Simple NodeJS Express project demonstrates basic API authorization flow with PlusAuth
Explore the PlusAuth Express API docs »
Table of Contents
This is a very simple NodeJS project demonstrating basic API authorization flows with PlusAuth. To keep things simple Express.js used as the server framework and jsonwebtoken used for authorization.
Before running the project, you must first follow these steps:
- Create a PlusAuth account and a tenant at https://dashboard.plusauth.com
- Navigate to
Clientstab and create a client of typeServer to Server.
-
Go to
Api'spage and create a new Api. -
Navigate to
Permissionstab and create permissions below for your Api.users:readusers:writeusers:updateusers:delete
-
Finally navigate to
Authroized Clientstab, authorize yourclientand grant the permissions.
Finally write down your api audience and tenant id for server configuration
First install dependencies
$ npm install
# or with yarn
$ yarn installAfter that all you need to do is configuring the application. Rename .env.example file as just.env.
Then configure the .env file using your api audience and PlusAuth tenant id.
Now you can start the server:
$ npm run start
// or with yarn
$ yarn startThe example is hosted at http://localhost:3000/
All endpoints are secured and requires access token in request header. You can make requests to following endpoints:
- GET http://localhost:3000/users
- POST http://localhost:3000/users
- PUT http://localhost:3000/users
- DELETE http://localhost:3000/users
Obtain an access token using command line or a REST Client with your PlusAuth Client and API properties.
# bash
curl --request POST \
--url 'https://<YOUR_TANENT_ID>.plusauth.com/oauth2/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials' \
--data 'client_id=<YOUR_CLIENT_ID>' \
--data 'client_secret=<YOUR_CLIENT_SECRET>' \
--data 'audience=<YOUR_AUDIENCE>' \
--data 'scope=users:read users:write users:update users:delete'
Create a GET request and pass the access token you obtained as Authorization header. You will get following response:
# bash
> curl -i http://localhost:3000/users \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6Inh4T3l2R0hWV3dCIsImtpZ..."
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Content-Length: 14
Connection: keep-alive
Keep-Alive: timeout=5
All Users ListThis project is licensed under the MIT license. See the LICENSE file for more info.
PlusAuth helps to individuals, team and organizations for implementing authorization and authentication system in a secure, flexible and easy way.