Add Authentication using byu-jwt

One thing that WSO2 does for us is send a JWT(JSON Web Token [pronounced ‘j-watt’]) to our API. It is an encrypted message that verifies the message is from a trusted source. Unfortunately, right now your API doesn’t know what to do with it. Luckily, BYU has some middleware that will allow you to set up you API to read the JWT sent in the header. It is called “byu-jwt”.

Run “npm install byu-jwt”

Then go to your index.js file and require it.

Insert the middleware between the middleware that logs the requests and the middleware that parses JSON objects.

That’s really all there is to it.

When you make the request to the Persons API, WSO2 makes a new JWT and sends it to the Persons API. But if we want, we can pass along the original JWT using the “byu-wso2-request”. The byu-jwt middleware adds some information to the req object, including the sender of the information and the original jwt.

Another cool thing you can do is set it to development mode.

As you can see, this allows you to skip JWT verification. This can be useful for testing, because it still passes along the information.

But what if you want to actually test your API form Postman, how do you send a JWT? There’s a trick to that.

Go to the WSO2 store and look up the Echo API.

It simply returns the headers that WSO2 sent, which includes the JWT. Subscribe to the API and then go to the API console. Use the try it out feature to send a GET request to the /echo/{+echo_string} path. It doesn’t really matter what you put as the path parameter; you can literally say whatever.

The important part is that in the return body you can find the JWT sent:

You can copy and paste it into a header into Postman like so:

Now your server is protected! Nice job! (If you run into any problems make sure you are signed into AWS CLI and you have an active token. For any other issues you may have, ask someone for help.)