{"id":17604,"library":"express-azure-jwt","title":"Express Azure AD JWT Middleware","description":"This package provides Express middleware specifically designed for authenticating HTTP requests using JSON Web Tokens (JWTs) issued by Azure Active Directory (AAD). It streamlines the process of validating incoming JWTs and, upon successful validation, decodes the token and attaches the resulting JSON object to `req.user` (or a configurable property like `req.auth`). This allows subsequent middleware or route handlers to easily access user information for authorization and access control. The current stable version, 0.2.2, was released several years ago, indicating the project is likely no longer actively maintained. Its primary differentiation lies in its explicit focus on Azure AD JWT validation within the Express framework, simplifying integration for applications within the Microsoft ecosystem.","status":"abandoned","version":"0.2.2","language":"javascript","source_language":"en","source_url":"git://github.com/Michsior14/node-express-aad-jwt","tags":["javascript","auth","authn","authentication","authz","authorization","http","jwt","token","typescript"],"install":[{"cmd":"npm install express-azure-jwt","lang":"bash","label":"npm"},{"cmd":"yarn add express-azure-jwt","lang":"bash","label":"yarn"},{"cmd":"pnpm add express-azure-jwt","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package primarily targets CommonJS environments, as indicated by its age and documentation. Using 'require' is the most reliable way to import the middleware.","symbol":"jwt","correct":"const jwt = require('express-azure-jwt');"},{"note":"While TypeScript types are shipped, for ESM usage, 'esModuleInterop' might be required in your TypeScript configuration or Node.js environment. The module's primary export is a default function.","wrong":"import { jwt } from 'express-azure-jwt';","symbol":"jwt","correct":"import jwt from 'express-azure-jwt';"}],"quickstart":{"code":"import express from 'express';\nimport jwt from 'express-azure-jwt';\n\nconst app = express();\nconst PORT = process.env.PORT || 3000;\n\n// Basic JWT middleware initialization. Replace with your actual audience.\n// In a real application, configuration like audience should come from environment variables.\nconst azureJwtMiddleware = jwt({\n  audience: process.env.AZURE_AD_AUDIENCE || 'api://my-app-id'\n});\n\n// Error handling middleware for JWT validation failures\napp.use((err: any, req: express.Request, res: express.Response, next: express.NextFunction) => {\n  if (err.name === 'UnauthorizedError') {\n    console.error('Unauthorized request:', err.message);\n    return res.status(401).send('Invalid or missing authentication token.');\n  }\n  next(err);\n});\n\n// Apply JWT authentication to most routes, but exclude '/public' and '/token'\napp.use(azureJwtMiddleware.unless({ path: ['/public', '/token'] }));\n\n// Public route, no authentication required\napp.get('/public', (req, res) => {\n  res.status(200).send('This is a public endpoint.');\n});\n\n// Protected route - requires a valid Azure AD JWT\napp.get('/protected', (req, res) => {\n  // req.user will contain the decoded JWT payload if authentication was successful\n  if (!req.user) {\n    return res.status(401).send('Authentication information not found.');\n  }\n  res.status(200).json({ message: 'Access granted to protected data!', user: req.user });\n});\n\napp.listen(PORT, () => {\n  console.log(`Server running on http://localhost:${PORT}`);\n  console.log('Try accessing /public without a token.');\n  console.log('Try accessing /protected with a valid Azure AD JWT in Authorization: Bearer header.');\n});","lang":"typescript","description":"This quickstart demonstrates how to set up an Express application with `express-azure-jwt` to protect routes using Azure AD JWTs, including error handling for unauthorized access and defining unprotected paths."},"warnings":[{"fix":"Consider migrating to a more actively maintained authentication library for Azure AD, such as `@azure/msal-node` or Passport.js strategies like `passport-azure-ad`.","message":"The package is effectively abandoned. The last commit on GitHub was in January 2017, and the latest npm version (0.2.2) was published over 7 years ago. This means there will be no new features, bug fixes, or security patches, which is a significant risk for authentication middleware.","severity":"breaking","affected_versions":">=0.0.1"},{"fix":"Ensure your application exclusively uses Azure AD as its identity provider. For other providers, use a more generic or provider-specific JWT validation library.","message":"This middleware is specifically designed for JWTs issued by Azure Active Directory. Attempting to use it with JWTs from other identity providers (e.g., Auth0, Firebase, custom JWTs) may lead to validation failures or unexpected behavior, as it relies on AAD-specific issuer and audience validation logic.","severity":"gotcha","affected_versions":">=0.0.1"},{"fix":"For new projects, prefer ESM-native libraries. If using this package, ensure your build setup correctly handles CommonJS modules or use `require()` imports directly.","message":"Due to its age and CommonJS-first design, this package may have compatibility issues or require specific configuration (e.g., `esModuleInterop` in TypeScript) when used in modern Node.js environments that default to ES Modules (ESM).","severity":"gotcha","affected_versions":">=0.0.1"},{"fix":"Always implement Express error handling middleware (`app.use(function(err, req, res, next) { ... })`) to specifically catch and gracefully handle `err.name === 'UnauthorizedError'`.","message":"The default behavior on an invalid or missing token is to throw an `UnauthorizedError`. While the README provides an example of catching this, failure to implement a global error handler for `UnauthorizedError` will result in unhandled exceptions crashing the application or returning generic server errors.","severity":"gotcha","affected_versions":">=0.0.1"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Ensure the client sends an 'Authorization' header in the format `Authorization: Bearer <YOUR_JWT_TOKEN>` for protected routes.","cause":"The incoming HTTP request did not include an 'Authorization' header with a Bearer token, or the token was malformed.","error":"Error: UnauthorizedError: No authorization token was found"},{"fix":"Verify that the JWT is correctly signed, has not expired, and matches the expected issuer and audience configured in the `express-azure-jwt` middleware options.","cause":"The provided JWT is invalid; this could be due to incorrect signature, expired token, invalid issuer, or incorrect audience.","error":"Error: UnauthorizedError: invalid token"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}