Tag Archives: Web Tokens

Google Cloud Endpoints, AngularJS and Json Web Tokens

via Google Cloud Endpoints, AngularJS and Json Web Tokens.

In my private project I decided to use Google Endpoints (with Google App Engine) on backend side and AngularJS on frontend. For authorization I’ve chosen JWT (Json Web Tokens). At the beginning I wanted to use [Google API Client library for JavaScript)[https://developers.google.com/api-client-library/javascript/) but I encountered two problems. At first, I can’t set own authorization header. I can set token but it is insert in Authorization header which create a little issue. I found angular project for GAPI, angular-google-gapi, using this here is an example of adding token:

Using JSON Web Tokens to Authenticate JavaScript Front-Ends on Rails

via Using JSON Web Tokens to Authenticate JavaScript Front-Ends on Rails | zacstewart.com.

While working on a project recently, I encountered a problem I haven’t had to tangle with in a while: authenticating front-end applications against a Rails API. The last time I was even dabbling in this realm, jQuery was everything, CORS was still in its infancy, and JSONP was still a thing (that’s not a thing anymore, right?). The only way I ever managed to scrape by in this hostile environment was to let Rails’ asset pipeline serve up the front-end app and rely on same-origin requests and regular ol’ cookies to handle authentication. I didn’t like it, but I survived. Eventually, I got away from front-end concerns almost completely.

Since those dark times, a few tools have cropped up and improved the landscape. As I mentioned before, I have recently been working on a project that I wanted to have a stand-alone front-end app for (inb4 single page apps don’t work). I wanted to avoid the messes I’ve encountered with JavaScript-heavy Rails apps and keep Rails as API-centered as possible. Once I had a functioning back-end, I knocked together a rudimentary front-end with React using Bower to manage dependencies and Jekyll to compile it all down to a static page.

At first, I got started by symlinking the front-end to public/ in my Rails app and setting protect_from_forgery with: :null_session. That was good enough for me to get my feet wet with React and get back into the swing of things with JavaScript (with which I hadn’t really done anything of consequence with since before ES5). However, this setup was clearly deficient for even a development deploy to Heroku. When I got to that point, I had to give thought to where I’d host the front-end and how I’d manage authentication.

There were a few other, related problems to solve, but I want to focus on how I did authentication for the rest of this post. I had a few characteristics that I wanted to satisfy:

Authenticate a Node.js API with JSON Web Tokens

via Authenticate a Node.js API with JSON Web Tokens | Scotch.

Authentication is one of the big parts of every application. Security is always something that is changing and evolving. In the past, we have gone over Node authentication using the great Passport npm package.

Those articles used the session based authentication however, which has problems when we talk about scaling web services and creating an API that can be consumed across many devices and services.

As a primer to this article, go ahead and get yourself familiar with token based authentication principles and the standard used for token based authentication, JSON Web Tokens.

Now that we’ve got all the important information about token based authentication out of the way, let’s build a very simple Node API and use tokens to authenticate users that request access.