Backend - Verify Token

Verifying the JWT on your backend


You'll need to identify and verify the current user when your backend receives any request.

To do this, you have to verify the authorization header (containing the 0xPass JWT) against your public key.

1. Enable Connect And Sign In

a) Login to dashboard and go to Auth Section Auth Section

b) Enable Connect And Sign In Enable Connect & Sign In

2. Get API and Public keys from Dashboard

You can find your api and public key on the home page of your project in dashboard API and Public Key

3. Import keys in your project

You will usually end up storing your keys in ENV Variables

const apiKey = process.env.API_KEY

4. Extract and Verify Token

You will now need to confirm that an authenticated user is making the request.

Here are some code examples on how you can do that.

Token extraction from request authorization header:

const accessToken = await(req.headers.authorization).replace("Bearer ", "")

Token Verification

a) Using jsonwebtoken

const pubKey = process.env.PUBLIC_KEY.replace(/\\n/g, "\n");
const decoded = jwt.verify(accessToken, pubKey, {
  issuer: "0xpass.io",
  audience: apiKey,
  algorithm: "ES256"
})

b) Using jose

const pubKey = await jose.importSPKI(process.env.PUBLIC_KEY, "ES256")
await jose.jwtVerify(accessToken, pubKey, {
  issuer: "0xpass.io",
  audience: apiKey,
})

When valid, you can extract the JWTs claims. Otherwise, an error will be thrown.