How ShieldJS Works?
The library contains two security parts:
- JWT Middleware - By using ShieldJS, your server routes will be totally secured by JWT (JSON Web Token). This middleware will look for a bearer token in the request header, and if not found will look for it in the cookie.
- Auth Routes - shieldJS will create the standard auth2 authentication routes for you.
What do I have to do?
- Choose your auth2 provider. For now, we only support auth0 provider (https://www.auth0.com), and register.
- Install ShieldJS.
- Use ShieldJS as middleware.
- Initialize ShieldJS with your provider's application data.
- Be Secured :)
How to implement?
Install ShieldJS from npm:
$ npm install --save shieldjsRequire ShieldJS, and use it as middleware for your app:
const express = require('express');
const shield = require("shieldjs");
const app = express();
// Will be used as JWT Middleware
app.use(shield.jwt(
{
excludeRoutes: ['/abc'],
domain: AUTH0.DOMAIN,
client_id: AUTH0.CLIENT_ID,
secret: AUTH0.CLIENT_SECRET
}
));
// Will create routes for authentication
app.use(shield.authRoutes({
authRoute: '/auth',
provider: 'auth0',
credentials:{
domain: AUTH0.DOMAIN,
client_id: AUTH0.CLIENT_ID,
secret: AUTH0.CLIENT_SECRET,
callback_url: AUTH0.CALLBACK_URL
}
}))If authRoute will not be provided, not authentication routes will be created!
Authentication routes will be created in this example:
- /auth/login
- /auth/logout
- /auth/callback
- /auth/logoutcallback