The code is written in ReactJS, NodeJS and Express for STACK Developer Conference 2018.
Make a GET call to the /verifytoken endpoint.
git clonethis library- Restore dependencies with
npm install - Run
npx nodemon - The server will be running on
http://localhost:9000/
- Use Postman (https://www.getpostman.com/) to make a GET request http://localhost:9000/verifytoken
You should get the error: No authorisation header found.
-
The server is expecting an authorisation header with a JWT. Get the jwt from
bit.ly/jwt-ex-1 -
Copy the JWT and add a Authorisation header: Bearer {JWT} to your request
You should get the error: Oops, you are NOT authorised to view this page because: invalid signature
-
Seems like the secret is wrong. Paste the correct secret into jwt.io to regenerate a new JWT
-
Use the correct JWT to make the request again
You should get the error: Oops, you are NOT authorised to view this page because: jwt expired
-
Seems like the jwt has expired. Adjust the
expfield in jwt.io and try again. -
You should get
Congrats, you are authorised to view this page.
This repo contains a Ticket Purchasing Interface (localhost:3000) and a Ticketing Machine (authorisation server at localhost:9000) which creates a JWT token (embeded in a ticket).
To enter the Amusement Park, the user needs to pass the correct JWT generated by the Ticketing Machine (on your local machine) to the Amusement Park Gantry (hosted online) in order to be allowed access through the gantry.
In this exercise, you will generate and sign your own jwt locally using this library (https://github.com/auth0/node-jsonwebtoken) and use it to make a request to the Amusement Park Gantry server at stack-conf-jwt.herokuapp.com/api/park/entries.
git clonethis library
- Restore dependencies with
npm install - Run
npx nodemonto start the ticketing machine server - The ticketing machine will be running on
http://localhost:9000/
- Open a new terminal and
cd client - Restore dependencies with
npm install - Then run
npm startto run the client interface - Access the client interface on
http://localhost:3000/
~/clientcontains the Ticket Purchasing Interface app and frontend assets~/servercontains the Ticketing Machine express server and its apis
Help fix the broken ticketing machine for an amusement park.
-
Update the code in
routes/create.jswith JWT configuration options to be:- algorithm - HS384
- expiresIn - 1 hour
To find out how to add the options required, reference the readme of our JWT library used.
This ensures that we are using HS384 algorithm to sign the JWT and that the JWT should expire in 1 hour.
-
Start ticketing server (http://localhost:9000) and visit http://localhost:3000 to view create ticket page
-
Click Create Ticket’ to generate a ticket. You should be able to see your ticket generated.
-
Test out your generated ticket against the amusement park gantry system (source at https://github.com/yuhong90/stack-jwt-demo-server). By clicking 'Insert Ticket into Gantry', We make an API request to
stack-conf-jwt.herokuapp.com/api/park/entries. -
We should get an error which says that certain claims are missing.
-
Fix it by configuring the correct claims in the code payload:
- Issuer - 'stackconf-auth-service'
- Audience - 'stackconf-api-service'
- Subject - 'yourname'
- Type: 'vip-ticket'
Hint 1: Check out the registered claims section of the open standards of JWT on how to define a registered claim in your payload. Alternatively, you may also use the helpful signing options provided by the JWT library used in this exercise.
Hint 2: One of the claims is a private claim and require manual adding to token payload.
-
Click ‘Insert Ticket into Gantry’ to send your JWT token and gain entry to the amusement park.
- How do I use a private/public key pair instead of using HMAC? What would have to change?
- What happens if the expiration time is longer/shorter?
- What happens if i want to revoke the access?