JWT is fine for server to server auth but not so fine for browser to server auth as the JWT itself is publicly decodable. JWTs are not encrypted, merely encoded.
For tokens that are in user land you need to use JOSE instead of JWT Coincidentally I just finished writing up an article on this very issue https://codeburst.io/securing-tokens-with-help-from-jose-33d8c31835a1 Cheers Dave On Thursday, 24 August 2017 09:32:04 UTC+5:30, Danizavtz wrote: > > Hello, you could use jwt.io. > It requires a service to make a login, after that you can share a token > between your apps so that only logged users can make requests to your api. > Here is a working example, a microservice for login, for you use a shared > key between your apps: > https://github.com/danizavtz/tokenAuth > > On 23 August 2017 at 07:42, <[email protected] <javascript:>> wrote: > >> Hello, >> >> I have 3 local services in my server at: >> >> - localhost:3001 >> - localhost:3002 >> - localhost:3003 >> >> I do not want to expose them directly to the outside, so those ports are >> only open to local connections. >> >> I want to build a simple front-end with user authentication, so that when >> a user is logged in he can access to the 3 services from the outside. >> >> - http://www.mydomain.com/ >> - login >> - service 1 >> - service 2 >> - service 3 >> >> I was thinking on using a nodejs based proxy so that only logged users >> can get access to the services, but I am not sure if this is posible, and >> in case it is, which would be the best combination of modules to do so. >> >> Does someone know a simple approach to get this done? >> >> Thanks! >> >> -- >> Job board: http://jobs.nodejs.org/ >> New group rules: >> https://gist.github.com/othiym23/9886289#file-moderation-policy-md >> Old group rules: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> --- >> You received this message because you are subscribed to the Google Groups >> "nodejs" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/nodejs/e4efef67-6d5d-46d1-ad0f-293f698c7e76%40googlegroups.com >> >> <https://groups.google.com/d/msgid/nodejs/e4efef67-6d5d-46d1-ad0f-293f698c7e76%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > []'s > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/4b6498c4-17eb-43e9-8236-fe6fce0c8877%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
