Backend - Verify Token
Verifying the JWT on your backend
You'll need to identify and verify the current user when your backend receives any request.
To do this, you have to verify the authorization header (containing the 0xPass JWT) against your public key.
1. Enable Connect And Sign In
a) Login to dashboard and go to Auth
Section
b) Enable Connect And Sign In
2. Get API and Public keys from Dashboard
You can find your api and public key on the home page of your project in dashboard
3. Import keys in your project
You will usually end up storing your keys in ENV Variables
const apiKey = process.env.API_KEY
4. Extract and Verify Token
You will now need to confirm that an authenticated user is making the request.
Here are some code examples on how you can do that.
Token extraction from request authorization header:
const accessToken = await(req.headers.authorization).replace("Bearer ", "")
Token Verification
a) Using jsonwebtoken
const pubKey = process.env.PUBLIC_KEY.replace(/\\n/g, "\n");
const decoded = jwt.verify(accessToken, pubKey, {
issuer: "0xpass.io",
audience: apiKey,
algorithm: "ES256"
})
b) Using jose
const pubKey = await jose.importSPKI(process.env.PUBLIC_KEY, "ES256")
await jose.jwtVerify(accessToken, pubKey, {
issuer: "0xpass.io",
audience: apiKey,
})
When valid, you can extract the JWTs claims. Otherwise, an error will be thrown.