jwt-flow 1.0.0

package/README.md

@@ -0,0 +1,282 @@
+# jwt-flow
+
+**jwt-flow** is a library for Node.js that simplifies JWT token management by generating and verifying **Access** and **Refresh** tokens with customizable payloads, expiration, and algorithms — all in a single unified auth flow.  
+
+It supports **HS256** (symmetric) and **RS256** (asymmetric) signing, allowing professional-grade JWT handling for Node.js applications.  
+
+- Fully compatible with **JavaScript** and **TypeScript**  
+- TypeScript users get **strongly typed payloads** with generics  
+- Works in any Node.js project without additional configuration
+
+## Why Use **jwt-flow**? (Value Proposition)
+
+`jsonwebtoken` already exists, but `jwt-flow` gives you ready-to-use patterns and features that save time and reduce mistakes:
+
+| Feature / Benefit                   | jwt-flow | jsonwebtoken |
+|------------------------------------|------------|--------------|
+| **Dual Tokens (Access + Refresh)**  | ✅ Built-in | ❌ Manual setup |
+| **TypeScript Generics / Typed Payloads** | ✅ Fully typed | ⚠️ Manual / Partial |
+| **HS256 & RS256 Support**           | ✅ Ready-to-use | ✅ Only signing, manual patterns |
+| **Production-Ready Recommendations**| ✅ Env variables, short/long expiry, RS256 patterns | ❌ Must implement yourself |
+| **Module Compatibility**            | ✅ CommonJS + ESM | ✅ Only what you configure |
+| **Simple & Clean API**              | ✅ `auth.create()` + `auth.verify()` | ⚠️ Needs multiple calls / custom wrapper |
+
+> **In short:** Save time, avoid boilerplate, and implement secure JWT flows instantly.
+
+## Features
+
+- Generate **Access tokens** and **Refresh tokens** with a single function  
+- Support **different secrets or keys** for access & refresh tokens  
+- Fully typed with **TypeScript generics** for **payload safety**  
+- **Custom payload fields** supported 
+- Works with **HS256** and **RS256** algorithms  
+- Supports **custom expiration times**  
+
+## Module Compatibility
+
+**jwt-flow** works in **both CommonJS and ES Module projects**:
+
+- **CommonJS:**
+```js
+const { auth } = require('jwt-flow');
+```
+- **ES Module:** 
+```js
+import { auth } from 'jwt-flow';
+```
+
+This ensures the library works seamlessly in **any Node.js project**, whether using CommonJS or ES Module syntax.
+
+## Installation
+
+### Note:
+- `jsonwebtoken` is a peer dependency, so you need to install it manually.
+- This avoids version mismatches and ensures your project uses the correct version.
+
+### Using npm:
+```bash
+# Install your library
+npm install jwt-flow
+
+# Install jsonwebtoken (if not installed)
+npm install jsonwebtoken
+```
+
+### Using Yarn:
+```bash
+yarn add jwt-flow
+yarn add jsonwebtoken
+```
+
+### Using pnpm:
+```bash
+pnpm add jwt-flow
+pnpm add jsonwebtoken
+```
+
+## Basic Usage (Single token)
+
+```js
+import { auth } from "jwt-flow";
+
+// Create a single access token
+const userPayload = { sub: "123", role: "user", email: 'example@gmail.com' };
+
+const token = auth.create({
+  accessToken: {
+    payload: userPayload,
+    secret: 'access token secret',
+    expiresIn: "15m", // Token will expire in 15 minutes
+    algorithm: "HS256" // Optional (It's default)
+  }
+});
+
+console.log(token.accessToken);
+
+// Verify the single access token
+if (token.accessToken) {
+    const verifiedToken = auth.verify({
+      accessToken: { 
+        token: token.accessToken, 
+        secret: 'access token secret' 
+      }   
+    });
+
+    console.log(verifiedToken.accessToken);
+}
+```
+
+## Basic Usage (Dual tokens)
+
+```js
+import { auth } from "jwt-flow";
+
+// User payload
+const userPayload = { sub: "123", role: "user", email: 'example@gmail.com' };
+
+// Create both access and refresh tokens
+const tokens = auth.create({
+  accessToken: {
+    payload: userPayload,
+    secret: 'access token secret',
+    expiresIn: "15m", // Token will expire in 15 minutes
