verify-token-authenticate

This is an example of authentication verification for your backend. The process starts with validation checks to ensure the user exists on your server. Next, verify the LoginID JWT access token received from the front-end. Finally, we start a user session on your server.

Once you have received the result LoginID token, you can send it to your backend, and verify it. For detailed technical instructions, refer to this section on verifying LoginID tokens.

NodeJS

import jwt from "jsonwebtoken";
import db from "./config/db.js";

const LOGINID_BASE_URL = process.env.LOGINID_BASE_URL;
const LOGINID_API_KEY = process.env.LOGINID_API_KEY;

app.post("/authenticate/passkey/verify", async (req, res) => {
  const { token } = req.body;

  try {
    // Decode the token unverified
    const decodedLoginIDToken = jwt.decode(token);
    const { iss, username } = decodedLoginIDToken;

    // Proceed with a system check to validate if login is allowed
    const user = db.data.users.find((user) => user.username === username);
    if (!user) {
      return res
        .status(404)
        .json({ code: "not_found", message: "User not found" });
    }

    // You can add extra checks

    // Verify the LoginID JWT
    await verifyLoginIDJWT(token, iss);

    // After verifying LoginID JWT, you can proceed with your own
    // user session creation logic here
    req.session.user = { id: user.id, username };
    res.json({ user: req.session.user });
  } catch (e) {
    return res.status(400).json({
      code: "authentication_error",
      message: e.message || "authentication error",
    });
  }
});