JWT authentication (w/ verification) on stateless servers
// Define an Express.js web server accessible at:
// https://tonicdev.io/theopak/jwt-auth-demo-server/branches/master
var express = require('notebook')('tonic/express-endpoint/1.0.0')
var app = express(exports)
var cors = require('cors')
var expressJwt = require('express-jwt')
// Enable CORS for all endpoints (required in order to support browsers).
var corsConfig = { origin: true, credentials: true }
app.use(cors(corsConfig))
app.options(cors(corsConfig))
// Require JWT authentication (with signature verification) on this endpoint.
// Documentation: https://auth0.com/docs/quickstart/backend/nodejs/
var myConfig = {
clientId: 'tUqZN8q0XwprYOjqIUXWBCU9ml6DLArI',
clientSecret: new Buffer('80o5KbfIRdHa5jflttUpsK7vSdxbJO32S_Thttpu0tqUtuWWBg18GsTkj97eBD3D', 'base64')
}
app.use('/api/secure-endpoint', expressJwt({
audience: process.env.AUTH0_CLIENT_SECRET || myConfig.clientId,
secret: process.env.AUTH0_CLIENT_ID || myConfig.clientSecret
}))
// Example secure endpoint (Express.js server).
app.get('/api/secure-endpoint', function (request, response) {
console.log(request)
response.json({ message: 'It worked! Authenticated request received.' })
})
// Example insecure endpoint
app.use('/', function (request, response) {
response.send('Hello world! <br/><br/>Try this endpoint (JWT auth required): https://tonicdev.io/theopak/jwt-auth-demo-server/branches/master')
})
no comments