+    algorithm: "HS256" // Optional (default HS256)
+  },
+  refreshToken: {
+    payload: userPayload,
+    secret: 'refresh token secret',
+    expiresIn: "7d", // Token will expire in 7 days
+    algorithm: "HS256" // Optional (default HS256)
+  }
+});
+
+console.log(tokens.accessToken);
+console.log(tokens.refreshToken);
+
+// Verify both tokens
+const verifiedTokens = auth.verify({
+  accessToken: { 
+    token: tokens.accessToken!, 
+    secret: 'access token secret' 
+  },
+  refreshToken: { 
+    token: tokens.refreshToken!, 
+    secret: 'refresh token secret' 
+  }
+});
+
+console.log(verifiedTokens.accessToken);
+console.log(verifiedTokens.refreshToken);
+```
+
+## Algorithm Notes
+
+| Algorithm | Type       | Use Case                                     |
+|-----------|-----------|---------------------------------------------|
+| HS256     | Symmetric  | Simple apps, single secret for sign & verify |
+| RS256     | Asymmetric | Production APIs, private/public key pair     |
+
+- **Default algorithm:** `"HS256"`  
+- **RS256:** Requires **private key** for signing and **public key** for verification
+
+## RS256 Example (Advanced)
+
+### Generate RSA Keys (Manually):
+```bash
+openssl genrsa -out private.key 2048
+
+openssl rsa -in private.key -pubout -out public.key
+```
+
+- private.key → Used for signing tokens
+- public.key → Used for verifying tokens
+- ⚠️ Never commit private.key to GitHub
+
+### Usage Example:
+
+```js
+import fs from "fs";
+import { auth } from "jwt-flow";
+
+// Load keys
+const PRIVATE_KEY = fs.readFileSync('./private.key', 'utf-8');
+const PUBLIC_KEY = fs.readFileSync('./public.key', 'utf-8');
+
+const tokens = auth.create({
+  accessToken: {
+    payload: { sub: "123", role: "admin" },
+    secret: PRIVATE_KEY,
+    expiresIn: "15m",
+    algorithm: "RS256"
+  },
+  refreshToken: {
+    payload: { sub: "123", role: "admin" },
+    secret: PRIVATE_KEY,
+    expiresIn: "7d",
+    algorithm: "RS256"
+  }
+});
+
+console.log(tokens.accessToken);
+console.log(tokens.refreshToken);
+
+// Verify using public key
+const verified = auth.verify({
+  accessToken: { 
+    token: tokens.accessToken!, 
+    secret: PUBLIC_KEY,
+    algorithms: ["RS256"]
+  },
+  refreshToken: { 
+    token: tokens.refreshToken!, 
+    secret: PUBLIC_KEY,
+    algorithms: ["RS256"]
+  }
+});
+
+console.log(verified.accessToken);
+console.log(verified.refreshToken);
+```
+
+## Production Recommendation
+
+Instead of loading keys from files, use `environment variables` to keep your private keys secure:
+
+```js
+const PRIVATE_KEY = process.env.PRIVATE_KEY!;
+const PUBLIC_KEY = process.env.PUBLIC_KEY!;
+```
+
+## TypeScript Generics Example
+
+```ts
+import { auth } from "jwt-flow";
+
+// Define your payload type
+interface UserPayload {
+  sub: string;
+  role: "user" | "admin";
+  email: string;
+}
+
+// Create an access token with typed payload
+const token = auth.create<UserPayload>({
+  accessToken: {
+    payload: {
+      sub: "123",
+      role: "admin",
+      email: "admin@example.com",
+    },
+    secret: "my-secret",
+    expiresIn: "15m" // Token will expire in 15 minutes
+  }
+});
+
+console.log(token.accessToken);
+
+// Verify the typed token
+const verified = auth.verify<UserPayload>({
+  accessToken: { 
+    token: token.accessToken!, 
+    secret: "my-secret" 
+  }
+});
+
+console.log(verified.accessToken);
+```
+
+## Notes & Tips
+
+- Always keep your **secrets and private keys safe**.  
+- Use **short expiration** for access tokens and **longer** for refresh tokens.  
+- For TypeScript users, the payload is **fully typed** — generics ensure type safety.  
+- `auth.create()` and `auth.verify()` are synchronous. No `async/await` needed unless you implement RS256 async methods.  
+
+## Author
+- Sejin Ahmed – [GitHub: mern-sejin2010](https://github.com/mern-sejin2010)
+
+## License
+
+This package is licensed under the ISC License
+ 
+Copyright © 2026, Jupiter Programmer

