Add JWT authentication to Adonisjs v5. Thanks to https://github.com/alex-oliveira for the starting implementation!
Make sure to install and configure @adonisjs/auth
and @adonisjs/lucid
beforehand, by running the following commands:
npm install @adonisjs/auth @adonisjs/lucid
//Or, with yarn: yarn add @adonisjs/auth @adonisjs/lucid
node ace configure @adonisjs/auth
node ace configure @adonisjs/lucid
Install adonis5-jwt
via npm
or yarn
:
npm install adonis5-jwt
//Or, with yarn: yarn add adonis5-jwt
After the package has been installed, you have to configure it by running a command:
node ace configure adonis5-jwt
This will ask a few questions and modify adonisjs files accordingly.
During this configure, you will have to choose whether you want to store JWT in database or not. The two solutions have advantages and disadvantages. Bear in mind that the default is NOT to store JWT in db.
Command | JWT in db | JWT not in db |
---|---|---|
recommended solution | ❌ | ✅ |
refresh token stored in DB | ✅ | ✅ |
full control on JWT expiration/revocation | ✅ | ❌ |
faster login that doesn't use DB | ❌ | ✅ |
logout doesn't need refresh token | ✅ | ❌ |
JWT authentication implements the same methods that other guards in @adonisjs/auth
implements, so you can call .authenticate()
, .generate()
etc.
Just make sure to prepend .use("jwt")
:
//authenticate() example
Route.get('/dashboard', async ({ auth }:HttpContextContract) => {
await auth.use("jwt").authenticate();
const userModel = auth.use("jwt").user!;
const userPayloadFromJwt = auth.use("jwt").payload!;
});
//generate() example:
Route.get('/login', async ({ auth }:HttpContextContract) => {
const user = await User.find(1);
const jwt = await auth.use("jwt").generate(user);
//or using .login():
//const jwt = await auth.use("jwt").login(user);
});
//refresh token usage example:
Route.post('/refresh', async ({ auth, request }:HttpContextContract) => {
const refreshToken = request.input("refresh_token");
const jwt = await auth.use("jwt").loginViaRefreshToken(refreshToken);
});
Route.post('/logout', async ({ auth, response }:HttpContextContract) => {
await auth.use('jwt').revoke()
return {
revoked: true
}
})
By default, .generate()
or .login()
uses a payload like the following:
//user is a Lucid model
{
userId: user.id,
user: {
name: user.name,
email: user.email,
},
}
If you want to generate a JWT with a different payload, simply specify payload
when calling .generate()
or .login()
:
await auth.use("jwt").login(user, {
payload: {
email: user.email,
},
});
With the refresh token, you can obtain a new JWT using loginViaRefreshToken()
:
const refreshToken = request.input("refresh_token");
await auth.use("jwt").loginViaRefreshToken(refreshToken, {
payload: {
email: user.email,
},
});