{"id":16802,"library":"edaten-auth","title":"Express JWT Authentication Router","description":"edaten-auth is a plug-and-play JWT authentication router designed for Express applications that utilize MongoDB for data persistence via Mongoose. It provides out-of-the-box functionality for user registration, login, token refreshing, and logout, simplifying the implementation of common authentication flows. The current stable version is 2.0.3. While a specific release cadence isn't explicitly stated, the project appears actively maintained given its current versioning. Its primary differentiator is its \"plug-and-play\" nature, offering a complete, pre-built solution for JWT authentication with Express and Mongoose, requiring minimal configuration beyond environment variables for secrets and ensuring a MongoDB connection. It manages access tokens and refresh tokens, storing the latter securely in HTTP-only cookies.","status":"active","version":"2.0.3","language":"javascript","source_language":"en","source_url":null,"tags":["javascript","auth","jwt","express","mongodb","refresh-token","typescript"],"install":[{"cmd":"npm install edaten-auth","lang":"bash","label":"npm"},{"cmd":"yarn add edaten-auth","lang":"bash","label":"yarn"},{"cmd":"pnpm add edaten-auth","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Runtime dependency for the authentication router and middleware.","package":"express","optional":false},{"reason":"ORM for interacting with MongoDB, specifically for user management.","package":"mongoose","optional":false},{"reason":"Required for generating and verifying JSON Web Tokens (JWTs).","package":"jsonwebtoken","optional":false},{"reason":"Used for securely hashing user passwords before storage.","package":"bcryptjs","optional":false},{"reason":"Essential Express middleware for parsing cookies, used for handling refresh tokens.","package":"cookie-parser","optional":false}],"imports":[{"note":"This is the default export, returning an Express router. CommonJS users should use `const createAuth = require('edaten-auth')`.","wrong":"import { createAuth } from 'edaten-auth'","symbol":"createAuth","correct":"import createAuth from 'edaten-auth'"},{"note":"The authentication middleware for protecting routes is a named export from a subpath.","wrong":"import { authMiddleware } from 'edaten-auth'","symbol":"authMiddleware","correct":"import { authMiddleware } from 'edaten-auth/middleware'"},{"note":"Type import for configuration options when using TypeScript.","symbol":"AuthOptions","correct":"import type { AuthOptions } from 'edaten-auth'"}],"quickstart":{"code":"import express from \"express\";\nimport cookieParser from \"cookie-parser\";\nimport mongoose from \"mongoose\";\nimport createAuth from \"edaten-auth\";\n\nconst app = express();\n\napp.use(express.json());\napp.use(cookieParser());\n\n// IMPORTANT: connect MongoDB BEFORE using auth routes\n// In a real application, ensure process.env.MONGO_URI is set.\nawait mongoose.connect(process.env.MONGO_URI ?? 'mongodb://localhost:27017/myauthdb');\n\napp.use(\"/auth\", createAuth({\n  jwtSecret: process.env.JWT_SECRET ?? 'supersecretjwtkey',\n  jwtRefreshSecret: process.env.JWT_REFRESH_SECRET ?? 'anothersupersecretrefreshkey',\n  requiredFields: [\"email\"],\n  loginField: \"email\"\n}));\n\napp.get('/', (req, res) => res.send('Welcome! Auth routes available at /auth'));\n\napp.listen(3000, () => console.log('Server running on port 3000'));","lang":"typescript","description":"Demonstrates the basic setup of the `edaten-auth` router within an Express application, including essential middleware and a critical Mongoose connection step."},"warnings":[{"fix":"Ensure `await mongoose.connect(process.env.MONGO_URI);` completes successfully before `app.use('/auth', createAuth(...));` is called in your application startup.","message":"The MongoDB connection must be fully established *before* initializing the `edaten-auth` router. Failure to do so can lead to 'Operation buffering timed out' errors, as the library attempts database operations before the connection is ready.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Add `app.use(cookieParser());` to your Express application's middleware chain before `app.use('/auth', createAuth(...));`.","message":"The `cookie-parser` middleware is a mandatory dependency and must be explicitly registered with your Express application *before* `edaten-auth` is used. This is crucial for the refresh token mechanism, which relies on HTTP-only cookies.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Ensure both `jwtSecret` and `jwtRefreshSecret` are passed in the options object to the `createAuth` function, ideally using environment variables for security (e.g., `jwtSecret: process.env.JWT_SECRET`).","message":"Both `jwtSecret` and `jwtRefreshSecret` are required configuration options for `createAuth`. Failing to provide these secure strings will prevent the library from initializing and functioning correctly, leading to runtime errors.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Verify that `await mongoose.connect(process.env.MONGO_URI);` has completed successfully *before* you mount the `edaten-auth` router with `app.use('/auth', createAuth(...));`.","cause":"MongoDB connection was not established or was still in a pending state when `edaten-auth` attempted to perform database operations.","error":"Operation users.insertOne() buffering timed out after 10000ms"},{"fix":"Ensure `const app = express();` is properly invoked to create an Express application instance at the start of your server setup.","cause":"The `app` object in your Express application is not correctly initialized as an Express instance before `app.use` is called.","error":"TypeError: app.use is not a function"},{"fix":"Provide valid and secure string values for both `jwtSecret` and `jwtRefreshSecret` in the options object passed to `createAuth`, preferably through environment variables.","cause":"The `jwtSecret` or `jwtRefreshSecret` configuration option was omitted or provided with an empty string when calling `createAuth`.","error":"jwt secret must be provided"}],"ecosystem":"npm","meta_description":null}