Configuring JWT Authentication Scheme

oeCloud.io example jwt-authenticatication-scheme explains how to configure application for jwt-authentication.

What you’ll build

oeCloud.io based application configured to use JWT as authentication scheme.

What you’ll need

  • You should have Node and NPM installed.

How to start with this guide

You can start from scratch and complete each step, or you can bypass basic setup steps that are already familiar to you.

To start from the scratch go to Getting Started

Configuring app to use JWT.

  • Open the file middleware.json from app\server
  • Add a property "../node_modules/oe-cloud/server/middleware/jwt-assertion": {"enabled" : true} in auth phase.
  {
  "initial:before": {
      "loopback#favicon": {}
  },
  "initial": {
      "compression": {},
      "cors": {
          "params": {
              "origin": true,
              "credentials": true,
              "maxAge": 86400
              }
          }
      },
      "session": {},
      "auth": {
          "../node_modules/oe-cloud/server/middleware/jwt-assertion": {"enabled" : true}
      },
      "parse": {},
      "routes:before": {
      },
      "routes:after": {
      },
      "files": {
      	"loopback#static": {
      		"params": "$!../client"
          }
      },
      "final": {
      },
      "final:after": {
      }
  }
  • Now start the server by command
$ node .

BaseUser vs AppUser

BaseUser is user model that stores all user information like username (login id), password, email etc. In application, usually this is overriden by application. In sample application, AppUser model is used to override BaseUser. Therefore, if you are using application as described in this guide, you should always use AppUser model. If you are directly using github project, you should use BaseUser model

working with the authentication scheme

  • open the browser link: http://localhost:3000/explorer/

  • Now post a new user to BaseUser model. for example

    {
    "username":"demouser@myCompany.com",
    "password":"Password++",
    "email":"demouser@myCompany.com",
    "id":10
    }
    
  • Now try to get the user by using the api BaseUsers\get\{id} You will notice that the explorer throws an error authentication required.

Note: We will use online JWT generator to generate JWT for our demo purpose.

  • Click on the link: Online JWT generator
  • Give the details of the user which you have created and additional details as mentioned below
        "issuer": "mycompany.com"
        "audience": "mycompany.net"
        "username":"demouser@myConpany.com"
        "email":"demouser@myCompany.com"
  • Give key as secret, select the algorithm HS256 and click Create signed jwt
  • Copy the generated jwt and send it as header for each request with key as x-jwt-assertion.

Note: you can you mod headers extension for chrome to send jwt for this demo.

  • Now if you try to get the user by using the api BaseUsers\get\{id} you will get the user details of that user.

Summary

Congratulations!! You have successfully configured and tested the JWT authentication scheme for your application.