SecQure
Search
K
Comment on page

Backend response handling - SDKs

Secuuth provides the below response payload after successful authentication. Your frontend is responsible to send this payload to backend.
{
"accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi...",
"idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJi...",
"refreshToken": "ad40e2af38f35937bc702cd8bd9c5c3d0af1aad460df..."
}
Typical backend flow is below
  1. 1.
    Validate Access and Id tokens in the middleware
    • Redirect to login flow if tokens are invalid
    • Continue the flow if tokens are valid
  2. 2.
    Decode Access token to extract user information and check if exists in database
    • Create user if does not exist
    • Continue the flow if user exists
  3. 3.
    Set session token in the cookie, Secuuth's access token can be used as session token

Example

Node.js

Install SecQure Node Package
npm i secuuth-jwt-js-sdk

Python

pip install secuuthTokenPythonSdk

PHP

Install the SecQure latest package using composer
composer require secqure/validatetoken v1.0.2
Or integrate the SecQure PHP Library directly from github
Node.js
Python
PHP
const express = require("express");
const app = express();
var cors = require("cors");
var bodyParser = require("body-parser");
Var secuuthJWT = require("secuuth-jwt-js-sdk");
app.use(cors());
app.use(bodyParser.json());
app.post("/signin", async (req, res) => {
// Validate access token
const accessToken = req.body.accessToken;
var validity = false;
try {
validity = await secuuthJWT.SecuuthValidateJWT(accessToken);
} catch (e) {
validity = false;
}
if (!validity) {
res.status(401).end("Invalid access token");
return;
}
// Decode access token
let decoded = new secuuthJWT.SecuuthAccessToken(accessToken);
// Add logic to Register user and set session tokenJ
res.status(200).json(decoded.payload).end();
});
app.listen(port, () =>
console.log('Example app listening at http://localhost:3000')
);
import json
from flask.app import Flask
from flask import request
from pySdk.idToken import idToken
from pySdk.accessToken import accessToken
from flask_cors import CORS
app = Flask(__name__)
CORS(app)
@app.route('/',methods=['POST'])
def App():
token = request.data
objs=json.loads(token)
x=objs['accessToken']
print(accessToken(x).getUserId());
print(accessToken(x).decodePayload())
return accessToken(x).decodePayload();
<?php
require_once("../vendor/autoload.php");
//retrieve the access_token from cookie or body
$token = 'eyJhbGciOiJSUzI1NiIsInR5c.......'
$myAuth = new ValidateToken();
$myToken = $myAuth->decodeToken($token);
// add your custom logic
//get the user's login Id
echo $myToken->userId;
?>