Authorization question

mindaugasnakr · June 8, 2022, 8:13am

I have a regular web application created in Auth0. It is integrated with my Next.js web app that allows me register/login/logout. After logging in I receive all the tokens. My Next.js app wants to make secure API calls to my Node.js server.

My question is if I pass the ACCESS_TOKEN Next.js receives after logging in how do I check if the token is valid in Node.js backend I have?

I saw an example with JSON web token public keys provided by regular web app to authorise the JWT (access token?). Not sure if that’s what I need in this case though as it is still not working for me. Usage:

const jwtCheck = jwt({
  secret: jwks.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: "https://dev-XXXXX-x.us.auth0.com/.well-known/jwks.json",
  }),
  audience: "https://www.XXXX.com",
  issuer: "https://dev-XXXX.us.auth0.com/",
  algorithms: ["RS256"],
});

let app = express();
app.use(jwtCheck);

Any help or guidance is deeply appreciated, thanks!

kahina · June 8, 2022, 10:38am

Hi,
Here is a good blog to check, I used it for our GraphQl API with Node.JS Build and Secure a GraphQL Server with Node.js
You will use jwt packages to decode and check your access token.
Let me know if you have any issues there

Good Luck!