The Tech Point

How to tutorials
Menu
  • How To
  • Technology
    • Mobiles
    • Internet
    • Security
    • rethinkDB
  • Blogging
  • Reviews
  • Social Media
  • Top 10
  • About
    • Contact Us
    • Privacy Policy
Home
Technology
Security
JSON WEB TOKENS : easy , secure, robust rest api management.

JSON WEB TOKENS : easy , secure, robust rest api management.

admin April 14, 2015

I wanted to create a web service in node. here are some of the features of my web service.It needed to be

  • stateless,
  • secure such that only users with the correct credentials could access certain entities.

Well http and REST are by default stateless.

Do Read:- RethinkDB : Realtime Database Problem solved

The answer for secure is to use a token. There are a few token modules for node, and I settled on node-jwt-simple. This gives you a JWT (JSON Web Token), which is a:

…means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is digitally signed or MACed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE).

json-web-tokens

json web tokens

 

To implement this in Node; first, allow users to log in, check they’re ok, and return them a token (I’m using express) and then check token with each request you get into your rest api endpoint(means , client app needs to send token back to you with each request.):

var app = require('express').express();
var jwt = require('jwt-simple');
var tokenSecret = "secret string";
app.get('/token',function(req, res) {
	var username = req.params.username;
	var password = req.params.password;

	if(checkUser(username, password)) {
		var token = jwt.encode({username: username,role:"admin"}, tokenSecret);
		res.json({token : token});
	} else {
		res.json({result: "AuthError"});
	}
});

When you create the token, you have the opportunity to set some claims,means you can set userID and what user can access and all(authorization) as properties of an object.

Here I set the username and ar role = admin, but if there’s something you need to know about your user, you can put it here.

Recommended:- RethinkDB : server instance command options explained

From the browse I can call this endpoint, passing the username and password in on the header, to retrieve the token:

$.ajax({
	type: "GET",
	cache: false,
	dataType: "json",
	url: "/token",
        data: {username:username, password:password},
	success: function(token){
		setToken(token);
	}
});

Back in Node, I can then add some more endpoints to my API, and check the token on each request to ensure it’s valid.

app.get('/accessAdminPanel',function(req, res){
	var decoded = jwt.decode(req.headers.token, tokenSecret);
	if (checkUserCanAccessResource(decoded.username) && authorize(decoded.role)){
		...
	}
}

The token is read from the header, so you need to add it to each jQuery request:

$.ajax({
	type: "GET",
	cache: false,
	dataType: "json",
	url: "/accessAdminPanel", headers: { token:getToken(); }, success: function(data){ ... } });

This code is only an illustration. You need to think about expiry, error messages etc…

so that was it. if you interested in knowing more. we can have great talk on twitter of facebook. Ping Me 😉

Peace.

Stumble
Share
Tweet
Pinterest
Google+
Linkedin
Email
Prev Article
Next Article

Related Articles

Right now, video calling and tele-conference are much popular among …

For Live Chatting, and Voice Calling -Choose Best App for Free Calls

People use different jailbroken software and crackers to decode the …

Kuaiyong – for Non-Jailbreakers to Crack Apple Store without Jailbreaking i-Devices

Tags:json json scripts JSON Web Token JSON web tokens

About The Author

admin

Leave a Reply

Cancel reply

You must be logged in to post a comment.

Recent Posts

  • Windows Blue Screen Driver Power State Failure Problem Solution
  • How To Make Your Iphone Touch Screen Work Seamlessly
  • Fix The SSL Connection Error For Your PC
  • How to Fix the WHEA_UNCORRECTABLE_ERROR Windows PC Error Code?
  • Utopia P2P Ecosystem: Maximum Internet Protection!

Recent Comments

  • harish Kumar on Top 10 Killer Techniques to improve Alexa Rank
  • Parameshi Vyas on Hostinger Review
  • ashok kumar on Hostinger Review
  • harsha reddy on Hostinger Review
  • Aditya Bhavsar on Hostinger Review

The Tech Point

How to tutorials
Copyright © 2021 The Tech Point
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh