Backend response handling - SDKs
Secuuth provides the below response payload after successful authentication. Your frontend is responsible to send this payload to backend.
{
"accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi...",
"idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJi...",
"refreshToken": "ad40e2af38f35937bc702cd8bd9c5c3d0af1aad460df..."
}
Typical backend flow is below
- 1.Validate Access and Id tokens in the middleware
- Redirect to login flow if tokens are invalid
- Continue the flow if tokens are valid
- 2.Decode Access token to extract user information and check if exists in database
- Create user if does not exist
- Continue the flow if user exists
- 3.Set session token in the cookie, Secuuth's access token can be used as session token
Install SecQure Node Package
npm i secuuth-jwt-js-sdk
pip install secuuthTokenPythonSdk
Install the SecQure latest package using composer
composer require secqure/validatetoken v1.0.2
Node.js
Python
PHP
const express = require("express");
const app = express();
var cors = require("cors");
var bodyParser = require("body-parser");
Var secuuthJWT = require("secuuth-jwt-js-sdk");
app.use(cors());
app.use(bodyParser.json());
app.post("/signin", async (req, res) => {
// Validate access token
const accessToken = req.body.accessToken;
var validity = false;
try {
validity = await secuuthJWT.SecuuthValidateJWT(accessToken);
} catch (e) {
validity = false;
}
if (!validity) {
res.status(401).end("Invalid access token");
return;
}
// Decode access token
let decoded = new secuuthJWT.SecuuthAccessToken(accessToken);
// Add logic to Register user and set session tokenJ
res.status(200).json(decoded.payload).end();
});
app.listen(port, () =>
console.log('Example app listening at http://localhost:3000')
);
import json
from flask.app import Flask
from flask import request
from pySdk.idToken import idToken
from pySdk.accessToken import accessToken
from flask_cors import CORS
app = Flask(__name__)
CORS(app)
@app.route('/',methods=['POST'])
def App():
token = request.data
objs=json.loads(token)
x=objs['accessToken']
print(accessToken(x).getUserId());
print(accessToken(x).decodePayload())
return accessToken(x).decodePayload();
<?php
require_once("../vendor/autoload.php");
//retrieve the access_token from cookie or body
$token = 'eyJhbGciOiJSUzI1NiIsInR5c.......'
$myAuth = new ValidateToken();
$myToken = $myAuth->decodeToken($token);
// add your custom logic
//get the user's login Id
echo $myToken->userId;
?>
Last modified 1yr ago