Token endpoint in Node.js

This article presents a simple token endpoint example for creating JSON Web Tokens (JWT) implemented in Node.js. The tokens are used by CKEditor Cloud Services to authenticate users.

# Dependencies

Both examples use the jsonwebtoken library for creating tokens and express to create the HTTP endpoint.

npm install express jsonwebtoken

# Examples

When creating a token endpoint to integrate with Collaboration, the token payload should contain the environment ID and user data.

# Real-time collaboration features

const express = require( 'express' );
const jwt = require( 'jsonwebtoken' );

const accessKey = 'w1lnWEN63FPKxBNmxHN7WpfW2IoYVYca5moqIUKfWesL1Ykwv34iR5xwfWLy';
const environmentId = 'LJRQ1bju55p6a47RwadH';

const app = express();

app.use( ( req, res, next ) => {
    res.setHeader( 'Access-Control-Allow-Origin', '*' );
    res.setHeader( 'Access-Control-Allow-Methods', 'GET' );

    next();
} );

app.get( '/', ( req, res ) => {
    const payload = {
        aud: environmentId,
        sub: 'user-123',
        user: {
            email: 'joe.doe@example.com',
            name: 'Joe Doe'
        },
        auth: {
            'collaboration': {
                '*': {
                    'role': 'writer'
                }
            }
        }
    };

    const result = jwt.sign( payload, accessKey, { algorithm: 'HS256', expiresIn: '24h' } );

    res.send( result );
} );

app.listen( 8080, () => console.log( 'Listening on port 8080' ) );

accessKey and environmentId should be replaced with the keys provided by the CKEditor Ecosystem customer dashboard for SaaS or by the Management Panel for the On-Premises application. User data can be taken from the session or the database. You do not need to add iat because jwt.sign() will add it by itself.

You should then pass the token to the client, for example by sending a plain string or by rendering a page that will contain this token. If the user is unauthenticated, the token endpoint should return an error or redirect to the login page. Also, you should make sure that the token is sent via an encrypted channel.

# Easy Image, Export to PDF and Import and Export to Word

The token endpoint for Easy Image and the Export to Word/PDF features does not require adding user data. You can therefore skip the user and auth properties in the token payload.

# Export to PDF and Import and Export to Word On-Premises

Tokens for PDF Converter and DOCX Converter On-Premises do not require any additional claims, so you can create the token with an empty payload.

In this implementation, accessKey has been replaced by SECRET_KEY - a variable set during the Import and Export to Word/Export to PDF On-Premises instance installation.

const express = require( 'express' );
const jwt = require( 'jsonwebtoken' );

const SECRET_KEY = 'w1lnWEN63FPKxBNmxHN7WpfW2IoYVYca5moqIUKfWesL1Ykwv34iR5xwfWLy';

const app = express();

app.use( ( req, res, next ) => {
    res.setHeader( 'Access-Control-Allow-Origin', '*' );
    res.setHeader( 'Access-Control-Allow-Methods', 'GET' );

    next();
} );

app.get( '/', ( req, res ) => {
    const result = jwt.sign( {}, SECRET_KEY, { algorithm: 'HS256' } );

    res.send( result );
} );

app.listen( 8080, () => console.log( 'Listening on port 8080' ) );

If you create your own token endpoint, do not forget to authenticate the user before you send the token. You can use Passport for this.

# Usage

Start the server by running:

node server

Now you can get the token with a simple request:

http://localhost:8080/

# Example response

The result should be in a plain text format.

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJMSlJRMWJqdTU1cDZhNDdSd2FkSCIsImlhdCI6MTY0OTIyOTQyMiwic3ViIjoidXNlci0xMjMiLCJ1c2VyIjp7ImVtYWlsIjoiam9lLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2UgRG9lIn0sImF1dGgiOnsiY29sbGFib3JhdGlvbiI6eyIqIjp7InJvbGUiOiJ3cml0ZXIifX19fQ._V-HXKKHU1E-saZxk4JTvgXdh1I7793nCEK91ubSZHY

# Debugging

For debugging purposes, jwt.io can be used.