package/dist/index.d.ts

@@ -0,0 +1,28 @@
+import type { Algorithm, Secret } from "jsonwebtoken";
+import { type AccessTokenOptions, type AccessTokenPayload } from "./lib/jwt/access-token.js";
+import { type RefreshTokenOptions, type RefreshTokenPayload } from "./lib/jwt/refresh-token.js";
+export interface CreateTokenOptions<T extends object = {}> {
+    accessToken?: AccessTokenOptions<T>;
+    refreshToken?: RefreshTokenOptions<T>;
+}
+export interface VerifySingleTokenOptions {
+    token: string;
+    secret: Secret;
+    algorithms?: Algorithm[];
+}
+export interface VerifyTokenOptions {
+    accessToken?: VerifySingleTokenOptions;
+    refreshToken?: VerifySingleTokenOptions;
+}
+export interface VerifiedTokens<T extends object = {}> {
+    accessToken?: AccessTokenPayload<T> | null;
+    refreshToken?: RefreshTokenPayload<T> | null;
+}
+export declare const auth: {
+    create<T extends object = {}>(options: CreateTokenOptions<T>): {
+        accessToken?: string;
+        refreshToken?: string;
+    };
+    verify<T extends object = {}>(options: VerifyTokenOptions): VerifiedTokens<T>;
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAGH,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAGH,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EAC3B,MAAM,4BAA4B,CAAC;AAGpC,MAAM,WAAW,kBAAkB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE;IACrD,WAAW,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACpC,YAAY,CAAC,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,wBAAwB;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,SAAS,EAAE,CAAC;CAC5B;AACD,MAAM,WAAW,kBAAkB;IAC/B,WAAW,CAAC,EAAE,wBAAwB,CAAC;IACvC,YAAY,CAAC,EAAE,wBAAwB,CAAC;CAC3C;AACD,MAAM,WAAW,cAAc,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE;IACjD,WAAW,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAC3C,YAAY,CAAC,EAAE,mBAAmB,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;CAChD;AAED,eAAO,MAAM,IAAI;WACN,CAAC,SAAS,MAAM,gBACV,kBAAkB,CAAC,CAAC,CAAC;sBAEA,MAAM;uBAAiB,MAAM;;WAWxD,CAAC,SAAS,MAAM,gBACV,kBAAkB,GAC5B,cAAc,CAAC,CAAC,CAAC;CAavB,CAAC"}

package/dist/index.js

@@ -0,0 +1,35 @@
+import { generateAccessToken, verifyAccessToken } from "./lib/jwt/access-token.js";
+import { generateRefreshToken, verifyRefreshToken } from "./lib/jwt/refresh-token.js";
+;
+;
+;
+;
+// create and verify tokens
+export const auth = {
+    create(options) {
+        const result = {};
+        if (options.accessToken) {
+            const { payload, secret, expiresIn, algorithm } = options.accessToken;
+            result.accessToken = generateAccessToken(payload, secret, expiresIn, algorithm);
+        }
+        if (options.refreshToken) {
+            const { payload, secret, expiresIn, algorithm } = options.refreshToken;
+            result.refreshToken = generateRefreshToken(payload, secret, expiresIn, algorithm);
+        }
+        return result;
+    },
+    verify(options) {
+        const { accessToken, refreshToken } = options;
+        const result = {};
+        if (accessToken) {
+            const { token, secret, algorithms } = accessToken;
+            result.accessToken = verifyAccessToken(token, secret, algorithms);
+        }
+        if (refreshToken) {
+            const { token, secret, algorithms } = refreshToken;
+            result.refreshToken = verifyRefreshToken(token, secret, algorithms);
+        }
+        return result;
+    }
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACH,mBAAmB,EACnB,iBAAiB,EAGpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACH,oBAAoB,EACpB,kBAAkB,EAGrB,MAAM,4BAA4B,CAAC;AAMnC,CAAC;AAMD,CAAC;AAID,CAAC;AAID,CAAC;AACF,2BAA2B;AAC3B,MAAM,CAAC,MAAM,IAAI,GAAG;IAChB,MAAM,CACF,OAA8B;QAE9B,MAAM,MAAM,GAAoD,EAAE,CAAC;QACnE,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;YACtE,MAAM,CAAC,WAAW,GAAG,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;YACvE,MAAM,CAAC,YAAY,GAAG,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IACD,MAAM,CACF,OAA2B;QAE3B,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC;QAC9C,MAAM,MAAM,GAAsB,EAAE,CAAC;QACrC,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC;YAClD,MAAM,CAAC,WAAW,GAAG,iBAAiB,CAAI,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACf,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;YACnD,MAAM,CAAC,YAAY,GAAG,kBAAkB,CAAI,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;CACJ,CAAC"}

