https://github.com/auth0/multitenant-jwt-auth

This sample shows how to implement an API that authenticates using JWTs. It supports mutiple tenants and JWT blacklisting.
https://github.com/auth0/multitenant-jwt-auth

Last synced: 7 months ago
JSON representation

This sample shows how to implement an API that authenticates using JWTs. It supports mutiple tenants and JWT blacklisting.

• Host: GitHub
• URL: https://github.com/auth0/multitenant-jwt-auth
• Owner: auth0
• License: mit
• Created: 2015-03-04T16:08:25.000Z (almost 11 years ago)
• Default Branch: master
• Last Pushed: 2015-03-04T16:10:41.000Z (almost 11 years ago)
• Last Synced: 2025-04-06T03:51:00.464Z (9 months ago)
• Language: JavaScript
• Size: 121 KB
• Stars: 55
• Watchers: 4
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Multitenant JWT Auth sample

This sample shows how to implement an API that:

* Uses JWTs for authentication

* Uses claims in those JWTs for authorization

* Supports multiple tenants

* Supports blacklisting JWTs

## Installation

Clone this repository. Then run:

```

npm i

```

## Running the sample

The sample has two components:

* A server that hosts the API

* A CLI that can be used to perform requests to the API.

### Running the server

```

node server.js

```

### Using the CLI

```

./cli --help

  Usage: cli [options]

  Options:

    -h, --help         output usage information

    -V, --version      output the version number

    --tenant   The tenant id. Either "tenant_1" or "tenant_2"

    --token     The JWT for the tenant. Either 1 or 2

```

Using each tenant token combo yields a different result:

* Token 1 for **tenant_1** will send a response the users. The JWT has the correct scopes and is not blacklisted.

  ```

  > ./cli --tenant tenant_1 --token 1

  Success [{"name":"Jane Doe"},{"name":"John Doe"}]

  ```

* Token 2 for **tenant_1** will send a response with an error because the token is revoked.

  ```

  > ./cli --tenant tenant_1 --token 2

  {"name":"UnauthorizedError","code":"revoked_token"}

  ```

  

* Token 1 for **tenant_2** will send a response with an error because the token does not have the required scope.

  ```

  >./cli --tenant tenant_2 --token 1

  {"name":"UnauthorizedError","code":"insufficient_scopes"}

  ```

  

* Token 2 for **tenant_2** will send a response with an error because the token is revoked. It does not have the required scope, but that check is done before.

  ```

  > ./cli --tenant tenant_2 --token 2

  {"name":"UnauthorizedError","code":"revoked_token"}

  ```

## Contributing

Just send a PR, you know the drill.

## Issues

If you find any issues or have suggestions please report them.

## Author

[Auth0](https://auth0.com/)

## License

MIT