A mock backend to test authentication and authorization with JSON Web Tokens (JWT). By default, this backend exposes an /auth route, which lets you perform a login with a user identifier and password and returns a JWT, and a /protected route, which requires a valid JWT in the request header. Additional routes can be configured (see below), to authorize routes depending on roles in the JWT. By default, an /admin route is exposed, which requires the admin role.

• Install
• Configuration
  • Server and Routes
  • Users
• Run
• Query

Requires node and npm. Install with npm install.

Edit config/default.json to configure the backend and routes being exposed:

{ "port": 8085, //Port to serve on "cors-origin": "http://localhost:8080", //Origin of CORS requests to allow. Set to "*" to allow all origins. "secret": "supda-dupa-secret", //Secret used to sign the JWT "debugOutput": true, //Whether to print debug output to the console //Modify those to mimick the backend API you are mocking "authenticationRoute": "/auth", "authorizationRoute": "/protected", //Define all roles known to the backend "roles": ["admin"] //Additional routes that need a specific role for authorization "routes": [ { "path": "/admin", "role": "admin" } ] }

Edit the accounts.json to set up a few users. Default is:

[ { "identifier": "a@b.com", "password": "test", "roles": ["admin"] }, { "identifier": "c@d.com", "password": "test", "roles": [] } ]

Run the server with node index.js.

The following routes are available by default (paths can be changed in the config, see above):

Additional GET authorization routes are available, if set through the routes array in the config. Those are meant to authorize only if the token contains a certain role (see section about configuration above). By default, the /admin route is exposed:

The test directory of this repo contains an export of an Insomnia workspace. You can import it into Insomnia in order to get ready-to-send queries for the default routes set up!