This is a sample app that demonstrates how to protect endpoints in an Express application with JSON Web Tokens (JWT). It uses the open source express-jwt and express-jwt-authz packages from Auth0.
npm install
npm start
The app will be served at localhost:3001
and three endpoints will be available:
- GET
/api/public-route
- Wide open endpoint - GET
/api/private-route
- Private endpoint requiring a JWT - GET
/api/contacts
- Private endpoint with tight scope - JWT needs a scope of "read:contacts"
To get a JWT for testing, generate one at jwt.io with a key of 'secret'.
MIT