- This is a test app that shows how a JWT handshake can be done between two parties to pass data around in a trusted way. As an example, a
host webapp
will generate some data and share it with some of it's'approved' clients
. Only the approved clients will be able to see the data. It uses the open JWT standard (https://jwt.io/introduction) - JWT Token is a open standard and we use a npm library to work with it (https://github.com/auth0/node-jsonwebtoken#readme) for claims and supports tokens that carry a payload and expire. Its what OAUTH is built on by the way.
- We generate a keypair (private / public) - see below for how to do it
- Host tool (i.e. who needs to send the trusted token and message to verifies downstream systems) uses the logic in the
sign.js
page. It uses the Private key. - Downstream
approved clients
use the public key and logic isvalidate.js
to validate the token and grab the session data
private key
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
public key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
The comand will generate a key pair. .key (private key), .key.pub (public key). Put this in your project as you need it for the demo below.
- tested on node
v12.14.1
- run
npm install
- run
node sign
to get a JWT token - copy that token as seen in the console into
validate.js
's token variable - run
node validate
to view token payload. - keepining running
node validate
and eventually it will expire (this is the expiry feature of JWT)
Never use the private / public key here in your apps - it's only given for an example. Generate your own!!