Developer Documentation
Developer Documentation
API References
Source Code
What is Authcore
Release Notes
Getting Started
Getting Started
Migrate from Pre-1.0 Releases
Guides
Installation
Web App
Single Page App
React Native App
Configuration
Server-to-server Authentication
API
API Overview
OAuth 2.0 / OpenID Connect
SDK
Javascript
Web Widgets
React Native Widgets
Powered by GitBook

Server-to-server Authentication

Instead of obtaining access token using the OAuth 2.0 flow, you can call Authcore API using a signed JWT directly as a bearer token, . You can avoid having to make a network request before making an API call. To do so:

  1. Generate an EC private key, of size 256, and output it to a file named key.pem:

    $ openssl ecparam -name prime256v1 -genkey -noout -out key.pem

  2. Extract the public key from the key pair:

    $ openssl ec -in key.pem -pubout -out public.pem

  3. Update Authcore config file, set service_account_public_key to the public key and service_account_id to the ID of the user that act as a service account.

  4. Using any standard JWT library, such as one found at jwt.io, create a JWT with ES256 algorithm and payload like the following example:

    {
      "iss": "serviceaccount:<service_account_id>",
      "sub": "serviceaccount:<service_account_id>",
      "iat": 1511900000,
      "exp": 1511903600
    }

    Sign the JWT with prime256v1 using the above private key.

    For example (Javascript):

    var jwt = require('jsonwebtoken')
    var opts = {
      algorithm: "ES256",
      issuer: "serviceaccount:server",
      subject: "serviceaccount:server",
      expiresIn: 60
    }
    var token = jwt.sign({}, privateKeyPEM, opts)

  5. Call the API, using the signed JWT as the bearer token:

    GET /api/v2/users HTTP/1.1
    Host: testing.authcore.io
    Authorization: Bearer <SIGNED_JWT>
    Content-Type: application/json
Guides - Previous
Configuration
Next - API
API Overview
Last updated 2 months ago
Edit on GitHub