Awesome
NodeJS JWT Authentication sample
This is a NodeJS API that supports username and password authentication with JWTs and has APIs that return Chuck Norris phrases. How awesome is that?
Available APIs
User APIs
POST /users
You can do a POST to /users
to create a new user.
The body must have:
username
: The usernamepassword
: The passwordextra
: Some extra information you want to save from the user (It's a string). This could be a color or anything at all.
It returns the following:
{
"id_token": {jwt},
"access_token": {jwt}
}
The id_token
and access_token
are signed with the secret located at the config.json
file. The id_token
will contain the username
and the extra
information sent, while the access_token
will contain the audience
, jti
, issuer
and scope
.
POST /sessions/create
You can do a POST to /sessions/create
to log a user in.
The body must have:
username
: The usernamepassword
: The password
It returns the following:
{
"id_token": {jwt},
"access_token": {jwt}
}
The id_token
and access_token
are signed with the secret located at the config.json
file. The id_token
will contain the username
and the extra
information sent, while the access_token
will contain the audience
, jti
, issuer
and scope
.
Quotes API
GET /api/random-quote
It returns a String with a Random quote from Chuck Norris. It doesn't require authentication.
GET /api/protected/random-quote
It returns a String with a Random quote from Chuck Norris. It requires authentication.
The JWT - access_token
must be sent on the Authorization
header as follows: Authorization: Bearer {jwt}
Running it
Just clone the repository, run npm install
and then node server.js
. That's it :).
If you want to run it on another port, just run PORT=3001 node server.js
to run it on port 3001 for example
Issue Reporting
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Author
License
This project is licensed under the MIT license. See the LICENSE file for more info.
What is Auth0?
Auth0 helps you to:
- Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
- Add authentication through more traditional username/password databases.
- Add support for linking different user accounts with the same user.
- Support for generating signed Json Web Tokens to call your APIs and flow the user identity securely.
- Analytics of how, when and where users are logging in.
- Pull data from other sources and add it to the user profile, through JavaScript rules.
Create a free account in Auth0
- Go to Auth0 and click Sign Up.
- Use Google, GitHub or Microsoft Account to login.
Use Postman
Postman provides a powerful GUI platform to make your API development faster & easier, from building API requests through testing, documentation and sharing
Here is a small collection to highlight the features of this sample API.