Orveth

@orveth/jwt

Symmetric HS256 JWT helpers built on jose. Suitable for service-to-service or first-party session tokens where you control the signing secret.

Exports

  • signJwt(claims, secret, options?) — compact HS256 token string.
  • verifyJwt(token, secret, options?) — returns claims; throws HttpError 401 (ORVETH_JWT_INVALID) on failure.
  • verifyBearerJwt(header, secret, options?) — parses Authorization: Bearer then verifies.
  • extractBearerToken(header) / requireBearerToken(header) — header parsing only.

Example

src/auth.ts
import { signJwt, verifyBearerJwt } from "@orveth/jwt";
import { Orveth } from "orveth";

const secret = process.env.JWT_SECRET!;
const app = new Orveth();

app.post("/login", async (ctx) => {
  const token = await signJwt({ sub: "user-1" }, secret, { expiresIn: "15m" });
  return ctx.ok({ token });
});

app.get("/me", async (ctx) => {
  const user = await verifyBearerJwt<{ sub: string }>(ctx.request.headers.authorization, secret);
  return ctx.ok({ sub: user.sub });
});