JWT Auth Middleware
The JWT Auth Middleware provides authentication by verifying the token with JWT. Authorization
header value or cookie value specified by the cookie
option will be used as a token.
Import
ts
import { Hono } from 'hono'
import { jwt } from 'hono/jwt'
import type { JwtVariables } from 'hono/jwt'
Usage
ts
// Specify the variable types to infer the `c.get('jwtPayload')`:
type Variables = JwtVariables
const app = new Hono<{ Variables: Variables }>()
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
})
)
app.get('/auth/page', (c) => {
return c.text('You are authorized')
})
Get payload:
ts
const app = new Hono()
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
})
)
app.get('/auth/page', (c) => {
const payload = c.get('jwtPayload')
return c.json(payload) // eg: { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 }
})
TIP
jwt()
is just a middleware function. If you want to use an environment variable (eg: c.env.JWT_SECRET
), you can use it as follows:
js
app.use('/auth/*', (c, next) => {
const jwtMiddleware = jwt({
secret: c.env.JWT_SECRET,
})
return jwtMiddleware(c, next)
})
Options
secret
: string - required- A value of your secret key.
cookie
: string- If this value is set, then the value is retrieved from the cookie header using that value as a key, which is then validated as a token.
alg
: string- An algorithm type that is used for verifying. Available types are
HS256
|HS384
|HS512
|RS256
|RS384
|RS512
|PS256
|PS384
|PS512
|ES256
|ES384
|ES512
|EdDSA
. Default isHS256
.
- An algorithm type that is used for verifying. Available types are