Skip to content

Instantly share code, notes, and snippets.

@ziluvatar

ziluvatar/token-generator.js

Last active April 8, 2025 08:12
Show Gist options
  • Save ziluvatar/a3feb505c4c0ec37059054537b38fc48 to your computer and use it in GitHub Desktop.
Save ziluvatar/a3feb505c4c0ec37059054537b38fc48 to your computer and use it in GitHub Desktop.
Download ZIP
Example of refreshing tokens with jwt
Raw
token-generator.js
/**
* Example to refresh tokens using https://github.com/auth0/node-jsonwebtoken
* It was requested to be introduced at as part of the jsonwebtoken library,
* since we feel it does not add too much value but it will add code to mantain
* we won't include it.
*
* I create this gist just to help those who want to auto-refresh JWTs.
*/
const jwt = require('jsonwebtoken');
function TokenGenerator (secretOrPrivateKey, secretOrPublicKey, options) {
this.secretOrPrivateKey = secretOrPrivateKey;
this.secretOrPublicKey = secretOrPublicKey;
this.options = options; //algorithm + keyid + noTimestamp + expiresIn + notBefore
}
TokenGenerator.prototype.sign = function(payload, signOptions) {
const jwtSignOptions = Object.assign({}, signOptions, this.options);
return jwt.sign(payload, this.secretOrPrivateKey, jwtSignOptions);
}
// refreshOptions.verify = options you would use with verify function
// refreshOptions.jwtid = contains the id for the new token
TokenGenerator.prototype.refresh = function(token, refreshOptions) {
const payload = jwt.verify(token, this.secretOrPublicKey, refreshOptions.verify);
delete payload.iat;
delete payload.exp;
delete payload.nbf;
delete payload.jti; //We are generating a new token, if you are using jwtid during signing, pass it in refreshOptions
const jwtSignOptions = Object.assign({ }, this.options, { jwtid: refreshOptions.jwtid });
// The first signing converted all needed options into claims, they are already in the payload
return jwt.sign(payload, this.secretOrPrivateKey, jwtSignOptions);
}
module.exports = TokenGenerator;
Raw
token-generator.tester.js
/**
* Just few lines to test the behavior.
*/
const TokenGenerator = require('./token-generator');
const jwt = require('jsonwebtoken');
const tokenGenerator = new TokenGenerator('a', 'a', { algorithm: 'HS256', keyid: '1', noTimestamp: false, expiresIn: '2m', notBefore: '2s' })
token = tokenGenerator.sign({ myclaim: 'something' }, { audience: 'myaud', issuer: 'myissuer', jwtid: '1', subject: 'user' })
setTimeout(function () {
token2 = tokenGenerator.refresh(token, { verify: { audience: 'myaud', issuer: 'myissuer' }, jwtid: '2' })
console.log(jwt.decode(token, { complete: true }))
console.log(jwt.decode(token2, { complete: true }))
}, 3000)
@Mihir018
Copy link

Mihir018 commented Sep 5, 2023

I am not able to extract out

delete payload.iat;
delete payload.exp;
delete payload.nbf;

It seems this values does not exist on payload, is there some other way I can delete the old token and generate new one, or can someone help me on what I am missing.

@AniketSaini0
Copy link

AniketSaini0 commented Feb 10, 2025
edited
Loading

@TriStarGod

yes your reasoning is correct but what actually happens is when there is a communication between A and B, they at the beginning shares their respective public keys with each other.

so when A sends some data it has to be first encrypted using A's private key(inner encryption layer) + then encrypted using B's public key(as outer encryption layer) .
that's why while on B's side first the data has to be decrypted using B's private key (to decrypt outer encryption layer since it was encrypted using B's public key) + then only one can use A's public keys to decrypt the inner encryption layer.

that's how even if other people have the public key of A , cannot decrypt the data on the public key alone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment