Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/VirgilSecurity/demo-twilio-backend-nodejs

A sample backend that demonstrates how to generate a Virgil JWT and Twilio token used for authentication with the Virgil and Twilio services
https://github.com/VirgilSecurity/demo-twilio-backend-nodejs

chat crypto cryptography demo encryption end-to-end-encryption jwt messenger sample-backend secure-the-future secured-by-virgil twilio twilio-chat

Last synced: 9 days ago
JSON representation

A sample backend that demonstrates how to generate a Virgil JWT and Twilio token used for authentication with the Virgil and Twilio services

Awesome Lists containing this project

README 

        
# Twilio Sample Backend for Node.js



This repository contains a sample backend code that demonstrates how to combine Virgil and Twilio JWT generation, which are used for authentication with the Virgil and Twilio services.



> Do not use this authentication in production. Requests to a /virgil-jwt and /twilio-jwt endpoints must be allowed for authenticated users. Use your application authorization strategy.



## Prerequisites



- [NodeJS](https://nodejs.org) from 10 to 13



## Set up and run demo



### Clone



Clone the repository from GitHub.



```

$ git clone https://github.com/VirgilSecurity/twilio-sample-backend-nodejs.git

```



### Get Virgil Credentials



If you don't have an account yet, [sign up for one](https://dashboard.virgilsecurity.com/signup) using your e-mail. 



#### You can download a ready-to-use .env file



1. Navigate to the Virgil Dashboard -> Your Application -> E3Kit Section.

2. Generate `.env` in the **.env file** section.

3. Download the generated file, paste it into the project root folder and rename it to `.env`.



#### Or you can add the parameters manually:



To generate a Virgil JWT the following values are required:



| Variable Name                     | Description                    |

|-----------------------------------|--------------------------------|

| APP_ID                   | ID of your Virgil Application. |

| APP_KEY                  | Private key of your App that is used to sign the JWTs. |

| APP_KEY_ID               | ID of your App Key. A unique string value that identifies your account in the Virgil Cloud. |



1. Copy and rename `.env.example` to `.env`.

2. Create Application in the Virgil Dashboard, copy its `APP_ID` to the `.env` file;

3. Create App Key and save its private key value to `APP_KEY` line in the `.env` file;

4. Copy ID of the created key to `APP_KEY_ID` line in the `.env` file;



### Get Twilio Credentials



To generate a Twilio JWT the following values are required:



| Variable Name                     | Description                    |

|-----------------------------------|--------------------------------|

| TWILIO_ACCOUNT_SID                | Your primary Twilio account identifier - [find this in the console here.](https://www.twilio.com/console)        |

| TWILIO_API_KEY_SID                    | SID of Twilio Api Key. Used for authentication on Twilio services. Generated with TWILIO_API_SECRET|

| TWILIO_API_SECRET                 | Twilio API key secret: [generate one here](https://www.twilio.com/console/chat/runtime/api-keys) |

| TWILIO_SERVICE_SID            | A service instance where all the data for our application is stored and scoped. [Generate one in the console here.](https://www.twilio.com/console/chat/dashboard) |



Add this parameters to your `.env` file.



### Install Dependencies and Run the Server



```

$ npm install

$ npm run start

```

Now, use your client code to make a request to get a JWT from the sample backend that is working on http://localhost:3000.



Along with the backend we provide a demonstration of a simple client chat interacting with Virgil API, which you can see if you navigate to http://localhost:3000 at your browser. The sample chat code is located in the the [`public`](https://github.com/VirgilSecurity/demo-twilio-backend-nodejs/tree/master/public) directory.



Demo screenshot



## Specification



### /authenticate endpoint

This endpoint is an example of users authentication. It takes user `identity` and responds with unique token.



```http

POST https://localhost:3000/authenticate HTTP/1.1

Content-type: application/json;



{

    "identity": "string"

}



Response:



{

    "authToken": "string"

}

```



### /virgil-jwt endpoint

This endpoint checks whether a request is authenticated by an authorization header. It takes user's `authToken`, finds related user identity and generates a `virgilToken` (which is [JSON Web Token](https://jwt.io/)) with this `identity` in a payload. Use this token to make authorized API calls to Virgil Cloud.



```http

GET https://localhost:3000/virgil-jwt HTTP/1.1

Content-type: application/json;

Authorization: Bearer 



Response:



{

    "virgilToken": "string"

}

```



### /twilio-jwt endpoint

Same as Virgil token endpoint Twilio endpoint should be protected and responds with `twilioToken`.



```http

GET https://localhost:3000/twilio-jwt HTTP/1.1

Content-type: application/json;

Authorization: Bearer 



Response:



{

    "twilioToken": "string"

}

```



## Virgil JWT Generation

To generate a Virgil JWT, you need to use the `JwtGenerator` class from the Virgil SDK.



```js

const virgilCrypto = new VirgilCrypto();



const generator = new JwtGenerator({

  appId: process.env.APP_ID,

  apiKeyId: process.env.API_KEY_ID,

  apiKey: virgilCrypto.importPrivateKey(process.env.API_PRIVATE_KEY),

  accessTokenSigner: new VirgilAccessTokenSigner(virgilCrypto)

});



```



Then you need to provide an HTTP endpoint which will return the JWT with the user's identity as a JSON.



For more details take a look at the [virgilToken.js](api/virgilToken.js) file.



## License



This library is released under the [3-clause BSD License](LICENSE.md).



## Support



Our developer support team is here to help you. Find out more information on our [Help Center](https://help.virgilsecurity.com/).



You can find us on [Twitter](https://twitter.com/VirgilSecurity) or send us email [email protected].



Also, get extra help from our support team on [Slack](https://virgilsecurity.com/join-community).