JWT authentication (w/ verification) on stateless servers

// Define an Express.js web server accessible at: // https://tonicdev.io/theopak/jwt-auth-demo-server/branches/master var express = require('notebook')('tonic/express-endpoint/1.0.0') var app = express(exports) var cors = require('cors') var expressJwt = require('express-jwt') // Enable CORS for all endpoints (required in order to support browsers). var corsConfig = { origin: true, credentials: true } app.use(cors(corsConfig)) app.options(cors(corsConfig)) // Require JWT authentication (with signature verification) on this endpoint. // Documentation: https://auth0.com/docs/quickstart/backend/nodejs/ var myConfig = { clientId: 'tUqZN8q0XwprYOjqIUXWBCU9ml6DLArI', clientSecret: new Buffer('80o5KbfIRdHa5jflttUpsK7vSdxbJO32S_Thttpu0tqUtuWWBg18GsTkj97eBD3D', 'base64') } app.use('/api/secure-endpoint', expressJwt({ audience: process.env.AUTH0_CLIENT_SECRET || myConfig.clientId, secret: process.env.AUTH0_CLIENT_ID || myConfig.clientSecret })) // Example secure endpoint (Express.js server). app.get('/api/secure-endpoint', function (request, response) { console.log(request) response.json({ message: 'It worked! Authenticated request received.' }) }) // Example insecure endpoint app.use('/', function (request, response) { response.send('Hello world! <br/><br/>Try this endpoint (JWT auth required): https://tonicdev.io/theopak/jwt-auth-demo-server/branches/master') })