Node
When you receive an id_token
from Swoop, it is important to verify the token against your CLIENT_SECRET
to ensure that it is valid and hasn't been tampered with.
Here is how to validate JWT's in node.
Install the jsonwebtoken Library
npm install --save jsonwebtoken
Import The Library
const jwt = require('jsonwebtoken')
Verify The Token
app.post('/loginWithSwoop', (req, res) => {
// Normally CLIENT_SECRET should be stored in an environment variable
// and accessed via process.env.CLIENT_SECRET
let secret = 'CLIENT_SECRET';
let document;
try {
// Verify the JWT
document = jwt.verify(req.body.swoopToken, secret);
} catch(e) {
res.redirect('/error');
}
// Look up your user
let user = await User.findOne({email: document.email});
// "Login" your user
req.session.user = user;
// Redirect to their account
res.redirect('/account');
})
Updated about 3 years ago