I have a feeling this is going to be a quick answer, but I can't seem to find any great definitive answers on the web - what is the difference between the jsonwebtoken npm package and the express-jwt npm package? I think express-jwt is written on top of jsonwebtoken and simply verifies incoming tokens and sets req.user
to the user payload on the JWT.
Is that correct? Sorry if this is a total noob question... I just started learning authentication and node/express, so it's all pretty new to me.
PASETO, or Platform Agnostic Security Token is one of the most successful designs that is being widely accepted by the community as the best-secured alternative to JWT.
JSON Web Tokens (JWT) were created to enable a procedure of communicating between two groups authentically to prevent security threats. JWTs are widely used for the purpose of authentication. For instance, while signing in, a token will be generated by the server to be reserved for the client.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
The option with the best security and performance is EdDSA, though ES256 (The Elliptic Curve Digital Signature Algorithm (ECDSA) using P-256 and SHA-256) is also a good choice. The most widely used option, supported by most technology stacks, is RS256 (RSASSA-PKCS1-v1_5 using SHA-256).
Coming back to this many months later. In case it's helpful to anyone, express-jwt
is built on top of the jsonwebtoken
package and does a bunch of additional cool things. You still use jsonwebtoken
to sign and verify your JWTs, but express-jwt
helps you protect routes, checks JWTs against a secret, and creates a req.user
from the payload of the token if it can verify it.
tl;dr: express-jwt
uses jsonwebtoken
in its own code and adds additional neatness.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With