Backend response handling - SDKs

Secuuth provides the below response payload after successful authentication. Your frontend is responsible to send this payload to backend.

{
  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi...",
  "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJi...",
  "refreshToken": "ad40e2af38f35937bc702cd8bd9c5c3d0af1aad460df..."
}

Typical backend flow is below

Validate Access and Id tokens in the middleware
- Redirect to login flow if tokens are invalid
- Continue the flow if tokens are valid
Decode Access token to extract user information and check if exists in database
- Create user if does not exist
- Continue the flow if user exists
Set session token in the cookie, Secuuth's access token can be used as session token

Example

Node.js

Install SecQure Node Package

npm i secuuth-jwt-js-sdk

Python

pip install secuuthTokenPythonSdk

PHP

Install the SecQure latest package using composer

composer require secqure/validatetoken v1.0.2

const express = require("express");
const app = express();
var cors = require("cors");
var bodyParser = require("body-parser");
Var secuuthJWT = require("secuuth-jwt-js-sdk");

app.use(cors());
app.use(bodyParser.json());

app.post("/signin", async (req, res) => {
  // Validate access token
  const accessToken = req.body.accessToken;
  var validity = false;
  try {
    validity = await secuuthJWT.SecuuthValidateJWT(accessToken);
  } catch (e) {
    validity = false;
  }
  if (!validity) {
    res.status(401).end("Invalid access token");
    return;
  }

  // Decode access token
  let decoded = new secuuthJWT.SecuuthAccessToken(accessToken);
  // Add logic to Register user and set session tokenJ  
    res.status(200).json(decoded.payload).end();
});

app.listen(port, () =>
  console.log('Example app listening at http://localhost:3000')
);

import json
from flask.app import Flask
from flask import request
from pySdk.idToken import idToken
from pySdk.accessToken import accessToken
from flask_cors import CORS
app = Flask(__name__)
CORS(app)

@app.route('/',methods=['POST'])
def App():
    
    token = request.data
    objs=json.loads(token)
    x=objs['accessToken']
    print(accessToken(x).getUserId());
    print(accessToken(x).decodePayload())
    return accessToken(x).decodePayload();

<?php 
    require_once("../vendor/autoload.php"); 
    //retrieve the access_token from cookie or body
    
    $token = 'eyJhbGciOiJSUzI1NiIsInR5c.......'
    $myAuth = new ValidateToken();
    $myToken = $myAuth->decodeToken($token);
    
    // add your custom logic 
    //get the user's login Id
    
    echo $myToken->userId; 
?>

PreviousReact Native NextBubble

Last updated 3 years ago

Was this helpful?

{ "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi...", "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJi...", "refreshToken": "ad40e2af38f35937bc702cd8bd9c5c3d0af1aad460df..." }