Node.js Validator
improve this page | report issueOverview
IBM Mobile Foundation provides a Node.js framework to enforce security capabilities on external resources.
The Node.js framework is provided as an npm module (passport-mfp-token-validation).
This tutorial shows how to protect a simple Node.js resource, GetBalance, by using a scope (accessRestricted).
Prerequsites:
- Read the Using the MobileFirst Server to authenticate external resources tutorial.
- Understanding of the Mobile Foundation security framework.
The passport-mfp-token-validation module
The passport-mfp-token-validation module provides an authentication mechanism to verify access tokens that are issued by the MobileFirst Server.
To install the module, run:
npm install passport-mfp-token-validation@8.0.X
Usage
-
The sample uses the
expressandpassport-mfp-token-validationmodules:var express = require('express'); var passport = require('passport-mfp-token-validation').Passport; var mfpStrategy = require('passport-mfp-token-validation').Strategy; -
Set up the
Strategyas follows:passport.use(new mfpStrategy({ authServerUrl: 'http://localhost:9080/mfp/api', confClientID: 'testclient', confClientPass: 'testclient', analytics: { onpremise: { url: 'http://localhost:9080/analytics-service/rest/v3', username: 'admin', password: 'admin' } } })); authServerUrl: Replacelocalhost:9080with your MobileFirst Server IP address and port number.confClientID,confClientPass: Replace the confidential client ID and password with the ones that you defined in the MobileFirst Operations Console.-
analytics: The analytics item is optional, and required only if you wish to log analytics events to Mobile Foundation.
Replacelocalhost:9080,username, andpasswordwith your Analytics Server IP address, port number, user name, and password. -
Authenticate requests by calling
passport.authenticate:var app = express(); app.use(passport.initialize()); app.get('/getBalance', passport.authenticate('mobilefirst-strategy', { session: false, scope: 'accessRestricted' }), function(req, res) { res.send('17364.9'); }); var server = app.listen(3000, function() { var port = server.address().port console.log("Sample app listening at http://localhost:%s", port) }); - The
Strategyto employ should bemobilefirst-strategy. - Set
sessiontofalse. - Specify the
scopename.
Sample application
Sample usage
- Navigate to the sample’s root folder and run the command:
npm installfollowed by:npm start. - Make sure to update the confidential client and secret values in the MobileFirst Operations Console.
- Deploy either of the security checks: UserLogin or PinCodeAttempts.
- Register the matching application.
- Map the
accessRestrictedscope to the security check. - Update the client application to make the
WLResourceRequestto your servlet URL.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.