Auth0 Home Blog Docs

Need help in jwt verification

jwt
verification

#1

Hi,
Can someone please provide a way to verify the JWT access_token in plain nodejs (without express framework). I believe we need to read the access_token from the request header and then verify the access_token using jwksUri. I got some one link https://auth0.com/docs/quickstart/backend/nodejs but this was more related to express framework. Any help is appreciated.


#2

For a plain nodejs JWT implementation check the [node-jsonwebtoken] (https://github.com/auth0/node-jsonwebtoken) repository.

To verify the tokens you can use [jwt.verify] (https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) as:

jwt.verify(token, 'shhhhh', function(err, decoded) {
  console.log(decoded.foo) // bar
});

#3

Thanks Ricardo!!
I can see that by using this package, we can validate the access_token wrt issuer, audience etc. How do we check if that request is from the correct user with proper permissions?

Basically, our use case is as follows:

  1. We have two applications. We are planning to use Auth0 for user management and authentication. In first application, users will register themselves and create account.
  2. Once user gets registered in this application, then will login to another application. In this other application, user will login using the account they have created in first application.
  3. So from second application, we need to first authenticate the user with Auth0, which in turn will return the access_token.
  4. Using this token, we need to invoke a rest api in first application. So we will pass the access_token to this rest api.
  5. In this rest api, we need to validate the token whether it is correct or not. If it is from the correct user, we need to send the response.
  6. I understand that using jwt.verify, we can check if the token is valid or not, but how we will come to know, if this token has come from same user and whether he is authorized to access this API.

Thanks in advance!!