{"library":"smart-auth-middleware","title":"Express Smart Authentication Middleware","description":"This package, `smart-auth-middleware`, is an Express.js middleware designed for authenticating incoming requests by validating JSON Web Tokens (JWTs) against an external Identity Service (IDS). It integrates with `jwks-rsa` for fetching JSON Web Key Sets and `express-jwt` for the core JWT verification process. Currently at version 0.21.0, it is in active development, implying that breaking changes might occur more frequently between minor versions as it approaches a stable 1.0 release. The middleware provides a lifecycle with `authPreCheck` for initial validation, `jwtVerify` for token verification and setting user information on `req.user`, and `authPostCheck` to ensure verification success. Its key differentiators include built-in support for JWKS endpoints and configurable options for issuer, audience, and ignored paths, streamlining JWT-based authentication in Express applications.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install smart-auth-middleware"],"cli":null},"imports":["import authentication from 'smart-auth-middleware';","const authentication = require('smart-auth-middleware');","// No direct import for options object, it's passed directly to the middleware function"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import express from 'express';\nimport authentication from 'smart-auth-middleware';\n\nconst app = express();\nconst router = express.Router();\n\n// Ensure environment variables are set or provide fallbacks\nconst options = {\n    IDENTITY_SERVICE_URL: process.env.IDENTITY_SERVICE_URL ?? 'http://localhost:3000/identity',\n    ISSUER: process.env.JWT_ISSUER ?? 'your-issuer-url',\n    AUDIENCE: process.env.JWT_AUDIENCE ?? 'your-audience',\n    ignorePaths: [ '/healthcheck', '/ping' ]\n};\n\n// Apply the authentication middleware to all routes under '/'\n// All routes after this middleware will require a valid JWT, except ignoredPaths\napp.use('/', authentication(options), router);\n\nrouter.get('/secure-data', (req, res) => {\n  // req.user will be populated by the middleware if token is valid\n  if (req.user) {\n    res.status(200).json({ message: 'Access granted to secure data', user: req.user });\n  } else {\n    res.status(401).json({ message: 'Unauthorized: req.user not found' });\n  }\n});\n\nrouter.get('/healthcheck', (req, res) => {\n  res.status(200).send('Service is healthy');\n});\n\n// Basic error handling middleware for express-jwt errors\napp.use((err, req, res, next) => {\n  if (err.name === 'UnauthorizedError') {\n    res.status(401).json({ message: 'Invalid token: ' + err.message });\n  } else {\n    next(err);\n  }\n});\n\nconst PORT = process.env.PORT || 3000;\napp.listen(PORT, () => {\n  console.log(`Server running on port ${PORT}`);\n  console.log('Test with: curl -H \"Authorization: Bearer <YOUR_JWT>\" http://localhost:3000/secure-data');\n  console.log('Or: curl http://localhost:3000/healthcheck');\n});","lang":"typescript","description":"Demonstrates how to integrate `smart-auth-middleware` into an Express application, configure essential options, protect routes, and handle common authentication errors.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}