Created
July 14, 2022 06:06
-
-
Save Joshscorp/0133b15accea6554566197c8f9599656 to your computer and use it in GitHub Desktop.
OnzAuth server.js Body
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const token = authHeader && authHeader.split(' ')[1]; | |
if (token == null) return res.sendStatus(401); | |
// Verify JWT Token Signature | |
let decodedToken = jwt.decode(token, { complete: true }); | |
let kid = decodedToken.header.kid; | |
let clientId = decodedToken.payload.client_id; | |
// Checks if client id is expected id | |
if (clientId !== VALID_CLIENT_ID) { | |
return res.sendStatus(401); | |
} | |
let client = jwksClient({ | |
jwksUri: 'https://auth.onzauth.com/.well-known/jwks.json', | |
requestHeaders: {}, // Optional | |
timeout: 30000 // Defaults to 30s | |
}); | |
const key = await client.getSigningKey(kid); | |
const signingKey = key.getPublicKey(); | |
jwt.verify(token, signingKey, (err, user) => { | |
if (err) return res.sendStatus(403); | |
console.log('Successfully verified token', user); | |
res.send({ | |
user: user | |
}); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment