Reputation: 2602
How to secure Nodejs / express API used in an another application running under different server
Actually I want to know that, what is the best way to secure my node js / express API from another application in which I'm calling the API from client side (Ajax call). I know that, I could use JWT token based authentication, but I need to pass the Username and password to Node server to get token generated, I don't want to do this as I've already logged-in in an another application.
Any help / suggestions would be appreciated! Thanks.
Upvotes: 1
Views: 69
Answers (1)
Reputation: 197
So, you need to work with some Oauth server and your application before process the request sent to him must validate de token on that server.
But how it works?
In short terms, must exist in your application a middleware who will do a request to oauth server, after you receive that response (if will not with authentication error), you continue the process. If to exist a problem with the token or login, the oauth has the responsibility to block the process and return HTTP status 401 (when the user and pass wrong) or 403 (when the user doesn't have the permission to the resource).
Here are a few examples to follow.
Upvotes: 2
Related Questions
- How to ensure that only my frontend can access my API, and not anyone else?
- NodeJS/Express JS route protection
- JWT authentication with two different services
- Node.js API with JWT authentication
- Securing a POST Request in NodeJS from Backend Application
- How to authenticate users for a external webapp with node.js?
- Secure api keys with jwt without authentication
- JSON Web Token (JWT) Security
- Node & Token Based Security
- How correctly work with JWT and node