Backend response handling - SDKs

Secuuth provides the below response payload after successful authentication. Your frontend is responsible to send this payload to backend.

{
  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi...",
  "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJi...",
  "refreshToken": "ad40e2af38f35937bc702cd8bd9c5c3d0af1aad460df..."
}

Typical backend flow is below

  1. Validate Access and Id tokens in the middleware

    • Redirect to login flow if tokens are invalid

    • Continue the flow if tokens are valid

  2. Decode Access token to extract user information and check if exists in database

    • Create user if does not exist

    • Continue the flow if user exists

  3. Set session token in the cookie, Secuuth's access token can be used as session token

Example

Node.js

Install SecQure Node Package

npm i secuuth-jwt-js-sdk

Python

pip install secuuthTokenPythonSdk

PHP

Install the SecQure latest package using composer

composer require secqure/validatetoken v1.0.2

Or integrate the SecQure PHP Library directly from github

const express = require("express");
const app = express();
var cors = require("cors");
var bodyParser = require("body-parser");
Var secuuthJWT = require("secuuth-jwt-js-sdk");

app.use(cors());
app.use(bodyParser.json());

app.post("/signin", async (req, res) => {
  // Validate access token
  const accessToken = req.body.accessToken;
  var validity = false;
  try {
    validity = await secuuthJWT.SecuuthValidateJWT(accessToken);
  } catch (e) {
    validity = false;
  }
  if (!validity) {
    res.status(401).end("Invalid access token");
    return;
  }

  // Decode access token
  let decoded = new secuuthJWT.SecuuthAccessToken(accessToken);
  // Add logic to Register user and set session tokenJ  
    res.status(200).json(decoded.payload).end();
});

app.listen(port, () =>
  console.log('Example app listening at http://localhost:3000')
);

PreviousReact NativeNextBubble

Last updated