Supporting machine-to-machine security
Learn how to add support for machine-to-machine security to an API.
M2M security
Adding support for machine-to-machine security to our API takes just a few steps. We need to add a few modules to our project that contain the functionality to communicate with OAuth providers and evaluate JWTs. We also need to modify our own API service interface to look for and process JWTs when they appear. Finally, we need to import the OAuth authentication parameters we collected from the third-party provider.
Company-secure: For the example in this chapter, we’ve forked the existing
company
sample API service to one namedcompany-secure
. We’ll show excerpts from that example as we walk through the steps to secure a Node/Express API project.
Adding security modules to our Node.js project
First, let’s add the following security modules to our Node.js project. These provide support for JWTs and OAuth:
jsonwebtokens
: Node.js implementation of the JWT standard.jwks-rsa
: RSA signing keys for JWTs.express-jwt
: Express.js middleware for validating JWTs.express-jwt-authz
: Express.js middleware for supporting OAuth.
The following is the online npm command for installing all four modules and updating our package.json
file:
npm install -s jwks-rsa jsonwebtoken \
express-jwt express-jwt-authz
This sets the foundation for implementing OAuth for our API service. The next step is to add supporting code to our project.
Get hands-on with 1200+ tech skills courses.