Posts tagged Seneca

How to use JWT with Seneca, Passport and Express on NodeJS

Ever wondered how to get JWT access working on Seneca running through Express? I certainly was! Here’s a quick tutorial showing you the code I put together after reading lots of other blogs and scratching my head.

Start off by creating a workspace, open a command prompt and create a directory called seneca-jwt-tutorial then move inside it:


Next we need to initialise npm, feel free to press <ENTER> for all the questions that pop up:


Then we’ll need to install all the packages we’re going to use, these are:

  • body-parser
  • express
  • express-session
  • jsonwebtoken
  • passport
  • passport-jwt
  • seneca
  • seneca-web
  • seneca-web-adapter-express

Use the following command to install them all together:


Right, now it’s time to start adding some code, create repo.js which we’ll use to store our user information:


Then copy this code into repo.js, it’s an array and a couple of methods to query the values in the array; in a production environment you’d probably want to replace this with something a little more permanent and a bit more secure:


Next we create routes.js which we’ll use to map out our routes and pin them to Seneca action patterns:


Then copy this code into routes.js, as you can see we are creating three routes, one insecure telling you to login (home), one to handle the login process (login) and another which is secure (profile):


Our next task is to create plugin.js where we’ll put the Seneca action patterns for each of our routes:


Next copy this code into plugin.js, a quick look will see that the patterns correspond to the names of the routes, one for home, one for login and the last one for profile. Notice that the login pattern makes use of the repo to find a user by username:


Finally we create index.js which is where we’ll wire everything up:


Next copy this code into index.js:

  • Lines 1-16: Require all the packages we’re going to use.
  • Lines 18-20: Create our JWT options object that tells Passport where to look for the token and our chosen secret which you should definitely change when working with production code.
  • Lines 22-37: Create the JwtStrategy and action to check the payload from the token against our repo.
  • Lines 39-45: User serialization and deserialization methods for Passport.
  • Lines 47-52: Create the Express service to handle HTTP requests.
  • Lines 54-71: Create our Seneca configuration and service and tell the server which port it should be listening to.


Assuming that’s all done and it’s now time to start it up, use the following command:


If all went ahead without a hitch you should see this output:


Now it’s time to get testing, fire up Postman or an equivalent API querying tool and start by sending a GET request to http://localhost:4000 (See the screenshot below for request settings)


Then POST the username jack with a password of admin to http://localhost:4000/login (See the screenshot below for request settings)


You should then be rewarded with a JSON Web Token, which you can use in an Authorization header prepended with JWT:


Copy the contents of token and add it to an Authorization and send a GET request to http://localhost:4000/profile (See the screenshot below for request settings)


If you get back a similar response to the one shown above, you’re done. If you found any problems with this tutorial please let me know in the comments, similarly if you found this tutorial helpful please feel free to let me know too!