Node.js Validator
improve this page | report issueOverview
IBM Mobile Foundation provides a Node.js framework to enforce security capabilities on external resources.
The Node.js framework is provided as an npm module (passport-mfp-token-validation).
This tutorial shows how to protect a simple Node.js resource, GetBalance
, by using a scope (accessRestricted
).
Prerequsites:
- Read the Using the MobileFirst Server to authenticate external resources tutorial.
- Understanding of the Mobile Foundation security framework.
The passport-mfp-token-validation module
The passport-mfp-token-validation module provides an authentication mechanism to verify access tokens that are issued by the MobileFirst Server.
To install the module, run:
npm install passport-mfp-token-validation@8.0.X
Usage
-
The sample uses the
express
andpassport-mfp-token-validation
modules:var express = require('express'); var passport = require('passport-mfp-token-validation').Passport; var mfpStrategy = require('passport-mfp-token-validation').Strategy;
-
Set up the
Strategy
as follows:passport.use(new mfpStrategy({ authServerUrl: 'http://localhost:9080/mfp/api', confClientID: 'testclient', confClientPass: 'testclient', analytics: { onpremise: { url: 'http://localhost:9080/analytics-service/rest/v3', username: 'admin', password: 'admin' } } }));
authServerUrl
: Replacelocalhost:9080
with your MobileFirst Server IP address and port number.confClientID
,confClientPass
: Replace the confidential client ID and password with the ones that you defined in the MobileFirst Operations Console.-
analytics
: The analytics item is optional, and required only if you wish to log analytics events to Mobile Foundation.
Replacelocalhost:9080
,username
, andpassword
with your Analytics Server IP address, port number, user name, and password. -
Authenticate requests by calling
passport.authenticate
:var app = express(); app.use(passport.initialize()); app.get('/getBalance', passport.authenticate('mobilefirst-strategy', { session: false, scope: 'accessRestricted' }), function(req, res) { res.send('17364.9'); }); var server = app.listen(3000, function() { var port = server.address().port console.log("Sample app listening at http://localhost:%s", port) });
- The
Strategy
to employ should bemobilefirst-strategy
. - Set
session
tofalse
. - Specify the
scope
name.
Sample application
Sample usage
- Navigate to the sample’s root folder and run the command:
npm install
followed by:npm start
. - Make sure to update the confidential client and secret values in the MobileFirst Operations Console.
- Deploy either of the security checks: UserLogin or PinCodeAttempts.
- Register the matching application.
- Map the
accessRestricted
scope to the security check. - Update the client application to make the
WLResourceRequest
to your servlet URL.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.