Need help in jwt verification

Hi,
Can someone please provide a way to verify the JWT access_token in plain nodejs (without express framework). I believe we need to read the access_token from the request header and then verify the access_token using jwksUri. I got some one link Auth0 Node (Express) API SDK Quickstarts: Authorization but this was more related to express framework. Any help is appreciated.

For a plain nodejs JWT implementation check the [node-jsonwebtoken] (GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) repository.

To verify the tokens you can use [jwt.verify] (GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) as:

jwt.verify(token, 'shhhhh', function(err, decoded) {
  console.log(decoded.foo) // bar
});

Thanks Ricardo!!
I can see that by using this package, we can validate the access_token wrt issuer, audience etc. How do we check if that request is from the correct user with proper permissions?

Basically, our use case is as follows:

  1. We have two applications. We are planning to use Auth0 for user management and authentication. In first application, users will register themselves and create account.
  2. Once user gets registered in this application, then will login to another application. In this other application, user will login using the account they have created in first application.
  3. So from second application, we need to first authenticate the user with Auth0, which in turn will return the access_token.
  4. Using this token, we need to invoke a rest api in first application. So we will pass the access_token to this rest api.
  5. In this rest api, we need to validate the token whether it is correct or not. If it is from the correct user, we need to send the response.
  6. I understand that using jwt.verify, we can check if the token is valid or not, but how we will come to know, if this token has come from same user and whether he is authorized to access this API.

Thanks in advance!!

1 Like

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?