Use TypeScript to Create a Secure API with Node.js and Express

In this tutorial you’ll use TypeScript to create a Node.js API with Express.

You’ll learn how to…

  • Set up webpack’s Hot-Module Replacement (HMR)
  • Create data models and services
  • Create endpoints with error handling
  • Secure the API with authentication and authorization
  • Add Role-Based Access Control (RBAC)

Brought you by myself, @dan-auth0 :cowboy_hat_face:

Read on :nerd_face: https://auth0.com/blog/use-typescript-to-create-a-secure-api-with-nodejs-and-express-getting-started/

1 Like

Dan, I had done this exercise before with the rbac.middleware.ts file, I noticed we are now using a permissions.middleware.ts using jwtAuthz from Auth0. Can I still access the token coming from Auth0 using jwtAuthz?

is using jwtAuthz a best practice in this instance?

We are in production and I was just reviewing the code and ran into this.

Thank you

Adan

1 Like

Hey there @adan I’m sure Dan will cover that once he’s online!

Welcome to our Auth0 Community. Thank you for reading the tutorial :slight_smile: I’ll be researching this for you today :muscle:

Adan,

You can still access the access_token through the req.user object :slight_smile: My colleague @holly suggested that using the express-jwt-authz gave us a simpler implementation of the middleware function that checks for permissions.

It’s not so much as that using that package is a best practice but rather that it gives you the same outcome with less code :muscle:

If you prefer, you can still use the previous middleware function. Here’s the file code in case you need it to compare. This should be latest version. Does it match with what you have?