Backend response handling - SDKs

Secuuth provides the below response payload after successful authentication. Your frontend is responsible to send this payload to backend.

  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi...",
  "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJi...",
  "refreshToken": "ad40e2af38f35937bc702cd8bd9c5c3d0af1aad460df..."

Typical backend flow is below

  1. Validate Access and Id tokens in the middleware

    • Redirect to login flow if tokens are invalid

    • Continue the flow if tokens are valid

  2. Decode Access token to extract user information and check if exists in database

    • Create user if does not exist

    • Continue the flow if user exists

  3. Set session token in the cookie, Secuuth's access token can be used as session token



Install SecQure Node Package

npm i secuuth-jwt-js-sdk


pip install secuuthTokenPythonSdk


Install the SecQure latest package using composer

composer require secqure/validatetoken v1.0.2

Or integrate the SecQure PHP Library directly from github

const express = require("express");
const app = express();
var cors = require("cors");
var bodyParser = require("body-parser");
Var secuuthJWT = require("secuuth-jwt-js-sdk");

app.use(bodyParser.json());"/signin", async (req, res) => {
  // Validate access token
  const accessToken = req.body.accessToken;
  var validity = false;
  try {
    validity = await secuuthJWT.SecuuthValidateJWT(accessToken);
  } catch (e) {
    validity = false;
  if (!validity) {
    res.status(401).end("Invalid access token");

  // Decode access token
  let decoded = new secuuthJWT.SecuuthAccessToken(accessToken);
  // Add logic to Register user and set session tokenJ  

app.listen(port, () =>
  console.log('Example app listening at http://localhost:3000')

Last updated