Authenticate endpoints using a JSON web token (passport-jwt)
This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions
Add passport-jwt package in your node project
npm i passport-jwt
Require the package in your project app.js file
const passport = require(‘passport’);
const {ExtractJwt} = require(‘passport-jwt’)
Configure the options for JWT authentication
const jwtOption = {}
/******configuration which reads the JWT from the HTTP Authorization header with the scheme ‘bearer’****/
jwtOption.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken()
/******“secretOrKey” is a string or buffer containing the secret (symmetric) or PEM-encoded public key (asymmetric) for verifying the token’s signature******/
jwtOption.secretOrKey = “TOKEN_SECRET”
Now, Construct the JWT authentication strategy as below
const jwtStrategyConfig = new JwtStrategy(jwtOption, (jwtPayLoad, done)=> {
/**
* jwtPayLoad is an object literal containing the decoded JWT payload.
* done is a passport error first callback accepting arguments done(error, user, info)
**/
collectionName.findOne({phone_number: jwtPayLoad.id},(errorInFindingPhoneNumber, foundPhoneNumber) => {
if (errorInFindingPhoneNumber) return done(errorInFindingPhoneNumber, false);
if (foundPhoneNumber) done(null, foundPhoneNumber);
else done(null, false);
});
});
And finally, add strategy to passport in the “app.js”
passport.use(jwtStrategyConfig)
Now create a new file in the service folder “jwtauthenticationservice.js”
jwtauthenticationservice.js
/** Requires */
const passport = require(‘passport’);
/*** Middleware to authenticate the API request using JWT token**/
module.exports = {
initialize: function () {return passport.initialize();},
authenticate: function (req, res, next) {return passport.authenticate(“jwt”, {session: false}, (errorInAuthenticatingJWTToken, foundAuthenticatedUser, authenticatedInformation) => {
if (errorInAuthenticatingJWTToken) {return next(errorInAuthenticatingJWTToken);}
if (!foundAuthenticatedUser) {return res.json(“UNAUTHORIZED_USER”);}
// Forward user information to the next middleware
req.user = foundAuthenticatedUser;
next();
})(req, res, next);
}};
After setting up the above code
Require the “jwtauthenticationservice.js” in the routes file
Example:-
In the “index.js” router file
const express = require(‘express’);
const router = express.Router();
const jwtAPIAuthentication = require(‘../services/jwtauthenticationservice.js’)
router.post(‘/getuserdetails’, jwtAPIAuthentication.authenticate, (req, res) => {res.json(“SUCCESS”);});