The Tech Point

How to tutorials
Menu
  • How To
  • Technology
    • Mobiles
    • Internet
    • Security
    • rethinkDB
  • Blogging
  • Reviews
  • Social Media
  • Top 10
  • About
    • Contact Us
    • Privacy Policy
Home
Technology
Security
JSON WEB TOKENS : easy , secure, robust rest api management.

JSON WEB TOKENS : easy , secure, robust rest api management.

admin April 14, 2015

I wanted to create a web service in node. here are some of the features of my web service.It needed to be

  • stateless,
  • secure such that only users with the correct credentials could access certain entities.

Well http and REST are by default stateless.

Do Read:- RethinkDB : Realtime Database Problem solved

The answer for secure is to use a token. There are a few token modules for node, and I settled on node-jwt-simple. This gives you a JWT (JSON Web Token), which is a:

…means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is digitally signed or MACed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE).

json-web-tokens

json web tokens

 

To implement this in Node; first, allow users to log in, check they’re ok, and return them a token (I’m using express) and then check token with each request you get into your rest api endpoint(means , client app needs to send token back to you with each request.):

var app = require('express').express();
var jwt = require('jwt-simple');
var tokenSecret = "secret string";
app.get('/token',function(req, res) {
	var username = req.params.username;
	var password = req.params.password;

	if(checkUser(username, password)) {
		var token = jwt.encode({username: username,role:"admin"}, tokenSecret);
		res.json({token : token});
	} else {
		res.json({result: "AuthError"});
	}
});

When you create the token, you have the opportunity to set some claims,means you can set userID and what user can access and all(authorization) as properties of an object.

Here I set the username and ar role = admin, but if there’s something you need to know about your user, you can put it here.

Recommended:- RethinkDB : server instance command options explained

From the browse I can call this endpoint, passing the username and password in on the header, to retrieve the token:

$.ajax({
	type: "GET",
	cache: false,
	dataType: "json",
	url: "/token",
        data: {username:username, password:password},
	success: function(token){
		setToken(token);
	}
});

Back in Node, I can then add some more endpoints to my API, and check the token on each request to ensure it’s valid.

app.get('/accessAdminPanel',function(req, res){
	var decoded = jwt.decode(req.headers.token, tokenSecret);
	if (checkUserCanAccessResource(decoded.username) && authorize(decoded.role)){
		...
	}
}

The token is read from the header, so you need to add it to each jQuery request:

$.ajax({
	type: "GET",
	cache: false,
	dataType: "json",
	url: "/accessAdminPanel", headers: { token:getToken(); }, success: function(data){ ... } });

This code is only an illustration. You need to think about expiry, error messages etc…

so that was it. if you interested in knowing more. we can have great talk on twitter of facebook. Ping Me 😉

Peace.

Stumble
Share
Tweet
Pinterest
Google+
Linkedin
Email
Prev Article
Next Article

Related Articles

Microsoft Outlook application stores emails in PST file which is …

Outlook PST to PDF Converter to save Outlook data into PDF file format

Download Blackberry OS 10.3.1
The long wait has now been over as the new …

Download Blackberry OS 10.3.1 and see what’s new it has to offer

Tags:json json scripts JSON Web Token JSON web tokens

About The Author

admin

Leave a Reply

Cancel reply

You must be logged in to post a comment.

Recent Posts

  • Get imessage On Your MAC, Windows And Android Device
  • How To Stop Blue Screen PC Error Code CLOCK WATCHDOG TIMEOUT In Windows
  • Asus Smart Gesture Code Incapable Of Working Due To Malfunction In Pc Error Code
  • Error Code Problem 6 Issue Troubleshooting
  • How To Fix The Unexpected Store Exception Windows Stop Code Bsod Pc Error

Recent Comments

  • harish Kumar on Top 10 Killer Techniques to improve Alexa Rank
  • Parameshi Vyas on Hostinger Review
  • ashok kumar on Hostinger Review
  • harsha reddy on Hostinger Review
  • Aditya Bhavsar on Hostinger Review

The Tech Point

How to tutorials
Copyright © 2022 The Tech Point
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh