Backend Authentication


To make sure your user is authenticated before calling an API endpoint, you can add an API gateway or middleware to validate the JWT token

Link to JWK to verify the token can be found at:
https://api.fouita.com/.well-known/jwks.json

Example using fastify

import fast from 'fastify'
import fjwt from 'fastify-jwt'
import buildGetJwks from 'get-jwks'

const fastify = fast()
const getJwks = buildGetJwks()

fastify.register(fjwt, {
   decode: { complete: true },
   secret: (req, token) => {
     const { header: { kid, alg } } = token
     return getJwks.getPublicKey({ kid, domain: "https://api.fouita.com/", alg })
   }
})

// This will be applied to all requests
fastify.addHook('onRequest', async (req, reply) => {
   try {
     // verify JWT
     await req.jwtVerify()
   } catch (err) {
     reply.send(err)
   }
})

// Or you can use fastify decorator

More details about fastify-jwt