fastify-xauth-local
jwt.sign
Sign a payload and return a JWT string using the config's algorithm and key.
jwt.sign
Signs a payload and returns a JWT string using the key (or secret) and algorithm configured for this auth instance.
Signature
const api = fastify.xauthlocal.get(name: string)
api.jwt.sign(
payload: Record<string, any>,
options?: {
expiresIn?: string // Override default expiration (e.g. '1h', '30d')
audience?: string // Override audience claim
issuer?: string // Override issuer claim
subject?: string // Set sub claim (typically the user ID)
}
): string
Params
| Name | Type | Required | Description |
|---|---|---|---|
payload | Record<string, any> | Yes | Claims to embed in the token |
options.expiresIn | string | No | Override the config's default expiresIn |
options.audience | string | No | Override the config's default audience |
options.issuer | string | No | Override the config's default issuer |
options.subject | string | No | Set the sub claim (e.g. String(user.id)) |
Returns
A signed JWT string.
Throws
Error: xAuthLocal: privateKey or secret required for signing— if the config was initialized with only apublicKey(verify-only mode).
Examples
Basic: sign a user token after login
const api = fastify.xauthlocal.get("api");
const token = api.jwt.sign({
id: user.id,
email: user.email,
scope: user.roles,
});
return { token };
Advanced: custom expiration and sub claim
const api = fastify.xauthlocal.get("api");
// Issue a short-lived token for a password-reset flow
const resetToken = api.jwt.sign(
{ id: user.id, purpose: "password-reset" },
{
expiresIn: "15m",
subject: String(user.id),
audience: "password-reset",
}
);
See Also
- jwt.verify — verify and decode a signed token
- jwt.decode — decode without verification
AI Context
package: "@xenterprises/fastify-xauth-local"
method: fastify.xauthlocal.get('name').jwt.sign(payload, options?)
use-when: Sign a JWT payload and return a token string — HS256 or RS256 depending on config
returns: string (JWT)