A helper to verify Janis JWTs
npm install @janiscommerce/jwtjwks-rsa v4 enforces the Node.js version range declared in that package (e.g. ^20.19.0, ^22.12.0, or >=23.0.0). Consumers on older Node versions must upgrade their runtime or stay on an older release of this package.
This is the main exported class. It has only one public method: async verifyToken(token). This method will resolve the decoded token payload, or reject in case of error.
By default this package will handle JWKs properly, but you can configure a custom JWKS URI in case you want to test a different environment.
- An options object with a
jwksUriproperty when you instanciate JWT Class. - An environment variable named
JANISCOMMERCE_JWT_JWKS_URI - Defaults to Janis ID Production URI
const { JWT } = require('@janiscommerce/jwt');
// Default behaviour, decodes with Janis Production JWKS URI
const jwt = new JWT();
const decodedToken = await jwt.verifyToken(token);
// Override default with an env var
process.env.JANISCOMMERCE_JWT_JWKS_URI = 'https://example.com/.well-known/jwks.json';
const envJwt = new JWT();
const envDecodedToken = await envJwt.verifyToken(token);
// Override by passing jwksUri option
const withOptionJwt = new JWT({
jwksUri: 'https://override.com/.well-known/jwks.json'
});
const withOptionDecodedToken = await withOptionJwt.verifyToken(token);