentication. For instance, while signing in, a token will be generated by the server to be reserved for the client.

Is JSON Web Token secure?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Which JWT algorithm is best?

The option with the best security and performance is EdDSA, though ES256 (The Elliptic Curve Digital Signature Algorithm (ECDSA) using P-256 and SHA-256) is also a good choice. The most widely used option, supported by most technology stacks, is RS256 (RSASSA-PKCS1-v1_5 using SHA-256).

1 Answers

Coming back to this many months later. In case it's helpful to anyone, express-jwt is built on top of the jsonwebtoken package and does a bunch of additional cool things. You still use jsonwebtoken to sign and verify your JWTs, but express-jwt helps you protect routes, checks JWTs against a secret, and creates a req.user from the payload of the token if it can verify it.

tl;dr: express-jwt uses jsonwebtoken in its own code and adds additional neatness.

like image 187
bobbyz Avatar answered Oct 02 '22 10:10

bobbyz
Sign in to Comment

Related questions

How to create a authentication token using Java
Uploadify (Session and authentication) with ASP.NET MVC
How to use Github Personal Access Token in Jenkins
How do I use FIDO U2F to allow users to authenticate with my website?
HTTP basic auth for Capybara
How to connect to remote Oracle DB with PL/SQL Developer?
asp.net cookies, authentication and session timeouts
Profile model for Devise users?
Authentication with 2 different tables
Having trouble with user.is_authenticated in django template
Is 5-digit PIN better than most passwords?
How do i get the web browser password store to remember R/Shiny passwords?
AuthToken from AccountManager in Android Client No Longer Working
ASP.NET Core 2.0 combining Cookies and Bearer Authorization for the same endpoint
How to check for unrestricted Internet access? (captive portal detection)
NTLM proxy without password?
Django -- User.DoesNotExist does not exist?
Authenticating user using LDAP from PHP
OAuth or JWT? Which one to use and why?
How to get the active authenticated gcloud account?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!