Expose token verification method in public API

[sushantdhiman]

I use express-jwt with most of projects. Its awesome.

Would it be possible / acceptable to expose token verification method to public API. This process is sometime required to arbitrarily check if a request has valid session or not.

Use case All request passed by unless are ignored by express-jwt, I think that is good. But even these requests have session attached ( Authorization header set) sometime. There is no way to tell what user this request have. If express-jwt expose token verification process it can be done easily. Otherwise I'll have to rewrite (copy) same logic which will extract token from headers and check if session is valid.

I'll be able to help with a PR if this suggestion is accepted.

[vesparny]

I'd also love to see this. Another pros is that it will not be needed anymore to require the package jsonwebtoken if its api is exposed by express-jwt.

koa/jwt does it and it's very convenient.

[jfromaniello]

can you show me with an example the api you are looking for ?

[sushantdhiman]

@jfromaniello I will think about the API and will post soon

[sushantdhiman]

Sorry for this rather late reply. I am no longer using express-jwt and no longer require this API. Maintainers may close this issue if they want to.

[laxman-spidey]

@sushantdhiman I'm looking for similar implementation. Can you please let me know which library you have chosen for this?

[sushantdhiman]

@laxman-spidey I don't remember, neither I have access to source code anymore, but if I have to guess I must have copied this method as there is no API exposed