package/dist/lib/jwt/access-token.d.ts

@@ -0,0 +1,16 @@
+import { type Algorithm, type Secret } from 'jsonwebtoken';
+export interface BaseAccessTokenPayload {
+    sub: string;
+    role?: string;
+    email?: string;
+}
+export type AccessTokenPayload<T extends object = {}> = BaseAccessTokenPayload & T;
+export interface AccessTokenOptions<T extends object = {}> {
+    payload: AccessTokenPayload<T>;
+    secret: Secret;
+    expiresIn?: `${number}${"s" | "m" | "h" | "d" | "w"}`;
+    algorithm?: Algorithm;
+}
+export declare function generateAccessToken<T extends object = {}>(payload: AccessTokenPayload<T>, secret: Secret, expiresIn?: `${number}${"s" | "m" | "h" | "d" | "w"}`, algorithm?: Algorithm): string;
+export declare function verifyAccessToken<T extends object = {}>(token: string, secret: Secret, algorithms?: Algorithm[]): AccessTokenPayload<T> | null;
+//# sourceMappingURL=access-token.d.ts.map

package/dist/lib/jwt/access-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.d.ts","sourceRoot":"","sources":["../../../src/lib/jwt/access-token.ts"],"names":[],"mappings":"AAAA,OAAY,EACR,KAAK,SAAS,EACd,KAAK,MAAM,EAEd,MAAM,cAAc,CAAC;AAEtB,MAAM,WAAW,sBAAsB;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAClB;AACD,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,IAAI,sBAAsB,GAAG,CAAC,CAAC;AAEnF,MAAM,WAAW,kBAAkB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE;IACrD,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;IACtD,SAAS,CAAC,EAAE,SAAS,CAAC;CACzB;AAED,wBAAgB,mBAAmB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,EACrD,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAC,EAC9B,MAAM,EAAE,MAAM,EACd,SAAS,GAAE,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAU,EAC5D,SAAS,GAAE,SAAmB,GAC/B,MAAM,CAGR;AAED,wBAAgB,iBAAiB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,EACnD,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,UAAU,GAAE,SAAS,EAAc,GACpC,kBAAkB,CAAC,CAAC,CAAC,GAAG,IAAI,CAU9B"}

package/dist/lib/jwt/access-token.js

@@ -0,0 +1,24 @@
+import jwt, {} from 'jsonwebtoken';
+;
+;
+// generate access token
+export function generateAccessToken(payload, secret, expiresIn = '15m', algorithm = 'HS256') {
+    const options = { expiresIn, algorithm };
+    return jwt.sign(payload, secret, options);
+}
+;
+// verify access token
+export function verifyAccessToken(token, secret, algorithms = ['HS256']) {
+    try {
+        const decoded = jwt.verify(token, secret, { algorithms });
+        if (typeof decoded === 'object' && decoded !== null) {
+            return decoded;
+        }
+        return null;
+    }
+    catch (error) {
+        return null;
+    }
+}
+;
+//# sourceMappingURL=access-token.js.map

package/dist/lib/jwt/access-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.js","sourceRoot":"","sources":["../../../src/lib/jwt/access-token.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,EAAE,EAIX,MAAM,cAAc,CAAC;AAMrB,CAAC;AAQD,CAAC;AACF,wBAAwB;AACxB,MAAM,UAAU,mBAAmB,CAC/B,OAA8B,EAC9B,MAAc,EACd,YAAuD,KAAK,EAC5D,YAAuB,OAAO;IAE9B,MAAM,OAAO,GAAgB,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IACtD,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;AAAA,CAAC;AACF,sBAAsB;AACtB,MAAM,UAAU,iBAAiB,CAC7B,KAAa,EACb,MAAc,EACd,aAA0B,CAAC,OAAO,CAAC;IAEnC,IAAI,CAAC;QACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QAC1D,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YAClD,OAAO,OAAgC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC;AAAA,CAAC"}

package/dist/lib/jwt/refresh-token.d.ts

@@ -0,0 +1,16 @@
+import { type Algorithm, type Secret } from 'jsonwebtoken';
+export interface BaseRefreshTokenPayload {
+    sub: string;
+    role?: string;
+    email?: string;
+}
+export type RefreshTokenPayload<T extends object = {}> = BaseRefreshTokenPayload & T;
+export interface RefreshTokenOptions<T extends object = {}> {
+    payload: RefreshTokenPayload<T>;
+    secret: Secret;
+    expiresIn?: `${number}${"s" | "m" | "h" | "d" | "w"}`;
+    algorithm?: Algorithm;
+}
+export declare function generateRefreshToken<T extends object = {}>(payload: RefreshTokenPayload<T>, secret: Secret, expiresIn?: `${number}${"s" | "m" | "h" | "d" | "w"}`, algorithm?: Algorithm): string;
+export declare function verifyRefreshToken<T extends object = {}>(token: string, secret: Secret, algorithms?: Algorithm[]): RefreshTokenPayload<T> | null;
+//# sourceMappingURL=refresh-token.d.ts.map

