OOrveth

Documentation

JWT

JWT sign and verify helpers — not a full authentication platform.

@orveth/jwt provides HS256 sign and verify utilities. You still own user storage, session policy, and authorization rules.

jwt.ts
import { Orveth, signJwt, verifyBearerJwt } from "orveth";

const secret = process.env.JWT_SECRET!;
const app = new Orveth();

app.post("/login", async (ctx) => {
  const token = await signJwt({ sub: "user-1" }, secret, { expiresIn: "1h" });
  return ctx.ok({ token });
});

app.get("/me", async (ctx) => {
  const claims = await verifyBearerJwt<{ sub: string }>(
    ctx.request.headers.authorization,
    secret,
  );
  return ctx.ok({ sub: claims.sub });
});