The latest articles on DEV Community by Zayne Komchi (@zaynekomichi). https://dev.to/zaynekomichi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F724190%2F1c8d55f4-4252-4be9-b3fc-6c03e7f1e7e7.png https://dev.to/zaynekomichi en Zayne Komchi Sat, 28 Dec 2024 17:31:51 +0000 https://dev.to/zaynekomichi/add-jwt-authentication-in-deno-oak-server-using-kinde-authentication-1c95 https://dev.to/zaynekomichi/add-jwt-authentication-in-deno-oak-server-using-kinde-authentication-1c95 <h2> A Comprehensive Guide to Adding Kinde Authentication to an Oak Server in Deno </h2> <p>This guide explains how to integrate Kinde authentication into an Oak server using Deno. While Kinde doesn't have a dedicated Deno SDK, Deno's ability to use npm packages allows us to leverage the Kinde JWT Validator for this purpose.</p> <h2> Prerequisites </h2> <p>To follow this guide, ensure you have the following:</p> <ul> <li> <a href="https://deno.com/" rel="noopener noreferrer">Deno</a>: A modern runtime for JavaScript and TypeScript.</li> <li> <a href="https://jsr.io/@oak/oak" rel="noopener noreferrer">Oak</a>: A middleware framework for Deno's HTTP server.</li> <li> <a href="https://www.npmjs.com/package/@kinde/jwt-validator" rel="noopener noreferrer">Kinde JWT Validator</a>: A library to validate Kinde's JSON Web Tokens (JWTs).</li> <li>Your Kinde domain: For example, <code>your_domain.kinde.com</code>.</li> </ul> <h2> Steps to Add Authentication </h2> <h3> Step 1: Add Oak to Your Deno Project </h3> <p>Use the following command to add Oak to your project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>deno add jsr:@oak/oak </code></pre> </div> <h3> Step 2: Add Kinde JWT Validator </h3> <p>Install the Kinde JWT Validator npm package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>deno add npm:@kinde/jwt-validator </code></pre> </div> <h3> Step 3: Implement Authentication Middleware </h3> <p>Create an <code>index.ts</code> file in the root of your project and add the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Application</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@oak/oak/application</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Router</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@oak/oak/router</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">validateToken</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@kinde/jwt-validator</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Import the validator</span> <span class="c1">// Custom error class for handling authentication errors</span> <span class="kd">class</span> <span class="nc">AuthorizationError</span> <span class="kd">extends</span> <span class="nc">Error</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">AuthorizationError</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Application</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">rootRouter</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Router</span><span class="p">();</span> <span class="c1">// Define a basic route</span> <span class="nx">rootRouter</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Delve V1.0.0</span><span class="dl">"</span><span class="p">;</span> <span class="p">});</span> <span class="c1">// Middleware to authenticate Kinde JWTs</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Check for the Authorization header</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">)?.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">"</span><span class="s2">Bearer </span><span class="dl">"</span><span class="p">,</span> <span class="dl">""</span><span class="p">);</span> <span class="c1">// Validate the token using the Kinde JWT Validator</span> <span class="kd">const</span> <span class="nx">validateResult</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">validateToken</span><span class="p">({</span> <span class="na">token</span><span class="p">:</span> <span class="nx">token</span><span class="p">,</span> <span class="na">domain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">your_domain.kinde.com</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// Replace with your Kinde domain</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">validateResult</span><span class="p">.</span><span class="nx">valid</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Token is valid; proceed to the requested route</span> <span class="k">await</span> <span class="nf">next</span><span class="p">();</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">AuthorizationError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Unauthorized, token not valid!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">AuthorizationError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization token required!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Handle authentication errors</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="k">instanceof</span> <span class="nx">AuthorizationError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">=</span> <span class="mi">401</span><span class="p">;</span> <span class="c1">// Unauthorized</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span> <span class="o">=</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="p">};</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">=</span> <span class="mi">500</span><span class="p">;</span> <span class="c1">// Internal Server Error</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Unhandled error occurred:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Register routes and methods</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">rootRouter</span><span class="p">.</span><span class="nf">routes</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">rootRouter</span><span class="p">.</span><span class="nf">allowedMethods</span><span class="p">());</span> <span class="c1">// Start the server on port 3000</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Server is running on http://localhost:3000</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <h2> Explanation of the Code </h2> <h3> Custom AuthorizationError Class </h3> <p>This class standardizes error messages for authentication-related errors.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">class</span> <span class="nc">AuthorizationError</span> <span class="kd">extends</span> <span class="nc">Error</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">AuthorizationError</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Middleware for Authentication </h3> <p>The middleware validates the JWT token from the <code>Authorization</code> header:</p> <ol> <li> <strong>Header Validation</strong>: Checks if the <code>Authorization</code> header exists.</li> <li> <strong>Token Validation</strong>: Uses the <code>validateToken</code> function from the Kinde JWT Validator to confirm the token's validity.</li> <li> <strong>Error Handling</strong>: Throws a 401 Unauthorized error for invalid or missing tokens and logs unexpected errors with a 500 status.</li> </ol> <h2> Running the Server </h2> <p>Once the code is set up, start your server with the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>deno run <span class="nt">--allow-net</span> index.ts </code></pre> </div> <p>Visit <code>http://localhost:3000</code> in your browser or use a tool like <code>curl</code> to test the endpoint.</p> <h2> Conclusion </h2> <p>By following these steps, you’ve successfully added Kinde authentication to your Oak server in Deno. This approach ensures secure validation of client requests using JWTs, leveraging the flexibility of npm packages in the Deno ecosystem.</p>