package/dist/lib/jwt/refresh-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../../src/lib/jwt/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAY,EACR,KAAK,SAAS,EACd,KAAK,MAAM,EAEd,MAAM,cAAc,CAAC;AAEtB,MAAM,WAAW,uBAAuB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAClB;AACD,MAAM,MAAM,mBAAmB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,IAAI,uBAAuB,GAAG,CAAC,CAAC;AAErF,MAAM,WAAW,mBAAmB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE;IACtD,OAAO,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;IACtD,SAAS,CAAC,EAAE,SAAS,CAAC;CACzB;AAED,wBAAgB,oBAAoB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,EACtD,OAAO,EAAE,mBAAmB,CAAC,CAAC,CAAC,EAC/B,MAAM,EAAE,MAAM,EACd,SAAS,GAAE,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAS,EAC3D,SAAS,GAAE,SAAmB,GAC/B,MAAM,CAGR;AAED,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,EACpD,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,UAAU,GAAE,SAAS,EAAc,GACpC,mBAAmB,CAAC,CAAC,CAAC,GAAG,IAAI,CAU/B"}

package/dist/lib/jwt/refresh-token.js

@@ -0,0 +1,24 @@
+import jwt, {} from 'jsonwebtoken';
+;
+;
+// generate refresh token
+export function generateRefreshToken(payload, secret, expiresIn = '7d', algorithm = 'HS256') {
+    const options = { expiresIn, algorithm };
+    return jwt.sign(payload, secret, options);
+}
+;
+// verify refresh token
+export function verifyRefreshToken(token, secret, algorithms = ['HS256']) {
+    try {
+        const decoded = jwt.verify(token, secret, { algorithms });
+        if (typeof decoded === 'object' && decoded !== null) {
+            return decoded;
+        }
+        return null;
+    }
+    catch (error) {
+        return null;
+    }
+}
+;
+//# sourceMappingURL=refresh-token.js.map

package/dist/lib/jwt/refresh-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.js","sourceRoot":"","sources":["../../../src/lib/jwt/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,EAAE,EAIX,MAAM,cAAc,CAAC;AAMrB,CAAC;AAQD,CAAC;AACF,yBAAyB;AACzB,MAAM,UAAU,oBAAoB,CAChC,OAA+B,EAC/B,MAAc,EACd,YAAuD,IAAI,EAC3D,YAAuB,OAAO;IAE9B,MAAM,OAAO,GAAgB,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IACtD,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;AAAA,CAAC;AACF,uBAAuB;AACvB,MAAM,UAAU,kBAAkB,CAC9B,KAAa,EACb,MAAc,EACd,aAA0B,CAAC,OAAO,CAAC;IAEnC,IAAI,CAAC;QACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QAC1D,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YAClD,OAAO,OAAiC,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC;AAAA,CAAC"}

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "jwt-flow",
+  "version": "1.0.0",
+  "description": "jwt-flow is a library for Node.js that simplifies JWT token management by generating and verifying **Access** and **Refresh** tokens with customizable payloads, expiration, and algorithms — all in a single unified auth flow.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "files": ["dist", "README.md"],
+  "keywords": [
+    "jwt",
+    "typescript",
+    "jsonwebtoken",
+    "ts-jwt",
+    "access token",
+    "refresh token",
+    "jwt helper",
+    "jwt manager",
+    "auth",
+    "authentication",
+    "auth flow",
+    "single auth",
+    "jwt rotation",
+    "security",
+    "secure jwt",
+    "token generation",
+    "token verification",
+    "jwt utils",
+    "typescript auth",
+    "typescript authentication",
+    "jwt library",
+    "jwt typescript",
+    "jwt access",
+    "jwt refresh",
+    "jwt create",
+    "jwt verify",
+    "jwt ts helper",
+    "node jwt",
+    "nodejs jwt",
+    "secure tokens",
+    "auth library",
+    "token manager",
+    "jwt workflow",
+    "jwt system",
+    "jwt solution"
+  ],
+  "author": "Sejin Ahmed",
+  "license": "ISC",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mern-sejin2010/npm-jwt-flow.git"
+  },
+  "devDependencies": {
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/node": "^25.3.0",
+    "jsonwebtoken": "^9.0.3",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3"
+  },
+  "peerDependencies": {
+    "jsonwebtoken": "^9.0.0"
+  }
+}