JWT Configuration

JSON Web Token authentication reference.

Configuration

json

{
  "jwt": {
    "secret": "&#123;&#123;env.JWT_SECRET&#125;&#125;"
  }
}

JWT Payload

Standard claims:

json

{
  "sub": "user-123",
  "role": "admin",
  "tenant_id": "tenant-456",
  "exp": 1704067200,
  "iat": 1704063600
}

Generate Token

bash

npm run generate-jwt

Or programmatically:

typescript

import jwt from 'jsonwebtoken';

const token = jwt.sign(
  {
    sub: 'user-123',
    role: 'admin',
    tenant_id: 'tenant-456'
  },
  process.env.JWT_SECRET,
  { expiresIn: '1h' }
);

Protect Routes

json

{
  "path": "/admin/users",
  "method": "get",
  "requireAuth": true
}

Access Claims in Routes

json

{
  "data": {
    "user_id": "&#123;&#123;auth.sub&#125;&#125;",
    "role": "&#123;&#123;auth.role&#125;&#125;",
    "tenant_id": "&#123;&#123;auth.tenant_id&#125;&#125;"
  }
}

Request Header

bash

curl -X GET http://localhost:3000/api/protected \
  -H "Authorization: Bearer <token>"

Error Responses

Missing Token

json

{
  "error": "Unauthorized",
  "message": "No authorization token provided"
}

Status: 401

Invalid Token

json

{
  "error": "Unauthorized",
  "message": "Invalid or expired token"
}

Status: 401

Expired Token

json

{
  "error": "Unauthorized",
  "message": "Token expired"
}

Status: 401

Best Practices

Use minimum 32-character secrets
Set appropriate expiration (1h recommended)
Include only necessary claims
Rotate secrets periodically
Use HTTPS in production

JWT Configuration ​

Configuration ​

JWT Payload ​

Generate Token ​

Protect Routes ​

Access Claims in Routes ​

Request Header ​

Error Responses ​

Missing Token ​

Invalid Token ​

Expired Token ​

Best Practices ​

JWT Configuration

Configuration

JWT Payload

Generate Token

Protect Routes

Access Claims in Routes

Request Header

Error Responses

Missing Token

Invalid Token

Expired Token

Best Practices