npm install express-jwt express-jwt-authz falcor-express falcor-router falcor-http-datasource --save
Add the following lines to your base code
// server.js
const checkScopes = jwtAuthz([ 'read:messages' ]);
app.use('/api/private-scoped/model.json', checkJwt, checkScopes, falcorExpress.dataSourceRoute(function(req, res) {
return new Router([
{
route: 'private_scoped.message',
get: function(pathSet) {
return { path:['private_scoped', 'message'], value: 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.' };
}
}
]);
}));
// api.js
app.get('/api/private-scoped', checkJwt, async function(req, res) {
const token = req.headers.authorization.split(' ')[1];
const model = new falcor.Model(
{
source: new HttpDataSource(
'http://localhost:3000/api/private-scoped/model.json',
{
headers: { 'Authorization': 'Bearer ' + token }
})
});
try {
const message = await model.getValue(['private_scoped', 'message']);
res.json({ message: message });
} catch(err) {
res.status(403).json(err[0].value);
}
});
Auth0 is the easiest way for developers to integrate enterprise-grade authentication and identity management to any app.
SOC 2, HIPAA/BAA, EU/US Privacy Shield Framework, Open ID Certified.
Learn MoreContinuously reviewed and tested by external security experts. Strong password encryption and hashing algorithms, at rest and in transit.
Learn MoreContinuously reviewed and tested by external security experts. Strong password encryption and hashing algorithms, at rest and in transit.
Learn MoreUptime time in 3 different regions.
Learn MoreDeploy On-Premises or on Cloud on your data center or Auth0’s one.
Learn More