Protect your API on Node(Express)
Extract the Bearer Token from the request header
An authorized request should contain an Authorization header with Bearer <access_token> as its content. Extract the Authorization Token from the request header:
Token validation
For demonstration, we use the jose package to validate the token's signature, expiration status, and required claims.
Install jose as your dependency
Retrieve Auth’s OIDC configurations
You will need a JWK public key set and the token issuer to verify the signature and source of the received JWS token. All the public Auth Authorization Configurations can be found at https://your-auth-domain/.well-known/openid-configuration.
e.g. Call https://nightly-accounts-api.complyment.com/.well-known/openid-configuration. And locate the following two fields in the response body:
Add auth middleware
Jose's jwtVerify method may help you to verify the token's JWS format, token signature, issuer, audience and the expiration status. An exception will be thrown if validation fails.
Apply middleware to your API
Last updated