The Tech Point

How to tutorials
Menu
  • How To
  • Technology
    • Mobiles
    • Internet
    • Security
    • rethinkDB
  • Blogging
  • Reviews
  • Social Media
  • Top 10
  • About
    • Contact Us
    • Privacy Policy
Home
Technology
Security
JSON WEB TOKENS : easy , secure, robust rest api management.

JSON WEB TOKENS : easy , secure, robust rest api management.

admin April 14, 2015

I wanted to create a web service in node. here are some of the features of my web service.It needed to be

  • stateless,
  • secure such that only users with the correct credentials could access certain entities.

Well http and REST are by default stateless.

Do Read:- RethinkDB : Realtime Database Problem solved

The answer for secure is to use a token. There are a few token modules for node, and I settled on node-jwt-simple. This gives you a JWT (JSON Web Token), which is a:

…means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is digitally signed or MACed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE).

json-web-tokens

json web tokens

 

To implement this in Node; first, allow users to log in, check they’re ok, and return them a token (I’m using express) and then check token with each request you get into your rest api endpoint(means , client app needs to send token back to you with each request.):

var app = require('express').express();
var jwt = require('jwt-simple');
var tokenSecret = "secret string";
app.get('/token',function(req, res) {
	var username = req.params.username;
	var password = req.params.password;

	if(checkUser(username, password)) {
		var token = jwt.encode({username: username,role:"admin"}, tokenSecret);
		res.json({token : token});
	} else {
		res.json({result: "AuthError"});
	}
});

When you create the token, you have the opportunity to set some claims,means you can set userID and what user can access and all(authorization) as properties of an object.

Here I set the username and ar role = admin, but if there’s something you need to know about your user, you can put it here.

Recommended:- RethinkDB : server instance command options explained

From the browse I can call this endpoint, passing the username and password in on the header, to retrieve the token:

$.ajax({
	type: "GET",
	cache: false,
	dataType: "json",
	url: "/token",
        data: {username:username, password:password},
	success: function(token){
		setToken(token);
	}
});

Back in Node, I can then add some more endpoints to my API, and check the token on each request to ensure it’s valid.

app.get('/accessAdminPanel',function(req, res){
	var decoded = jwt.decode(req.headers.token, tokenSecret);
	if (checkUserCanAccessResource(decoded.username) && authorize(decoded.role)){
		...
	}
}

The token is read from the header, so you need to add it to each jQuery request:

$.ajax({
	type: "GET",
	cache: false,
	dataType: "json",
	url: "/accessAdminPanel", headers: { token:getToken(); }, success: function(data){ ... } });

This code is only an illustration. You need to think about expiry, error messages etc…

so that was it. if you interested in knowing more. we can have great talk on twitter of facebook. Ping Me 😉

Peace.

Stumble
Share
Tweet
Pinterest
Google+
Linkedin
Email
Prev Article
Next Article

Related Articles

View or Delete Google Maps
Google map online helps a navigator or a researcher to …

View or Delete Google Maps History- Tips and Facts for You

Benefits Of CFD Trading Through XTrade
 CFD trading is no longer the business of big institutions …

Benefits Of CFD Trading Through XTrade

Tags:json json scripts JSON Web Token JSON web tokens

About The Author

admin

Leave a Reply

Cancel reply

You must be logged in to post a comment.

Recent Posts

  • How Can I Make a Bootable USB Flash Drive for Windows 11?
  • Get Simplest Ways to Download YouTube Songs for Free
  • Track Hackers – Top Free Reverse Phone Lookup Services for You
  • Have Effective Guide to Install Home Security Cams for Better Surveillance
  • Learn Fast How to Block Javascript on Google Chrome –Tips and Suggestions

Recent Comments

  • harish Kumar on Top 10 Killer Techniques to improve Alexa Rank
  • Parameshi Vyas on Hostinger Review
  • ashok kumar on Hostinger Review
  • harsha reddy on Hostinger Review
  • Aditya Bhavsar on Hostinger Review

The Tech Point

How to tutorials
Copyright © 2023 The Tech Point
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh