JWT Keychain ⛓
Add a complete and customizable user authentication system for your API project.
.package(url: "https://github.com/nodes-vapor/jwt-keychain.git", upToMajorVersion: "2.0.0")
targets: [ .target( name: "App", dependencies: [ ... "JWTKeychain" ] ), ... ]
Getting started 🚀
Copy package resources:
Move the content of
JWTKeychain/Resources/Views into the
Resources/Views folder of your project. Unfortunately there's no convenient to this at the moment, but one option is to download this repo as a zip and then move the folders into the root of your project. Remember to check that you're not overwriting any files in your project.
https://github.com/vapor/jwt to learn more about signing.
Token Generator Command
In order to generate password reset tokens for users add the following to
"keychain:generate_token". Then you can create a token like so:
drop --run keychain:generate_token firstname.lastname@example.org
There are three types of tokens used by JWTKeychain: refresh tokens, API access tokens, and password reset tokens.
Both refresh and access tokens should be included in the
Authorization header for each request they are needed for, as follows:
Authorization: Bearer TOKEN (where
TOKEN is replaced with the actual token string).
Usage of this type of token is optional but recommended for extra security. You can opt-out of using refresh tokens by omitting the value for
Refresh tokens are tokens with a long expiration time that can be used to generate the more short-lived access tokens that are needed for API access.
Refresh tokens are returned when logging in and when signing up* as a string under the key:
refreshToken. They can only be used to create new access tokens at the
When a refresh token expires a new one can be generated by logging in using the user's credentials.
* Besides the refresh token, an access token and the user object are also returned as a convenience to the client developer.
API Access Tokens
API Access tokens give access to the following endpoints:
TODO: add other routes
Whenever an access token is expired a new one can be generated using a request to
Password Reset Tokens
Supply Additional Middleware
This package is open-sourced software licensed under the MIT license
Help us keep the lights on
1.0.0-rc.2 - Mar 8, 2019
JWTKeychainUsers are now
- The create and update routes now save the user
1.0.0-rc.1 - Mar 6, 2019
- depends on Sugar 4.0.0 RC
- JWTKeychainProvider now accepts a config factory to allow for thread safe middleware and signers
1.0.0-beta.3 - Jan 24, 2019
JWTKeychainMiddlewaresgeneric over the user type making it possible to use JWTKeychain with multiple types of user.
1.0.0-beta.2 - Nov 30, 2018
- Aligned with community guidelines on how to register routes
0.16.1 - Nov 23, 2018
- Opened up
PasswordVersionClaim, e.g. if one wants to subclass the